← volver
CVE-2019-11893

Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)

CVSS 5.5 MEDIUMEPSS 0.5%CWE-266
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.5EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
29 may 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
Bosch · Smart Home Controller

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html