Vulnerabilities > CVE-2021-23845 - Unspecified vulnerability in Bosch products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

bosch

NVD

Published: 2021-06-18

Updated: 2021-06-24

Summary

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Vulnerable Configurations

Part	Description	Count
OS	Bosch Bosch B426 Firmware - Bosch B426 Firmware 03.01.0004 Bosch B426 Firmware 03.02.002 Bosch B426 Firmware 03.03.0009 Bosch B426 Firmware 03.05.0003 Bosch B426 CN Firmware - Bosch B429 CN Firmware - Bosch B426 M Firmware -	8
Hardware	Bosch Bosch B426 - Bosch B426 CN - Bosch B429 CN - Bosch B426 M -	4

References

https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html