CVE-2023-48257

{"id": "CVE-2023-48257", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@bosch.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-01-10T13:15:46.590", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "tags": ["Vendor Advisory"], "source": "psirt@bosch.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "psirt@bosch.com", "description": [{"lang": "en", "value": "CWE-1391"}]}], "descriptions": [{"lang": "en", "value": "The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request."}, {"lang": "es", "value": "La vulnerabilidad permite a un atacante remoto acceder a datos confidenciales dentro de paquetes exportados u obtener hasta ejecuci\u00f3n remota de c\u00f3digo (RCE) con privilegios de root en el dispositivo. La vulnerabilidad puede ser explotada directamente por usuarios autenticados, a trav\u00e9s de solicitudes HTTP manipuladas, o indirectamente por usuarios no autenticados, accediendo a paquetes de respaldo ya exportados o creando un paquete de importaci\u00f3n e induciendo a una v\u00edctima autenticada a enviar la solicitud de carga HTTP."}], "lastModified": "2024-01-16T22:07:15.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8", "versionEndIncluding": "1500-sp2", "versionStartIncluding": "1000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A"}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8"}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@bosch.com"}