CVE-2020-6777

Name of the Vulnerable Software and Affected Versions: Bosch PRAESIDEO versions 4.41 and earlier Bosch PRAESENSA versions 1.10 and earlier

Description: A vulnerability in the web-based management interface allows an authenticated remote attacker with admin privileges to mount a stored Cross-Site-Scripting (XSS) attack against another user. When the victim logs into the management interface, the stored script code is executed in the context of his browser. A successful exploit would allow an attacker to interact with the management interface with the privileges of the victim.

Recommendations: For Bosch PRAESIDEO versions 4.41 and earlier, update to a version later than 4.41 to resolve the issue. For Bosch PRAESENSA versions 1.10 and earlier, update to a version later than 1.10 to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.