mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
378 lines
11 KiB
JSON
378 lines
11 KiB
JSON
{
|
|
"id": "CVE-2021-23849",
|
|
"sourceIdentifier": "psirt@bosch.com",
|
|
"published": "2021-08-05T20:15:07.947",
|
|
"lastModified": "2021-08-12T16:20:08.337",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in the web-based interface allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (CSRF - Cross Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or opening a malicious website while being logged in into the camera."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad en la interfaz basada en web permite a un atacante remoto no autenticado desencadenar acciones en un sistema afectado en nombre de otro usuario (CSRF - Cross Site Request Forgery). Esto requiere que la v\u00edctima sea enga\u00f1ada para que haga clic en un enlace malicioso o abra un sitio web malicioso mientras est\u00e1 conectado a la c\u00e1mara"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "psirt@bosch.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.6,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "psirt@bosch.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp4_firmware:7.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4763E6AA-5C01-4BE4-9138-167FD46A1D51"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1F4FA4F9-6BDC-44C4-A151-16ECF7926A83"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.60:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C677189-A4A2-428A-8EA8-58B946F00510"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.61:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46A4537D-BBB0-44DD-9C84-A1A473F334D5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED954BF7-DD03-4B91-8F4F-CACE2E8BDDA0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.80:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2124DC0A-3FA5-466B-8A77-A0EB67309D21"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "27B65C05-69F5-4048-BCBE-DA0D53EF9AFE"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:aviotec_firmware:7.61:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "337D34D8-4576-4326-9F34-05F9CD85C0B9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:aviotec_firmware:7.72:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "12E564D5-BFAF-4DAC-94BB-730E0F30DB2A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:aviotec:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E7065FC6-BCFB-4B62-B14D-86081EA657E8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.60:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0D9693DA-B74A-47E6-A7AA-A037A263BC48"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.61:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C3175C41-22BE-4C7F-8EC7-6A8060ABEB66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7DA98BAE-2029-43EF-9B62-08183FB24BC1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "29E2AC5D-E6AA-4835-95A0-DE4885001BE6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.80:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D63F1A22-F19C-4100-B14A-140FBA5DAD1F"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E8339008-8889-47B0-9416-CCC6CE75D277"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.60:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "417A3399-5CF0-47C5-9209-98F1E8CE579A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.61:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60FBA5D6-6A6A-469C-8452-969CA5F21ADC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.62:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F0D19012-4183-4293-B98C-292428FB6DB9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7113AE94-1C25-40AF-98F9-0A457DE063B0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B0EF3F6B-C978-4BB3-B33E-EA809CE9E851"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.73:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F74453A8-8055-4A22-98AA-F318B852B316"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.80:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8C0DA3F8-1606-40FA-9E14-C4A53E1DE243"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5B97B95A-8143-4766-9F10-87E19AED22C6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp13_firmware:7.75:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "68D04488-DE68-407E-B428-5F51DEA0B07C"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "80149FF9-3C6D-4C80-8257-CEB2BE8B0DCA"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:bosch:cpp14_firmware:8.00:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "89AE2200-8323-4877-B709-E7B856188480"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B7872B92-4708-4522-BA8F-5BE941D169AC"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://psirt.bosch.com/security-advisories/bosch-sa-033305-bt.html",
|
|
"source": "psirt@bosch.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |