CVE-2023-45321 – This vulnerability in the Android Client applic... (How to Fix)

Q: What is the severity of CVE-2023-45321?

CVE-2023-45321 has a CVSS score of 8.3 (HIGH). This vulnerability in the Android Client application allows attackers on the same network to intercept MQTT broker credentials transmitted over unencrypted HTTP. It affects users who manually configure server IP addresses using method 1, exposing their authentication credentials to network eavesdropping.

📋 TL;DR

This vulnerability in the Android Client application allows attackers on the same network to intercept MQTT broker credentials transmitted over unencrypted HTTP. It affects users who manually configure server IP addresses using method 1, exposing their authentication credentials to network eavesdropping.

💻 Affected Systems

Products:

Bosch Android Client application

Versions: Specific versions not specified in advisory

Operating Systems: Android

Default Config Vulnerable: ✅ No

Notes: Only affects configurations where users manually enter server IP addresses using method 1

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the MQTT broker, enabling unauthorized remote management, data manipulation, and potential lateral movement to connected systems.

🟠

Likely Case

Credentials are intercepted, allowing attackers to access the MQTT broker and potentially manipulate remote management functions.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to credential exposure without successful exploitation.

🌐 Internet-Facing: LOW (requires local network access)

🏢 Internal Only: HIGH (exploitable by any attacker on the same subnet)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires network access to intercept unencrypted HTTP traffic

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory

Vendor Advisory: https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

Restart Required: Yes

Instructions:

1. Update to latest version from official app store 2. Ensure HTTPS is used for all communications 3. Verify configuration uses encrypted protocols

🔧 Temporary Workarounds

Network Segmentation

all

Isolate HMI devices and Android clients on separate VLANs

Force HTTPS Configuration

all

Configure network devices to block HTTP traffic to the server

🧯 If You Can't Patch

Disable manual server IP configuration method 1
Implement network monitoring for HTTP traffic to the server IP

🔍 How to Verify

Check if Vulnerable:

Check if Android app uses HTTP instead of HTTPS when manually configuring server IP

Check Version:

Check app version in Android settings > Apps > [App Name]

Verify Fix Applied:

Verify all communications use HTTPS and credentials are encrypted

📡 Detection & Monitoring

Log Indicators:

HTTP traffic to server IP from Android clients
Failed MQTT authentication attempts

Network Indicators:

Unencrypted HTTP traffic containing credentials
ARP spoofing or MITM activity

SIEM Query:

source_ip=android_client AND dest_port=80 AND (contains(password) OR contains(username))

📊 Metadata

CVE ID: CVE-2023-45321

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-319

Published: October 25, 2023

Last Updated: November 21, 2024

🔗 References

https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html Mitigation,Vendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45321, you might also want to check these: