Lucene search

[email protected]CVE-2019-11603

HistoryAug 21, 2019 - 8:15 p.m.

CVE-2019-11603

2019-08-2120:15:12

CWE-22

[email protected]

web.nvd.nist.gov

cve-2019-11603

http traversal attack

prosyst mbs sdk

bosch iot gateway

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

A HTTP Traversal Attack in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.0.2 allows remote attackers to read files outside the http root.

Affected configurations

NVD

Node

boschiot_gateway_softwareRange<9.0.2

boschprosyst_mbs_sdkRange<8.2.6

CPENameOperatorVersion
bosch:iot_gateway_softwarebosch iot gateway softwarelt9.0.2
bosch:prosyst_mbs_sdkbosch prosyst mbs sdklt8.2.6

CPE	Name	Operator	Version
bosch:iot_gateway_software	bosch iot gateway software	lt	9.0.2
bosch:prosyst_mbs_sdk	bosch prosyst mbs sdk	lt	8.2.6

References

psirt.bosch.com/Advisory/BOSCH-SA-562575.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2019-11603

prion1 nvd1 cvelist1