What is CVE-2021-23842?

CVE-2021-23842 is a medium-severity vulnerability in Bosch Amc2, classified under Use of Hard-coded Cryptographic Key. CVSS score: 5.7/10. Published 2022-01-19.

How severe is CVE-2021-23842?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Vulnerability in Bosch Amc2

CVE-2021-23842

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus…

EPSS: 0.000 (8.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Affected products

Bosch Amc2 — versions all
Bosch Ams — versions unspecified
Bosch Ape — versions unspecified
Bosch Bis — versions unspecified

Weakness classification (CWE)

CWE-321 — Use of Hard-coded Cryptographic Key

References

psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-23842?: CVE-2021-23842 is a medium-severity vulnerability in Bosch Amc2, classified under Use of Hard-coded Cryptographic Key. CVSS score: 5.7/10. Published 2022-01-19.
How severe is CVE-2021-23842?: Medium severity. CVSS v3 base score is 5.7 out of 10.