Lucene search

[email protected]CVE-2022-41677

HistoryDec 18, 2023 - 1:15 p.m.

CVE-2022-41677

2023-12-1813:15:06

CWE-284

[email protected]

web.nvd.nist.gov

information security

vulnerability

bosch ip camera

information disclosure

unauthenticated access

network settings

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

Affected configurations

NVD

Node

boschcpp14Match-

AND

boschcpp14_firmwareRange≤8.80

Node

boschcpp13Match-

AND

boschcpp13_firmwareRange≤8.48

Node

boschcpp7.3Match-

AND

boschcpp7.3_firmwareRange≤7.86

Node

boschcpp7Match-

AND

boschcpp7_firmwareRange≤7.86

Node

boschcpp6Match-

AND

boschcpp6_firmwareRange≤7.86

Node

boschcpp4Match-

AND

boschcpp4_firmwareRange≤7.10

CPENameOperatorVersion
bosch:cpp14_firmwarebosch cpp14 firmwarele8.80

CPE	Name	Operator	Version
bosch:cpp14_firmware	bosch cpp14 firmware	le	8.80

CNA Affected

[
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP14"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.80"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP13"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "8.48"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP7.3"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP7"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP6"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.86"
      }
    ]
  },
  {
    "vendor": "Bosch",
    "product": "Camera Firmware",
    "platforms": [
      "CPP4"
    ],
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "7.10"
      }
    ]
  }
]

References

psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVE-2022-41677

nvd1 prion1 cvelist1