admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-419xx/CVE-2023-41960.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

177 lines
5.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-41960",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-10-25T18:17:31.037",
"lastModified": "2023-11-06T15:13:46.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself."
},
{
"lang": "es",
"value": "La vulnerabilidad permite que una aplicaci\u00f3n de terceros sin privilegios (no confiable) interact\u00fae con un proveedor de contenido expuesto de manera insegura por la aplicaci\u00f3n del Agente de Android, modificando potencialmente configuraciones confidenciales de la propia aplicaci\u00f3n del Cliente de Android."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFA1309-DBEE-46F1-B6FD-DAE896180411"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2107:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87C129B8-F100-4D3A-97BC-BAD9A4129F9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "326E80AA-C9B4-4BF1-AA2B-98A3802A72C9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2110_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD47D2E3-F53F-4CE8-BEF7-76F78AEBAF5C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:boschrexroth:ctrlx_hmi_web_panel_wr2115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "167C9BC4-FCC5-4FAF-8F75-F967C77400A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:boschrexroth:ctrlx_hmi_web_panel_wr2115_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA92486-EEBE-42FD-9755-006B7F2DF361"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"source": "psirt@bosch.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink