Sign-up

ID

VAR-201905-0921


CVE

CVE-2019-11895


TITLE

Bosch Smart Home Controller Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004934

DESCRIPTION

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction

Trust: 1.62

sources: NVD: CVE-2019-11895 // JVNDB: JVNDB-2019-004934

IOT TAXONOMY

category:['home & office device']sub_category:smart home controller

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:boschmodel:smart home controllerscope:ltversion:9.8.905

Trust: 1.0

vendor:robert boschmodel:smart home controllerscope:ltversion:9.8.905

Trust: 0.8

sources: JVNDB: JVNDB-2019-004934 // NVD: CVE-2019-11895

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11895
value: MEDIUM

Trust: 1.0

psirt@bosch.com: CVE-2019-11895
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11895
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-1077
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-11895
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

psirt@bosch.com: CVE-2019-11895
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-11895
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-004934 // CNNVD: CNNVD-201905-1077 // NVD: CVE-2019-11895 // NVD: CVE-2019-11895

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:NVD-CWE-Other

Trust: 1.0

sources: JVNDB: JVNDB-2019-004934 // NVD: CVE-2019-11895

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-1077

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201905-1077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004934

PATCH
title:BOSCH-SA-662084url:https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html
Trust: 0.8
title:Bosch Smart Home Controller Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93030
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004934 // 
            
            
            
            CNNVD: CNNVD-201905-1077

EXTERNAL IDS
db:NVDid:CVE-2019-11895
Trust: 2.5
db:JVNDBid:JVNDB-2019-004934
Trust: 0.8
db:CNNVDid:CNNVD-201905-1077
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004934 // 
            
            
            
            CNNVD: CNNVD-201905-1077 // 
            
            
            
            NVD: CVE-2019-11895

REFERENCES
url:https://psirt.bosch.com/advisory/bosch-sa-662084.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11895
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11895
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004934 // 
            
            
            
            CNNVD: CNNVD-201905-1077 // 
            
            
            
            NVD: CVE-2019-11895

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-004934
db:CNNVDid:CNNVD-201905-1077
db:NVDid:CVE-2019-11895

LAST UPDATE DATE
2025-01-30T19:35:13.403000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-004934date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1077date:2020-10-09T00:00:00
db:NVDid:CVE-2019-11895date:2024-11-21T04:21:58.643

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-004934date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1077date:2019-05-29T00:00:00
db:NVDid:CVE-2019-11895date:2019-05-29T21:29:02.120