CVE-2021-23842
Use of Hard-coded Cryptographic Key
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.
La comunicación con el AMC2 usa un algoritmo criptográfico de última generación para el cifrado simétrico llamado Blowfish. Un atacante podría recuperar la clave del firmware para descifrar el tráfico de red entre el AMC2 y el sistema anfitrión. Así, un atacante puede explotar esta vulnerabilidad para descifrar y modificar el tráfico de red, descifrar e investigar el archivo de firmware del dispositivo y cambiar la configuración del mismo. El atacante necesita tener acceso a la red local, normalmente incluso a la misma subred
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2022-01-19 CVE Published
- 2023-08-12 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html | 2022-01-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bosch Search vendor "Bosch" | Amc2 Firmware Search vendor "Bosch" for product "Amc2 Firmware" | - | - |
Affected
| in | Bosch Search vendor "Bosch" | Amc2 Search vendor "Bosch" for product "Amc2" | - | - |
Safe
|
Bosch Search vendor "Bosch" | Access Management System Search vendor "Bosch" for product "Access Management System" | 3.0 Search vendor "Bosch" for product "Access Management System" and version "3.0" | - |
Affected
| ||||||
Bosch Search vendor "Bosch" | Access Professional Edition Search vendor "Bosch" for product "Access Professional Edition" | <= 3.8.0 Search vendor "Bosch" for product "Access Professional Edition" and version " <= 3.8.0" | - |
Affected
| ||||||
Bosch Search vendor "Bosch" | Building Integration System Search vendor "Bosch" for product "Building Integration System" | < 4.9.1 Search vendor "Bosch" for product "Building Integration System" and version " < 4.9.1" | - |
Affected
|