CVE-2022-41677

An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:bosch:cpp14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:bosch:cpp13_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:bosch:cpp7.3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:bosch:cpp7_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:bosch:cpp6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:bosch:cpp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*

Information

Published : 2023-12-18 13:15

Updated : 2023-12-22 20:06

NVD link : CVE-2022-41677

Mitre link : CVE-2022-41677

JSON object : View

Products Affected

bosch

cpp6
cpp6_firmware
cpp4_firmware
cpp7.3
cpp7.3_firmware
cpp4
cpp7_firmware
cpp14
cpp7
cpp13
cpp14_firmware
cpp13_firmware

CWE

NVD-CWE-noinfo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html", "name": "https://psirt.bosch.com/security-advisories/bosch-sa-839739-BT.html", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-41677", "ASSIGNER": "psirt@bosch.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2023-12-18T13:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp14_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.80"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp14:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp13_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "8.48"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp13:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp7.3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.86"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp7.3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp7_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.86"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp7:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp6_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.86"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp6:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:bosch:cpp4_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.10"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:bosch:cpp4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-12-22T20:06Z"}