CVE-2023-32230: 
Bosch Video Recording Manager (VRM) vulnerability analysis and mitigation

An improper handling of a malformed API request to an API server in Bosch BT software products was identified as CVE-2023-32230. The vulnerability was discovered during Bosch internal tests and disclosed on December 13, 2023. It affects multiple Bosch software products including Bosch Monitorwall (versions <= 10.00.0164), Video Recording Manager (versions <= 04.10.0079), Video Streaming Gateway (versions <= 8.1.2.2 and 9.0.0 - 9.0.0.178), and Videojet decoders VJD-7513 and VJD-7523 (versions <= 10.40.0055) (Bosch Advisory).

The vulnerability is classified under CWE-703 (Improper Check or Handling of Exceptional Conditions). It received a CVSS v3.1 Base Score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The high severity rating is due to the vulnerability requiring no privileges or user interaction to exploit, while having a direct impact on system availability (Bosch Advisory).

When exploited, the vulnerability allows an unauthenticated attacker to cause a Denial of Service (DoS) situation, potentially disrupting the normal operation of affected Bosch BT software products. The impact is primarily on system availability, with no direct effect on confidentiality or integrity (Bosch Advisory).

Bosch recommends updating affected products to their fixed versions. For cases where immediate updates are not possible, users should implement firewall rules to prevent connections from insecure networks to the affected software and devices. After applying patches, a reboot or restart of the affected component is required, and users should verify the update by checking the component's version. Specific fixed versions include VJD-7513/7523 to 10.40.0061, Video Recording Manager to 04.20.0016, and Video Streaming Gateway to 8.1.4.1 or 9.1.0.12 (Bosch Advisory).