{"containers": {"cna": {"affected": [{"platforms": ["CPP6, CPP7, CPP7.3"], "product": "CPP Firmware", "vendor": "Bosch", "versions": [{"status": "affected", "version": "7.70"}, {"status": "affected", "version": "7.72"}, {"lessThan": "7.80 B128", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-05-20T00:00:00", "descriptions": [{"lang": "en", "value": "A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-09T14:19:47", "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"}], "source": {"advisory": "BOSCH-SA-478243-BT", "discovery": "EXTERNAL"}, "title": "Unauthenticated Information Extraction Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@bosch.com", "DATE_PUBLIC": "2021-05-20", "ID": "CVE-2021-23847", "STATE": "PUBLIC", "TITLE": "Unauthenticated Information Extraction Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "CPP Firmware", "version": {"version_data": [{"platform": "CPP6, CPP7, CPP7.3", "version_affected": "=", "version_value": "7.70"}, {"platform": "CPP6, CPP7, CPP7.3", "version_affected": "=", "version_value": "7.72"}, {"platform": "CPP6, CPP7, CPP7.3", "version_affected": "<", "version_value": "7.80 B128"}]}}]}, "vendor_name": "Bosch"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287 Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html", "refsource": "CONFIRM", "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"}]}, "source": {"advisory": "BOSCH-SA-478243-BT", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:14:09.274Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"}]}]}, "cveMetadata": {"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "assignerShortName": "bosch", "cveId": "CVE-2021-23847", "datePublished": "2021-06-09T14:19:47.260870Z", "dateReserved": "2021-01-12T00:00:00", "dateUpdated": "2024-09-17T02:46:39.127Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:cpp6_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A169603C-C2A4-4345-A384-BF6B75C62849", "versionEndExcluding": "7.80.0129", "versionStartIncluding": "7.80", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.70:*:*:*:*:*:*:*", "matchCriteriaId": "ED954BF7-DD03-4B91-8F4F-CACE2E8BDDA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp6_firmware:7.72:*:*:*:*:*:*:*", "matchCriteriaId": "9E3D5E9E-A2FA-424D-893F-6D5C92F5D717", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*", "matchCriteriaId": "27B65C05-69F5-4048-BCBE-DA0D53EF9AFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:cpp7_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B8D22B9-545A-4507-9496-ED843FD7C55B", "versionEndExcluding": "7.80.0129", "versionStartIncluding": "7.80", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.70:*:*:*:*:*:*:*", "matchCriteriaId": "7DA98BAE-2029-43EF-9B62-08183FB24BC1", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp7_firmware:7.72:*:*:*:*:*:*:*", "matchCriteriaId": "29E2AC5D-E6AA-4835-95A0-DE4885001BE6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8339008-8889-47B0-9416-CCC6CE75D277", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAF9F4E2-BE45-40B4-A63C-75777CF63A26", "versionEndExcluding": "7.80.0129", "versionStartIncluding": "7.80", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.70:*:*:*:*:*:*:*", "matchCriteriaId": "7113AE94-1C25-40AF-98F9-0A457DE063B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:bosch:cpp7.3_firmware:7.72:*:*:*:*:*:*:*", "matchCriteriaId": "B0EF3F6B-C978-4BB3-B33E-EA809CE9E851", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B97B95A-8143-4766-9F10-87E19AED22C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted requests to the device. Only devices of the CPP6, CPP7 and CPP7.3 family with firmware 7.70, 7.72, and 7.80 prior to B128 are affected by this vulnerability. Versions 7.62 or lower and INTEOX cameras are not affected."}, {"lang": "es", "value": "Una Falta de Autenticaci\u00f3n en una Funci\u00f3n Cr\u00edtica en las c\u00e1maras Bosch IP, permite a un atacante remoto no autenticado extraer informaci\u00f3n confidencial o cambiar la configuraci\u00f3n de la c\u00e1mara mediante el env\u00edo de petici\u00f3nes dise\u00f1adas al dispositivo. Solo los dispositivos de la familia CPP6, CPP7 y CPP7.3 con versiones de firmware 7.70, 7.72 y 7.80 anteriores a B128 est\u00e1n afectados por esta vulnerabilidad. Las versiones 7.62 o inferiores y las c\u00e1maras INTEOX no est\u00e1n afectadas"}], "id": "CVE-2021-23847", "lastModified": "2024-11-21T05:51:56.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-09T15:15:08.187", "references": [{"source": "psirt@bosch.com", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@bosch.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}