Sign-up

ID

VAR-201905-0918


CVE

CVE-2019-11892


TITLE

Bosch Smart Home Controller Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004949

DESCRIPTION

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction

Trust: 1.62

sources: NVD: CVE-2019-11892 // JVNDB: JVNDB-2019-004949

IOT TAXONOMY

category:['home & office device']sub_category:smart home controller

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:boschmodel:smart home controllerscope:ltversion:9.8.905

Trust: 1.0

vendor:robert boschmodel:smart home controllerscope:ltversion:9.8.905

Trust: 0.8

sources: JVNDB: JVNDB-2019-004949 // NVD: CVE-2019-11892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11892
value: HIGH

Trust: 1.0

psirt@bosch.com: CVE-2019-11892
value: HIGH

Trust: 1.0

NVD: CVE-2019-11892
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-1076
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-11892
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-11892
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@bosch.com: CVE-2019-11892
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-11892
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-004949 // CNNVD: CNNVD-201905-1076 // NVD: CVE-2019-11892 // NVD: CVE-2019-11892

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2019-004949 // NVD: CVE-2019-11892

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-1076

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-1076

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004949

PATCH
title:BOSCH-SA-662084url:https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html
Trust: 0.8
title:Bosch Smart Home Controller Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93029
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004949 // 
            
            
            
            CNNVD: CNNVD-201905-1076

EXTERNAL IDS
db:NVDid:CVE-2019-11892
Trust: 2.5
db:JVNDBid:JVNDB-2019-004949
Trust: 0.8
db:CNNVDid:CNNVD-201905-1076
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004949 // 
            
            
            
            CNNVD: CNNVD-201905-1076 // 
            
            
            
            NVD: CVE-2019-11892

REFERENCES
url:https://psirt.bosch.com/advisory/bosch-sa-662084.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11892
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11892
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004949 // 
            
            
            
            CNNVD: CNNVD-201905-1076 // 
            
            
            
            NVD: CVE-2019-11892

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-004949
db:CNNVDid:CNNVD-201905-1076
db:NVDid:CVE-2019-11892

LAST UPDATE DATE
2025-01-30T21:53:15.762000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-004949date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1076date:2020-10-09T00:00:00
db:NVDid:CVE-2019-11892date:2024-11-21T04:21:58.300

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-004949date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1076date:2019-05-29T00:00:00
db:NVDid:CVE-2019-11892date:2019-05-29T20:29:00.253