CVE-2021-23845

Published: Jun 18, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Affected (4)

Products: Bosch: B426 Firmware, B426 Cn Firmware, B429 Cn Firmware, B426 M Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch B426 Firmware	Before 03.08

Running on/with	Platform Versions
Bosch B426	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch B426 Cn Firmware	Before 03.08

Running on/with	Platform Versions
Bosch B426 Cn	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch B429 Cn Firmware	Before 03.08

Running on/with	Platform Versions
Bosch B429 Cn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Bosch B426 M Firmware	Before 03.10

Running on/with	Platform Versions
Bosch B426 M	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html

Source: psirt@bosch.com

Vendor Advisory

https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.