CVE-2020-6777
Summary
| CVE | CVE-2020-6777 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-01-14 16:15:00 UTC |
| Updated | 2021-01-21 18:41:00 UTC |
| Description | A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bosch | Praesensa | - | All | All | All |
| Hardware | Bosch | Praesensa | - | All | All | All |
| Operating System | Bosch | Praesensa Firmware | All | All | All | All |
| Hardware | Bosch | Praesideo | - | All | All | All |
| Hardware | Bosch | Praesideo | - | All | All | All |
| Operating System | Bosch | Praesideo Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerabilities in Bosch PRAESIDEO and PRAESENSA | Bosch PSIRT | CONFIRM | psirt.bosch.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Gjoko Krstic
There are currently no legacy QID mappings associated with this CVE.