Lucene search

BoschCVELIST:CVE-2022-41677

HistoryDec 18, 2023 - 1:02 p.m.

CVE-2022-41677

2023-12-1813:02:08

bosch

www.cve.org

bosch

ip camera

information disclosure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP14"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.80"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP13"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.48"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP7.3"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP7"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP6"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP4"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.10"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.5%

JSON

Related for CVELIST:CVE-2022-41677