CVE-2021-23845 - OpenCVE

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bosch	B429-cn B426 Firmware B426-cn Firmware B426-m Firmware B426 B429-cn Firmware B426-m B426-cn

Configuration 1 [-]

AND

cpe:2.3:o:bosch:b426_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bosch:b426-cn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426-cn:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bosch:b429-cn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b429-cn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bosch:b426-m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426-m:-:*:*:*:*:*:*:*

References

Link	Resource
https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: bosch

Published: 2021-05-28T00:00:00

Updated: 2021-06-18T13:38:31

Reserved: 2021-01-12T00:00:00

Link: CVE-2021-23845

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-18T14:15:07.907

Modified: 2021-06-24T17:12:42.287

Link: CVE-2021-23845

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "B426 Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.08", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "B426-CN/B429- CN Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.08", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "B426-M Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-18T13:38:31", "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}], "source": {"advisory": "BOSCH-SA-196933-BT", "discovery": "UNKNOWN"}, "title": "B426 Web Configuration Authentication Bypass", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@bosch.com", "DATE_PUBLIC": "2021-05-28", "ID": "CVE-2021-23845", "STATE": "PUBLIC", "TITLE": "B426 Web Configuration Authentication Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "B426 Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.08"}]}}, {"product_name": "B426-CN/B429- CN Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.08"}]}}, {"product_name": "B426-M Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.10"}]}}]}, "vendor_name": "Bosch"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", "refsource": "CONFIRM", "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}]}, "source": {"advisory": "BOSCH-SA-196933-BT", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "assignerShortName": "bosch", "cveId": "CVE-2021-23845", "datePublished": "2021-05-28T00:00:00", "dateReserved": "2021-01-12T00:00:00", "dateUpdated": "2021-06-18T13:38:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "98825A0E-FFC6-4C12-BC4E-B89A5065F238", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8846CF6-D7F7-4A65-BD96-F195D2EB1A22", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426-cn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F60EA88F-9803-43AD-9E56-13ADB6BAD40E", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426-cn:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1A7D835-5716-4392-94E2-5F0718BC6C73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b429-cn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3421D66-6B7E-4345-B0AD-F396B4D3B05C", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b429-cn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E1A2E2D-4305-495A-B73A-4B438899222B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426-m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8F31C2B-7EE5-41E9-AC29-A8E31C6D415B", "versionEndExcluding": "03.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "79D3F008-9125-43B1-8A2C-8C53F702A292", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}, {"lang": "es", "value": "Esta vulnerabilidad podr\u00eda permitir a un atacante secuestrar una sesi\u00f3n mientras un usuario est\u00e1 registrado en la p\u00e1gina web de configuraci\u00f3n. Esta vulnerabilidad fue detectada por un investigador de seguridad en B426 y encontrada durante las pruebas internas del producto en B426-CN/B429-CN, y B426-M y ya ha sido corregida a partir de la versi\u00f3n 3.08, que fue lanzada en junio de 2019"}], "id": "CVE-2021-23845", "lastModified": "2021-06-24T17:12:42.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2021-06-18T14:15:07.907", "references": [{"source": "psirt@bosch.com", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@bosch.com", "type": "Secondary"}]}