CVE-2020-6779

{"id": "CVE-2020-6779", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2021-01-26T18:16:07.803", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html", "tags": ["Vendor Advisory"], "source": "psirt@bosch.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromise of the confidentiality and integrity of the stored data as well as a high availability impact on the database itself. In addition, an attacker may execute arbitrary commands on the underlying operating system."}, {"lang": "es", "value": "El uso de credenciales embebidas en la base de datos del servidor Bosch FSM-2500 y el servidor Bosch FSM-5000 hasta la versi\u00f3n 5.2 incluy\u00e9ndola, permite a un atacante remoto no autenticado iniciar sesi\u00f3n en la base de datos con privilegios de administrador. Esto puede resultar en un compromiso total de la confidencialidad e integridad de los datos almacenados, as\u00ed como un impacto de la alta disponibilidad en la propia base de datos. Adem\u00e1s, un atacante puede ejecutar comandos arbitrarios en el sistema operativo subyacente"}], "lastModified": "2021-02-03T01:29:42.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bosch:fsm-2500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DABF317D-63EF-4AC6-B5E5-58DB5598FB6E", "versionEndIncluding": "5.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bosch:fsm-2500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E6F9D1B-FF23-4C52-B5E3-3727AEEBA394"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bosch:fsm-5000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE15D170-F377-4A15-AC5C-10974D034FFE", "versionEndIncluding": "5.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bosch:fsm-5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91E26C5C-C032-4650-8BC1-C6D78A1090F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}