CVE-2023-48253

{"id": "CVE-2023-48253", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-01-10T13:15:45.803", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "tags": ["Vendor Advisory"], "source": "psirt@bosch.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.\r\nBy abusing this vulnerability it is possible to exfiltrate other users\u2019 password hashes or update them with arbitrary values and access their accounts."}, {"lang": "es", "value": "La vulnerabilidad permite a un atacante autenticado remoto leer o actualizar contenido arbitrario de la base de datos de autenticaci\u00f3n mediante una solicitud HTTP manipulada. Al abusar de esta vulnerabilidad, es posible filtrar los hashes de contrase\u00f1as de otros usuarios o actualizarlos con valores arbitrarios y acceder a sus cuentas."}], "lastModified": "2024-01-17T20:35:48.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8", "versionEndIncluding": "1500-sp2", "versionStartIncluding": "1000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}