Lucene search

BoschCVELIST:CVE-2021-23854

HistoryJun 09, 2021 - 2:20 p.m.

CVE-2021-23854 Reflected XSS in page parameter

2021-06-0914:20:14

CWE-79

bosch

www.cve.org

cve-2021-23854

reflected xss

bosch ip cameras

web-based interface

version 7.7x

version 7.6x

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected.

CNA Affected

[
  {
    "platforms": [
      "CPP6, CPP7, CPP7.3"
    ],
    "product": "CPP Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "7.70"
      },
      {
        "status": "affected",
        "version": "7.72"
      },
      {
        "status": "affected",
        "version": "7.62"
      }
    ]
  },
  {
    "platforms": [
      "CPP13"
    ],
    "product": "CPP Firmware",
    "vendor": "Bosch",
    "versions": [
      {
        "status": "affected",
        "version": "7.75"
      },
      {
        "status": "affected",
        "version": "7.76"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Related for CVELIST:CVE-2021-23854