What is CVE-2021-23842?

CVE-2021-23842 is a vulnerability that allows an attacker to retrieve the key from the firmware and decrypt network traffic between the AMC2 and the host system.

How does CVE-2021-23842 affect Bosch AMC2 Firmware?

CVE-2021-23842 affects Bosch AMC2 Firmware by allowing an attacker to decrypt network traffic between the AMC2 and the host system.

How does CVE-2021-23842 affect Bosch Access Management System 3.0?

CVE-2021-23842 affects Bosch Access Management System 3.0 by allowing an attacker to decrypt network traffic between the AMC2 and the host system.

How severe is CVE-2021-23842?

CVE-2021-23842 has a severity score of 7.1 (high).

How can I fix CVE-2021-23842?

To fix CVE-2021-23842, it is recommended to update your Bosch AMC2 Firmware to a version that addresses the vulnerability.

Vulnerability/
CVE-2021-23842

high

7.1

CWE

798 321

19/1/2022

16/9/2024

CVE-2021-23842: Use of Hard-coded Cryptographic Key

First published: Wed Jan 19 2022(Updated: )

Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.

Credit: psirt@bosch.com

Affected Software	Affected Version	How to fix
Bosch Amc2 Firmware
Bosch Amc2 Firmware
Bosch Access	=3.0
Bosch Access Professional Edition	<=3.8.0
Bosch Building Integration System	<4.9.1

Never miss a vulnerability like this again

Reference Links

https://psirt.bosch.com/security-advisories/BOSCH-SA-940448-BT.html

Frequently Asked Questions

What is CVE-2021-23842?
CVE-2021-23842 is a vulnerability that allows an attacker to retrieve the key from the firmware and decrypt network traffic between the AMC2 and the host system.
How does CVE-2021-23842 affect Bosch AMC2 Firmware?
CVE-2021-23842 affects Bosch AMC2 Firmware by allowing an attacker to decrypt network traffic between the AMC2 and the host system.
How does CVE-2021-23842 affect Bosch Access Management System 3.0?
CVE-2021-23842 affects Bosch Access Management System 3.0 by allowing an attacker to decrypt network traffic between the AMC2 and the host system.
How severe is CVE-2021-23842?
CVE-2021-23842 has a severity score of 7.1 (high).
How can I fix CVE-2021-23842?
To fix CVE-2021-23842, it is recommended to update your Bosch AMC2 Firmware to a version that addresses the vulnerability.

agent/weakness
agent/type
agent/softwarecombine
agent/references
agent/severity
agent/title
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/bosch
canonical/bosch amc2 firmware
canonical/bosch access
version/bosch access/3.0
canonical/bosch access professional edition
version/bosch access professional edition/3.8.0
canonical/bosch building integration system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.