7.4
CVE-2020-6781
- EPSS 0.45%
- Veröffentlicht 16.09.2020 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:36:10
- Quelle psirt@bosch.com
- CVE-Watchlists
- Unerledigt
LoginImproper Certificate Validation in Bosch Smart Home System App for iOS
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bosch ≫ Smart Home SwPlatformiphone_os Version < 9.17.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.358 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| psirt@bosch.com | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://psirt.bosch.com/security-advisories/BOSCH-SA-347336.html