Details of VAR-201908-1878

ID

VAR-201908-1878

CVE

CVE-2019-11602

TITLE

ProSyst mBS SDK and Bosch IoT Gateway Software Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008442

DESCRIPTION

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure. ProSyst Softoware mBS SDK is a software development kit for OSGi application development by German ProSyst Softoware company. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.34

sources: NVD: CVE-2019-11602 // JVNDB: JVNDB-2019-008442 // CNNVD: CNNVD-201908-1730 // VULHUB: VHN-143265 // VULMON: CVE-2019-11602

AFFECTED PRODUCTS

vendor:	bosch	model:	prosyst mbs sdk	scope:	lt	version:	8.2.6	Trust: 1.0
vendor:	bosch	model:	iot gateway software	scope:	lt	version:	9.2.0	Trust: 1.0
vendor:	robert bosch	model:	iot gateway software	scope:	eq	version:	9.2.0	Trust: 0.8
vendor:	robert bosch	model:	prosyst mbs sdk	scope:	eq	version:	8.2.6	Trust: 0.8

sources: JVNDB: JVNDB-2019-008442 // NVD: CVE-2019-11602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11602
value:	MEDIUM
Trust: 1.0
cve@mitre.org:	CVE-2019-11602
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11602
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-1730
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143265
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-11602
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11602
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-143265
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11602
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-143265 // VULMON: CVE-2019-11602 // JVNDB: JVNDB-2019-008442 // CNNVD: CNNVD-201908-1730 // NVD: CVE-2019-11602 // NVD: CVE-2019-11602

PROBLEMTYPE DATA

problemtype:	CWE-209	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-143265 // JVNDB: JVNDB-2019-008442 // NVD: CVE-2019-11602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1730

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1730

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008442

PATCH

title:	BOSCH-SA-562575	url:	https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html	Trust: 0.8
title:	ProSyst Softoware mBS SDK and Bosch IoT Gateway Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97318	Trust: 0.6

sources: JVNDB: JVNDB-2019-008442 // CNNVD: CNNVD-201908-1730

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11602	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-008442	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1730	Trust: 0.7
db:	VULHUB	id:	VHN-143265	Trust: 0.1
db:	VULMON	id:	CVE-2019-11602	Trust: 0.1

sources: VULHUB: VHN-143265 // VULMON: CVE-2019-11602 // JVNDB: JVNDB-2019-008442 // CNNVD: CNNVD-201908-1730 // NVD: CVE-2019-11602

REFERENCES

url:	https://psirt.bosch.com/advisory/bosch-sa-562575.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11602	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11602	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/209.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-143265 // VULMON: CVE-2019-11602 // JVNDB: JVNDB-2019-008442 // CNNVD: CNNVD-201908-1730 // NVD: CVE-2019-11602

SOURCES

db:	VULHUB	id:	VHN-143265
db:	VULMON	id:	CVE-2019-11602
db:	JVNDB	id:	JVNDB-2019-008442
db:	CNNVD	id:	CNNVD-201908-1730
db:	NVD	id:	CVE-2019-11602

LAST UPDATE DATE

2024-11-23T22:41:21.352000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-143265	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-11602	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008442	date:	2019-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201908-1730	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-11602	date:	2024-11-21T04:21:25.780

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-143265	date:	2019-08-21T00:00:00
db:	VULMON	id:	CVE-2019-11602	date:	2019-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-008442	date:	2019-08-30T00:00:00
db:	CNNVD	id:	CNNVD-201908-1730	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-11602	date:	2019-08-21T20:15:12.507