Vulnerability Details : CVE-2023-32229
Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.
Products affected by CVE-2023-32229
- cpe:2.3:o:bosch:cpp13_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:bosch:cpp14_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32229
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32229
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.2
|
3.6
|
Robert Bosch GmbH |
CWE ids for CVE-2023-32229
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
-
The product does not implement or incorrectly implements wear leveling operations in limited-write non-volatile memories.Assigned by: psirt@bosch.com (Secondary)
References for CVE-2023-32229
-
https://psirt.bosch.com/security-advisories/BOSCH-SA-435698-BT.html
Possible damage of secure element in Bosch IP cameras | Bosch PSIRTVendor Advisory
Jump to