How severe is CVE-2020-6780?

CVE-2020-6780 has a severity rating of 4.9 (medium).

Which software versions are affected by CVE-2020-6780?

Bosch FSM-2500 servers and Bosch FSM-5000 servers up to and including version 5.2 are affected by CVE-2020-6780.

Is Bosch FSM-2500 vulnerable to CVE-2020-6780?

No, Bosch FSM-2500 is not vulnerable to CVE-2020-6780.

Is Bosch FSM-5000 vulnerable to CVE-2020-6780?

No, Bosch FSM-5000 is not vulnerable to CVE-2020-6780.

How can I fix CVE-2020-6780?

To fix CVE-2020-6780, update Bosch FSM-2500 server and Bosch FSM-5000 server to a version higher than 5.2.

Vulnerability/
CVE-2020-6780

medium

4.9

CWE

916

20/1/2021

4/8/2024

CVE-2020-6780: Password Hash With Insufficient Computational Effort in the Database of Bosch FSM-2500 Server and Bosch FSM-5000 Server

Q: What is CVE-2020-6780?

CVE-2020-6780 is a vulnerability that allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plaintext passwords on Bosch FSM-2500 and FSM-5000 servers up to and including version 5.2.

Q: How can an attacker exploit CVE-2020-6780?

An attacker with admin privileges can exploit CVE-2020-6780 to dump the credentials of other users and possibly recover their plaintext passwords by using insufficient computational effort in the password hash.

First published: Wed Jan 20 2021(Updated: )

Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plain-text passwords by brute-forcing the MD5 hash.

Credit: psirt@bosch.com

Affected Software	Affected Version	How to fix
Bosch Fsm-2500 Firmware	<=5.2
Bosch FSM-2500
Bosch Fsm-5000 Firmware	<=5.2
Bosch FSM-5000

Never miss a vulnerability like this again

Reference Links

https://psirt.bosch.com/security-advisories/BOSCH-SA-332072-BT.html

Frequently Asked Questions

What is CVE-2020-6780?
CVE-2020-6780 is a vulnerability that allows a remote attacker with admin privileges to dump the credentials of other users and possibly recover their plaintext passwords on Bosch FSM-2500 and FSM-5000 servers up to and including version 5.2.
How severe is CVE-2020-6780?
CVE-2020-6780 has a severity rating of 4.9 (medium).
Which software versions are affected by CVE-2020-6780?
Bosch FSM-2500 servers and Bosch FSM-5000 servers up to and including version 5.2 are affected by CVE-2020-6780.
How can an attacker exploit CVE-2020-6780?
An attacker with admin privileges can exploit CVE-2020-6780 to dump the credentials of other users and possibly recover their plaintext passwords by using insufficient computational effort in the password hash.
Is Bosch FSM-2500 vulnerable to CVE-2020-6780?
No, Bosch FSM-2500 is not vulnerable to CVE-2020-6780.
Is Bosch FSM-5000 vulnerable to CVE-2020-6780?
No, Bosch FSM-5000 is not vulnerable to CVE-2020-6780.
How can I fix CVE-2020-6780?
To fix CVE-2020-6780, update Bosch FSM-2500 server and Bosch FSM-5000 server to a version higher than 5.2.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/title
agent/weakness
agent/tags
agent/first-publish-date
agent/description
agent/event
vendor/bosch
canonical/bosch fsm-2500 firmware
version/bosch fsm-2500 firmware/5.2
canonical/bosch fsm-2500
canonical/bosch fsm-5000 firmware
version/bosch fsm-5000 firmware/5.2
canonical/bosch fsm-5000

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.