Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23842

Опубликовано: 19 янв. 2022
Источник: nvd
CVSS3: 5.7
CVSS3: 7.1
CVSS2: 3.6
EPSS Низкий

Описание

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device's firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bosch:amc2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:bosch:amc2:-:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:bosch:access_management_system:3.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:bosch:access_professional_edition:*:*:*:*:*:*:*:*
Версия до 3.8.0 (включая)
Конфигурация 4
cpe:2.3:a:bosch:building_integration_system:*:*:*:*:*:*:*:*
Версия до 4.9.1 (исключая)

EPSS

Процентиль: 7%
0.00027
Низкий

5.7 Medium

CVSS3

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-321
CWE-798

Связанные уязвимости

github логотип

GHSA-j6hr-vmm6-m6c2

github
около 4 лет назад

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.

EPSS

Процентиль: 7%
0.00027
Низкий

5.7 Medium

CVSS3

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-321
CWE-798