Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_BOSCHSECURITYSYSTEMS_CVE-2021-23850.NASLHistoryFeb 06, 2024 - 12:00 a.m.
Bosch Security Systems Multiple Products Stack-based Buffer Overflow (CVE-2021-23850)
2024-02-0600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
bosch security systems
stack-based buffer overflow
camera recovery image
telnet interface
remote code execution
tenable.ot
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.7%
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501950);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/06");
script_cve_id("CVE-2021-23850");
script_name(english:"Bosch Security Systems Multiple Products Stack-based Buffer Overflow (CVE-2021-23850)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A specially crafted TCP/IP packet may cause a camera recovery image
telnet interface to crash. It may also cause a buffer overflow which
could enable remote code execution. The recovery image can only be
booted with administrative rights or with physical access to the
camera and allows the upload of a new firmware in case of a damaged
firmware.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html");
script_set_attribute(attribute:"see_also", value:"https://psirt.bosch.com/security-advisories/bosch-sa-446276-bt.html");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-23850");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(120);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/30");
script_set_attribute(attribute:"patch_publication_date", value:"2022/03/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/06");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_7000_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_4000_hd_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_4000i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_5000_hd_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_5000_ir_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_5000i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_starlight_5000i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:autodome_ip_starlight_7000i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:flexidome_ip_micro_5000_mp_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:mic_ip_dynamic_7000_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:mic_ip_starlight_7000_firmware:cpp4");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:mic_ip_starlight_7000i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:mic_ip_starlight_7100i_firmware:cpp7.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:bosch:mic_ip_ultra_7100i_firmware:cpp7.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/BoschSecuritySystems");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/BoschSecuritySystems');
var asset = tenable_ot::assets::get(vendor:'BoschSecuritySystems');
var vuln_cpes = {
"cpe:/o:bosch:autodome_ip_4000i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_ip_5000i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_ip_starlight_5000i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_ip_starlight_7000i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "AUTODOME"},
"cpe:/o:bosch:mic_ip_starlight_7000i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "MIC"},
"cpe:/o:bosch:mic_ip_starlight_7100i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "MIC"},
"cpe:/o:bosch:mic_ip_ultra_7100i_firmware:cpp7.3" :
{"versionEndIncluding" : "cpp7.3", "versionStartIncluding" : "cpp7.3", "family" : "MIC"},
"cpe:/o:bosch:autodome_ip_4000_hd_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_ip_5000_hd_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_ip_5000_ir_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "AUTODOME"},
"cpe:/o:bosch:autodome_7000_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "AUTODOME"},
"cpe:/o:bosch:flexidome_ip_micro_5000_mp_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "MIC"},
"cpe:/o:bosch:mic_ip_dynamic_7000_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "MIC"},
"cpe:/o:bosch:mic_ip_starlight_7000_firmware:cpp4" :
{"versionEndIncluding" : "cpp4", "versionStartIncluding" : "cpp4", "family" : "MIC"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bosch | mic_ip_starlight_7000i_firmware | cpp7.3 | cpe:/o:bosch:mic_ip_starlight_7000i_firmware:cpp7.3 |
| bosch | mic_ip_dynamic_7000_firmware | cpp4 | cpe:/o:bosch:mic_ip_dynamic_7000_firmware:cpp4 |
| bosch | mic_ip_ultra_7100i_firmware | cpp7.3 | cpe:/o:bosch:mic_ip_ultra_7100i_firmware:cpp7.3 |
| bosch | flexidome_ip_micro_5000_mp_firmware | cpp4 | cpe:/o:bosch:flexidome_ip_micro_5000_mp_firmware:cpp4 |
| bosch | mic_ip_starlight_7100i_firmware | cpp7.3 | cpe:/o:bosch:mic_ip_starlight_7100i_firmware:cpp7.3 |
| bosch | autodome_ip_5000_hd_firmware | cpp4 | cpe:/o:bosch:autodome_ip_5000_hd_firmware:cpp4 |
| bosch | autodome_ip_4000_hd_firmware | cpp4 | cpe:/o:bosch:autodome_ip_4000_hd_firmware:cpp4 |
| bosch | autodome_7000_firmware | cpp4 | cpe:/o:bosch:autodome_7000_firmware:cpp4 |
| bosch | mic_ip_starlight_7000_firmware | cpp4 | cpe:/o:bosch:mic_ip_starlight_7000_firmware:cpp4 |
| bosch | autodome_ip_5000_ir_firmware | cpp4 | cpe:/o:bosch:autodome_ip_5000_ir_firmware:cpp4 |
Related
cvelist
cvelist
prion
prion
Buffer overflow
2022-03-30 16:15:00
cve
cve
CVE-2021-23850
2022-03-30 16:15:08
nvd
nvd
CVE-2021-23850
2022-03-30 16:15:08
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.7%
Related for TENABLE_OT_BOSCHSECURITYSYSTEMS_CVE-2021-23850.NASL