CVE-2023-48257

CVSS 7.8 HIGHEPSS 0.5%CWE-1391

In short

A flaw in how backup packages are handled allows attackers to steal sensitive data or gain full control of a device. An authenticated user can exploit this directly, or an attacker can trick someone into uploading a malicious backup file to achieve the same result.

Technical detail

The vulnerability exists in exported package handling, allowing authenticated attackers to craft malicious HTTP requests for direct exploitation, while unauthenticated attackers can abuse the import/export mechanism via social engineering to achieve data exfiltration or RCE with root privileges. The attack vectors include direct authenticated exploitation, pre-existing exported backup access, and malicious import packages that trigger authenticated users to initiate vulnerable upload requests.

Summary generated and translated by AI from the official description.

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html