Lucene search
BoschCVELIST:CVE-2023-48253HistoryJan 10, 2024 - 1:02 p.m.
CVE-2023-48253
2024-01-1013:02:19
bosch
www.cve.org
2
vulnerability
remote attacker
read
update
authentication database
crafted http request
exfiltrate
password hashes
access accounts
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
29.7%
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request.
By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts.
CNA Affected
[
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA015S-36V (0608842001)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA030S-36V (0608842002)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA050S-36V (0608842003)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXP012QD-36V (0608842005)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA015S-36V-B (0608842006)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA030S-36V-B (0608842007)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA050S-36V-B (0608842008)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXP012QD-36V-B (0608842010)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA011S-36V (0608842011)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA011S-36V-B (0608842012)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA065S-36V (0608842013)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXA065S-36V-B (0608842014)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXV012T-36V (0608842015)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo cordless nutrunner NXV012T-36V-B (0608842016)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2272)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2301)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2514)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2515)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2666)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
},
{
"vendor": "Rexroth",
"product": "Nexo special cordless nutrunner (0608PE2673)",
"versions": [
{
"version": "NEXO-OS V1000-Release",
"status": "affected",
"versionType": "custom",
"lessThanOrEqual": "NEXO-OS V1500-SP2"
}
]
}
]Related
prion
prion
Authentication flaw
2024-01-10 13:15:00
nvd
nvd
CVE-2023-48253
2024-01-10 13:15:45
cve
cve
CVE-2023-48253
2024-01-10 13:15:45
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
29.7%
Related for CVELIST:CVE-2023-48253