CVE-2021-23849

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-23849
A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html Vendor Advisory
https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bosch:cpp4_firmware:7.10:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:bosch:cpp6_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:bosch:aviotec_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:aviotec_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:h:bosch:aviotec:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:bosch:cpp7_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:bosch:cpp7.3_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.73:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:bosch:cpp14_firmware:8.00:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*
History

21 Nov 2024, 05:51

Type Values Removed Values Added
References () https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html - Vendor Advisory () https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html - Vendor Advisory
CVSS v2 : 6.8
v3 : 8.8 		v2 : 6.8
v3 : 7.5

12 Aug 2021, 16:20

Type Values Removed Values Added
CWE CWE-352
CVSS v2 : unknown
v3 : unknown 		v2 : 6.8
v3 : 8.8
CPE cpe:2.3:o:bosch:cpp7_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.60:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp14_firmware:8.00:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:aviotec:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp6_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:aviotec_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp4_firmware:7.10:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.80:*:*:*:*:*:*:*
cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*
cpe:2.3:o:bosch:aviotec_firmware:7.61:*:*:*:*:*:*:*
cpe:2.3:o:bosch:cpp7.3_firmware:7.73:*:*:*:*:*:*:*
References (CONFIRM) https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html - (CONFIRM) https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html - Vendor Advisory

05 Aug 2021, 20:39

Type Values Removed Values Added
New CVE
Information

Published : 2021-08-05 20:15

Updated : 2024-11-21 05:51

NVD link : CVE-2021-23849

Mitre link : CVE-2021-23849

CVE.ORG link : CVE-2021-23849

JSON object : View

Products Affected

bosch

  • cpp6
  • cpp4_firmware
  • cpp14_firmware
  • cpp6_firmware
  • cpp13_firmware
  • cpp7.3
  • cpp7_firmware
  • aviotec_firmware
  • cpp7
  • aviotec
  • cpp13
  • cpp7.3_firmware
  • cpp14
  • cpp4
CWE
CWE-352

Cross-Site Request Forgery (CSRF)