Details of VAR-202106-1410

ID

VAR-202106-1410

CVE

CVE-2021-23853

TITLE

Bosch IP cameras input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-53973 // CNNVD: CNNVD-202106-742

DESCRIPTION

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Bosch IP The camera contains an input verification vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Bosch IP cameras are German (Bosch) network cameras. Bosch IP cameras have an input validation error vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-23853 // JVNDB: JVNDB-2021-008248 // CNVD: CNVD-2021-53973 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-53973

AFFECTED PRODUCTS

vendor:	bosch	model:	cpp7	scope:	eq	version:	-	Trust: 1.0
vendor:	bosch	model:	cpp6	scope:	eq	version:	-	Trust: 1.0
vendor:	bosch	model:	cpp13	scope:	eq	version:	-	Trust: 1.0
vendor:	bosch	model:	cpp7.3	scope:	eq	version:	-	Trust: 1.0
vendor:	bosch	model:	cpp4	scope:	eq	version:	-	Trust: 1.0
vendor:	robert bosch	model:	cpp7.3	scope:	-	version:	-	Trust: 0.8
vendor:	robert bosch	model:	cpp7	scope:	-	version:	-	Trust: 0.8
vendor:	robert bosch	model:	cpp6	scope:	-	version:	-	Trust: 0.8
vendor:	robert bosch	model:	cpp4	scope:	-	version:	-	Trust: 0.8
vendor:	robert bosch	model:	cpp13	scope:	-	version:	-	Trust: 0.8
vendor:	bosch	model:	ip cameras	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-53973 // JVNDB: JVNDB-2021-008248 // NVD: CVE-2021-23853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23853
value:	CRITICAL
Trust: 1.0
psirt@bosch.com:	CVE-2021-23853
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-23853
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-53973
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-742
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-23853
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-53973
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-23853
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@bosch.com:	CVE-2021-23853
baseSeverity:	HIGH
baseScore:	8.3
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23853
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-53973 // JVNDB: JVNDB-2021-008248 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-742 // NVD: CVE-2021-23853 // NVD: CVE-2021-23853

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-008248 // NVD: CVE-2021-23853

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-742

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	BOSCH-SA-478243-BT	url:	https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html	Trust: 0.8
title:	Patch for Bosch IP cameras input validation error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/280711	Trust: 0.6
title:	Bosch IP cameras Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154909	Trust: 0.6

sources: CNVD: CNVD-2021-53973 // JVNDB: JVNDB-2021-008248 // CNNVD: CNNVD-202106-742

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23853	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-008248	Trust: 0.8
db:	CNVD	id:	CNVD-2021-53973	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021070709	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-742	Trust: 0.6

sources: CNVD: CNVD-2021-53973 // JVNDB: JVNDB-2021-008248 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-742 // NVD: CVE-2021-23853

REFERENCES

url:	https://psirt.bosch.com/security-advisories/bosch-sa-478243-bt.html	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23853	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070709	Trust: 0.6

sources: CNVD: CNVD-2021-53973 // JVNDB: JVNDB-2021-008248 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-742 // NVD: CVE-2021-23853

SOURCES

db:	CNVD	id:	CNVD-2021-53973
db:	JVNDB	id:	JVNDB-2021-008248
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-742
db:	NVD	id:	CVE-2021-23853

LAST UPDATE DATE

2024-08-14T13:07:39.312000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-53973	date:	2021-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008248	date:	2022-03-09T09:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-742	date:	2021-07-08T00:00:00
db:	NVD	id:	CVE-2021-23853	date:	2021-06-22T13:39:15.130

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-53973	date:	2021-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-008248	date:	2022-03-09T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-742	date:	2021-06-09T00:00:00
db:	NVD	id:	CVE-2021-23853	date:	2021-06-09T15:15:08.377