Vulnerability CVE-2021-23859


Published: 2021-12-08   Modified: 2021-12-09

Description:
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859

Type:

CWE-755

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Bosch -> Access professional edition 
Bosch -> Building integration system 
Bosch -> Video recording manager exporter 

 References:
https://psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html

Copyright 2022, cxsecurity.com

 

Back to Top