CVE-2019-11891 Vulnerability Details

  /     /     /  

CVE-2019-11891 Metadata Quick Info

CVE Published: 29/05/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: bosch | Vendor: Bosch | Product: Smart Home Controller
Status : PUBLISHED

---

CVE-2019-11891 Description

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary\'s choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-266
CWE Name: CWE-266 Incorrect Privilege Assignment
Source: Bosch

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).