Lucene search

BoschCVELIST:CVE-2023-39509

HistoryDec 18, 2023 - 12:55 p.m.

CVE-2023-39509

2023-12-1812:55:14

bosch

www.cve.org

bosch

ip cameras

command injection

vulnerability

authenticated user

administrative rights

arbitrary commands

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera.

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP13"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.90"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP14"
    ],
    "versions": [
      {
        "version": "8.20",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.81"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/BOSCH-SA-638184-BT.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Related for CVELIST:CVE-2023-39509