CVE-2021-23845 - OpenCVE

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bosch	B426 B426-cn B426-cn Firmware B426-m B426-m Firmware B426 Firmware B429-cn B429-cn Firmware

Configuration 1 [-]

AND

cpe:2.3:o:bosch:b426_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bosch:b426-cn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426-cn:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bosch:b429-cn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b429-cn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bosch:b426-m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:b426-m:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: bosch

Published: 2021-06-18T13:38:31.304203Z

Updated: 2024-09-16T21:57:38.685Z

Reserved: 2021-01-12T00:00:00

Link: CVE-2021-23845

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-18T14:15:07.907

Modified: 2021-06-24T17:12:42.287

Link: CVE-2021-23845

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "B426 Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.08", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "B426-CN/B429- CN Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.08", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "B426-M Firmware", "vendor": "Bosch", "versions": [{"lessThan": "03.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-05-28T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-18T13:38:31", "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}], "source": {"advisory": "BOSCH-SA-196933-BT", "discovery": "UNKNOWN"}, "title": "B426 Web Configuration Authentication Bypass", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@bosch.com", "DATE_PUBLIC": "2021-05-28", "ID": "CVE-2021-23845", "STATE": "PUBLIC", "TITLE": "B426 Web Configuration Authentication Bypass"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "B426 Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.08"}]}}, {"product_name": "B426-CN/B429- CN Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.08"}]}}, {"product_name": "B426-M Firmware", "version": {"version_data": [{"version_affected": "<", "version_value": "03.10"}]}}]}, "vendor_name": "Bosch"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284 Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html", "refsource": "CONFIRM", "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}]}, "source": {"advisory": "BOSCH-SA-196933-BT", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:09.174Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}]}]}, "cveMetadata": {"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "assignerShortName": "bosch", "cveId": "CVE-2021-23845", "datePublished": "2021-06-18T13:38:31.304203Z", "dateReserved": "2021-01-12T00:00:00", "dateUpdated": "2024-09-16T21:57:38.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "98825A0E-FFC6-4C12-BC4E-B89A5065F238", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8846CF6-D7F7-4A65-BD96-F195D2EB1A22", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426-cn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F60EA88F-9803-43AD-9E56-13ADB6BAD40E", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426-cn:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1A7D835-5716-4392-94E2-5F0718BC6C73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b429-cn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3421D66-6B7E-4345-B0AD-F396B4D3B05C", "versionEndExcluding": "03.08", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b429-cn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E1A2E2D-4305-495A-B73A-4B438899222B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:b426-m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8F31C2B-7EE5-41E9-AC29-A8E31C6D415B", "versionEndExcluding": "03.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:b426-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "79D3F008-9125-43B1-8A2C-8C53F702A292", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019."}, {"lang": "es", "value": "Esta vulnerabilidad podr\u00eda permitir a un atacante secuestrar una sesi\u00f3n mientras un usuario est\u00e1 registrado en la p\u00e1gina web de configuraci\u00f3n. Esta vulnerabilidad fue detectada por un investigador de seguridad en B426 y encontrada durante las pruebas internas del producto en B426-CN/B429-CN, y B426-M y ya ha sido corregida a partir de la versi\u00f3n 3.08, que fue lanzada en junio de 2019"}], "id": "CVE-2021-23845", "lastModified": "2021-06-24T17:12:42.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2021-06-18T14:15:07.907", "references": [{"source": "psirt@bosch.com", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "psirt@bosch.com", "type": "Secondary"}]}