Vulnerabilities > CVE-2020-6780 - Use of Password Hash With Insufficient Computational Effort vulnerability in Bosch Fsm-2500 Firmware and Fsm-5000 Firmware

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

bosch

CWE-916

NVD

Published: 2021-01-26

Updated: 2021-02-03

Summary

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch FSM 2500 Firmware - Bosch FSM 2500 Firmware 5.2 Bosch FSM 5000 Firmware - Bosch FSM 5000 Firmware 5.2	4
Hardware	Bosch Bosch FSM 2500 - Bosch FSM 5000 -	2

Common Weakness Enumeration (CWE)

CWE-916 - Use of Password Hash With Insufficient Computational Effort

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html