What is the vulnerability ID of this issue?

The vulnerability ID of this issue is CVE-2020-6777.

What is the severity of CVE-2020-6777?

The severity of CVE-2020-6777 is medium with a CVSS score of 4.8.

Which software versions are affected by CVE-2020-6777?

Bosch PRAESIDEO up to and including version 4.41 and Bosch PRAESENSA up to and including version 1.10 are affected by CVE-2020-6777.

How can an attacker exploit CVE-2020-6777?

An attacker with admin privileges can mount a stored Cross-Site-Scripting (XSS) attack against another user through the web-based management interface of Bosch PRAESIDEO and Bosch PRAESENSA.

Is Bosch PRAESIDEO and Bosch PRAESENSA vulnerable to CVE-2020-6777?

No, Bosch PRAESIDEO and Bosch PRAESENSA are not vulnerable to CVE-2020-6777.

How do I fix CVE-2020-6777?

To fix CVE-2020-6777, update Bosch PRAESIDEO firmware to version 4.42 or later, and update Bosch PRAESENSA firmware to version 1.11 or later.

Vulnerability/
CVE-2020-6777

medium

4.8

CWE

14/1/2021

17/9/2024

CVE-2020-6777: Stored XSS in Bosch PRAESIDEO and Bosch PRAESENSA Management Interface

First published: Thu Jan 14 2021(Updated: )

A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim. However, as the attacker already needs admin privileges, there is no additional impact on the management interface itself.

Credit: psirt@bosch.com

Affected Software	Affected Version	How to fix
Bosch Praesideo Firmware	<=4.41
Bosch PRAESIDEO
Bosch Praesensa Firmware	<=1.10
Bosch PRAESENSA

Never miss a vulnerability like this again

Reference Links

https://psirt.bosch.com/security-advisories/bosch-sa-538331-bt.html

Frequently Asked Questions

What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-6777.
What is the severity of CVE-2020-6777?
The severity of CVE-2020-6777 is medium with a CVSS score of 4.8.
Which software versions are affected by CVE-2020-6777?
Bosch PRAESIDEO up to and including version 4.41 and Bosch PRAESENSA up to and including version 1.10 are affected by CVE-2020-6777.
How can an attacker exploit CVE-2020-6777?
An attacker with admin privileges can mount a stored Cross-Site-Scripting (XSS) attack against another user through the web-based management interface of Bosch PRAESIDEO and Bosch PRAESENSA.
Is Bosch PRAESIDEO and Bosch PRAESENSA vulnerable to CVE-2020-6777?
No, Bosch PRAESIDEO and Bosch PRAESENSA are not vulnerable to CVE-2020-6777.
How do I fix CVE-2020-6777?
To fix CVE-2020-6777, update Bosch PRAESIDEO firmware to version 4.42 or later, and update Bosch PRAESENSA firmware to version 1.11 or later.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/title
agent/weakness
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/bosch
canonical/bosch praesideo firmware
version/bosch praesideo firmware/4.41
canonical/bosch praesideo
canonical/bosch praesensa firmware
version/bosch praesensa firmware/1.10
canonical/bosch praesensa

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.