Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23845

Опубликовано: 18 июн. 2021
Источник: nvd
CVSS3: 8
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bosch:b426_firmware:*:*:*:*:*:*:*:*
Версия до 03.08 (исключая)
cpe:2.3:h:bosch:b426:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:bosch:b426-cn_firmware:*:*:*:*:*:*:*:*
Версия до 03.08 (исключая)
cpe:2.3:h:bosch:b426-cn:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:bosch:b429-cn_firmware:*:*:*:*:*:*:*:*
Версия до 03.08 (исключая)
cpe:2.3:h:bosch:b429-cn:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:bosch:b426-m_firmware:*:*:*:*:*:*:*:*
Версия до 03.10 (исключая)
cpe:2.3:h:bosch:b426-m:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%
0.00285
Низкий

8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-284
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-4fvc-h857-qw9g

github
больше 3 лет назад

This vulnerability could allow an attacker to hijack a session while a user is logged in the configuration web page. This vulnerability was discovered by a security researcher in B426 and found during internal product tests in B426-CN/B429-CN, and B426-M and has been fixed already starting from version 3.08 on, which was released on June 2019.

EPSS

Процентиль: 52%
0.00285
Низкий

8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-284
NVD-CWE-noinfo