8.8
CVE-2023-48257
- EPSS 0.64%
- Veröffentlicht 10.01.2024 13:15:46
- Zuletzt bearbeitet 21.11.2024 08:31:20
- Quelle psirt@bosch.com
- CVE-Watchlists
- Unerledigt
LoginThe vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bosch ≫ Nexo-os Version >= 1000 <= 1500-sp2
Bosch ≫ Nexo Cordless Nutrunner Nxa011s-36v-b (0608842012) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa011s-36v (0608842011) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa015s-36v-b (0608842006) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa015s-36v (0608842001) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa030s-36v-b (0608842007) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa030s-36v (0608842002) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa050s-36v-b (0608842008) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa050s-36v (0608842003) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa065s-36v-b (0608842014) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa065s-36v (0608842013) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxp012qd-36v-b (0608842010) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxp012qd-36v (0608842005) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxv012t-36v-b (0608842016) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxv012t-36v (0608842015) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2272) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2301) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2514) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2515) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2666) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2673) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa011s-36v (0608842011) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa015s-36v-b (0608842006) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa015s-36v (0608842001) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa030s-36v-b (0608842007) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa030s-36v (0608842002) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa050s-36v-b (0608842008) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa050s-36v (0608842003) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa065s-36v-b (0608842014) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxa065s-36v (0608842013) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxp012qd-36v-b (0608842010) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxp012qd-36v (0608842005) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxv012t-36v-b (0608842016) Version-
Bosch ≫ Nexo Cordless Nutrunner Nxv012t-36v (0608842015) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2272) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2301) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2514) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2515) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2666) Version-
Bosch ≫ Nexo Special Cordless Nutrunner (0608pe2673) Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@bosch.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-1391 Use of Weak Credentials
The product uses weak credentials (such as a default key or hard-coded password) that can be calculated, derived, reused, or guessed by an attacker.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.