Lucene search

BoschCVELIST:CVE-2021-23849

HistoryAug 05, 2021 - 7:23 p.m.

CVE-2021-23849 Cross Site Request Forgery (CSRF) vulnerability in web based management interface

2021-08-0519:23:32

CWE-352

bosch

www.cve.org

cve-2021-23849

csrf

web interface

remote attacker

malicious link

camera

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.

CNA Affected

[
  {
    "platforms": [
      "CPP4, CPP6, AVIOTEC, CPP7, CPP7.3, CPP13, CPP14"
    ],
    "product": "CPP Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "all"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

37.8%

JSON

Related for CVELIST:CVE-2021-23849