Sign-up

ID

VAR-201905-0922


CVE

CVE-2019-11896


TITLE

Bosch Smart Home Controller Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004933

DESCRIPTION

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction. Bosch Smart Home Controller (SHC) Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2019-11896 // JVNDB: JVNDB-2019-004933

IOT TAXONOMY

category:['home & office device']sub_category:smart home controller

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:boschmodel:smart home controllerscope:ltversion:9.8.907

Trust: 1.0

vendor:robert boschmodel:smart home controllerscope:ltversion:9.8.907

Trust: 0.8

sources: JVNDB: JVNDB-2019-004933 // NVD: CVE-2019-11896

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11896
value: HIGH

Trust: 1.0

psirt@bosch.com: CVE-2019-11896
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11896
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201905-1080
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-11896
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2019-11896
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@bosch.com: CVE-2019-11896
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-11896
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2019-004933 // CNNVD: CNNVD-201905-1080 // NVD: CVE-2019-11896 // NVD: CVE-2019-11896

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-275

Trust: 0.8

sources: JVNDB: JVNDB-2019-004933 // NVD: CVE-2019-11896

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201905-1080

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201905-1080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004933

PATCH
title:BOSCH-SA-662084url:https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html
Trust: 0.8
title:Bosch Smart Home Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93033
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-004933 // 
            
            
            
            CNNVD: CNNVD-201905-1080

EXTERNAL IDS
db:NVDid:CVE-2019-11896
Trust: 2.5
db:JVNDBid:JVNDB-2019-004933
Trust: 0.8
db:CNNVDid:CNNVD-201905-1080
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004933 // 
            
            
            
            CNNVD: CNNVD-201905-1080 // 
            
            
            
            NVD: CVE-2019-11896

REFERENCES
url:https://psirt.bosch.com/advisory/bosch-sa-662084.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11896
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11896
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            JVNDB: JVNDB-2019-004933 // 
            
            
            
            CNNVD: CNNVD-201905-1080 // 
            
            
            
            NVD: CVE-2019-11896

SOURCES
db:OTHERid: - 
db:JVNDBid:JVNDB-2019-004933
db:CNNVDid:CNNVD-201905-1080
db:NVDid:CVE-2019-11896

LAST UPDATE DATE
2025-01-30T22:03:58.643000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2019-004933date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1080date:2020-10-09T00:00:00
db:NVDid:CVE-2019-11896date:2024-11-21T04:21:58.757

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2019-004933date:2019-06-12T00:00:00
db:CNNVDid:CNNVD-201905-1080date:2019-05-29T00:00:00
db:NVDid:CVE-2019-11896date:2019-05-29T21:29:02.153