{ "id": "CVE-2023-48247", "sourceIdentifier": "psirt@bosch.com", "published": "2024-01-10T11:15:09.647", "lastModified": "2024-01-16T19:53:35.707", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (\u201croot\u201d) via a crafted HTTP request." }, { "lang": "es", "value": "La vulnerabilidad permite a un atacante remoto no autenticado leer archivos arbitrarios en el contexto del usuario del sistema operativo de la aplicaci\u00f3n (\"root\") a trav\u00e9s de una solicitud HTTP manipulada." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "psirt@bosch.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-862" } ] }, { "source": "psirt@bosch.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-862" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", "versionStartIncluding": "1000", "versionEndIncluding": "1500-sp2", "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8" }, { "vulnerable": false, "criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB" } ] } ] } ], "references": [ { "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "source": "psirt@bosch.com", "tags": [ "Vendor Advisory" ] } ] }