Lucene search

[email protected]NVD:CVE-2023-48257

HistoryJan 10, 2024 - 1:15 p.m.

CVE-2023-48257

2024-01-1013:15:46

CWE-1391

CWE-287

[email protected]

web.nvd.nist.gov

vulnerability

remote access

sensitive data

rce

root privileges

authenticated users

unauthenticated users

http requests

imported packages

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

Affected configurations

Nvd

Node

boschnexo-osRange1000–1500-sp2

AND

boschnexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)Match-

boschnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)Match-

boschnexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)Match-

boschnexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)Match-

boschnexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)Match-

boschnexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)Match-

boschnexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)Match-

boschnexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)Match-

boschnexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)Match-

boschnexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)Match-

boschnexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)Match-

boschnexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)Match-

boschnexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)Match-

boschnexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2272\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2301\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2514\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2515\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2666\)Match-

boschnexo_special_cordless_nutrunner_\(0608pe2673\)Match-

VendorProductVersionCPE
boschnexo-os*cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:*:*:*:*:*:*:*
boschnexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)-cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bosch	nexo-os	*	cpe:2.3:o:bosch:nexo-os::::::::
bosch	nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:::::::*
bosch	nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)	-	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:::::::*

Rows per page:

1-10 of 211

References

psirt.bosch.com/security-advisories/BOSCH-SA-711465.html

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for NVD:CVE-2023-48257

cvelist1 prion1 cve1