What is CVE-2021-23859?

CVE-2021-23859 is a critical-severity vulnerability in Bosch Aec, classified under CWE-703. CVSS score: 9.1/10. Published 2021-12-08.

How severe is CVE-2021-23859?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Bosch Aec

CVE-2021-23859

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to…

EPSS: 0.003 (52.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H.

Affected products

Bosch Aec — versions unspecified
Bosch Ape — versions unspecified
Bosch Bis — versions unspecified
Bosch Bvms — versions unspecified, 11.0, 10.0
Bosch Divar Ip 7000 R2 — versions all
Bosch Divar Ip All-in-one 5000 — versions all
Bosch Divar Ip All-in-one 7000 — versions all
Bosch Vrm — versions unspecified, 4.0, 3.83
Bosch Vrm Exporter — versions 2.1

Weakness classification (CWE)

CWE-703

References

psirt.bosch.com/security-advisories/bosch-sa-043434-bt.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-23859?: CVE-2021-23859 is a critical-severity vulnerability in Bosch Aec, classified under CWE-703. CVSS score: 9.1/10. Published 2021-12-08.
How severe is CVE-2021-23859?: Critical severity. CVSS v3 base score is 9.1 out of 10.