Lucene search

K
cvelistBoschCVELIST:CVE-2023-39509
HistoryDec 18, 2023 - 12:55 p.m.

CVE-2023-39509

2023-12-1812:55:14
bosch
www.cve.org
bosch
ip cameras
command injection
vulnerability
authenticated user
administrative rights
arbitrary commands
os

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP13"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.90"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP14"
    ],
    "versions": [
      {
        "version": "8.20",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.81"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

Related for CVELIST:CVE-2023-39509