5.3

CVE-2022-41677

EPSS 0.11%
Veröffentlicht 18.12.2023 13:15:06
Zuletzt bearbeitet 21.11.2024 07:23:37
Quelle psirt@bosch.com
CVE-Watchlists
Login
Unerledigt
Login

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bosch ≫ Cpp14 Firmware Version <= 8.80

Bosch ≫ Cpp14 Version-

Bosch ≫ Cpp13 Firmware Version <= 8.48

Bosch ≫ Cpp13 Version-

Bosch ≫ Cpp7.3 Firmware Version <= 7.86

Bosch ≫ Cpp7.3 Version-

Bosch ≫ Cpp7 Firmware Version <= 7.86

Bosch ≫ Cpp7 Version-

Bosch ≫ Cpp6 Firmware Version <= 7.86

Bosch ≫ Cpp6 Version-

Bosch ≫ Cpp4 Firmware Version <= 7.10

Bosch ≫ Cpp4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.297

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
psirt@bosch.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41677

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41677

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41677

EUVD