Vulnerability Description
This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | B426 Firmware | < 03.08 |
| Bosch | B426 | - |
| Bosch | B426-Cn Firmware | < 03.08 |
| Bosch | B426-Cn | - |
| Bosch | B429-Cn Firmware | < 03.08 |
| Bosch | B429-Cn | - |
| Bosch | B426-M Firmware | < 03.10 |
| Bosch | B426-M | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/bosch-sa-196933-bt.htmlVendor Advisory
FAQ
What is CVE-2021-23845?
CVE-2021-23845 is a vulnerability with a CVSS score of 8.0 (HIGH). This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during...
How severe is CVE-2021-23845?
CVE-2021-23845 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23845?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch B426 Firmware, Bosch B426, Bosch B426-Cn Firmware, Bosch B426-Cn, Bosch B429-Cn Firmware.