CVE-2023-28175: 
Bosch Video Management System (BVMS) vulnerability analysis and mitigation

The vulnerability (CVE-2023-28175) affects the SSH server in Bosch Video Management System (VMS) versions 11.0, 11.1.0, and 11.1.1. This security flaw allows a remote authenticated user to access resources within the trusted internal network through port forwarding requests. The vulnerability was discovered and disclosed in May 2023, affecting multiple Bosch VMS products including BVMS, BVMS Viewer, and various DIVAR IP models (Bosch Advisory).

The vulnerability is classified as an Improper Authorization issue (CWE-863) and Exposure of Sensitive Information to an Unauthorized Actor (CWE-200). It received a CVSS v3.1 Base Score of 7.1 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N. The technical issue lies in the SSH server's failure to restrict port forwarding requests from authenticated SSH clients, potentially allowing access to resources beyond the scope of the Bosch Video Management System (Bosch Advisory, NVD).

The vulnerability enables authenticated users to access resources within the trusted internal network that are normally protected from the WAN interface. This access could extend beyond the scope of the Bosch Video Management System, potentially compromising the security of the internal network infrastructure (Bosch Advisory).

Bosch has released security patches for affected versions. For version 11.1.1, users should apply patch BVMS111165PatchSecurityOCmaxSSHbandwidth405734,393949,393486.zip. Version 11.0 users should install BVMS11001025PatchSecuritySSHOCcrash405734,393486,339917,336777.zip. Additionally, network administrators are advised to segment and segregate networks, harden BVMS SSH hosts by disabling unnecessary services, monitor network activity, and validate hardware integrity (Bosch Advisory).