Lucene search

[email protected]CVE-2023-43488

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-43488

2023-10-2518:17:31

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-43488

vulnerability

adb

android

security

exploit

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

JSON

The vulnerability allows a low privileged (untrusted) application to
modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.

CPENameOperatorVersion
boschrexroth:ctrlx_hmi_web_panel_wr2107_firmwareboschrexroth ctrlx hmi web panel wr2107 firmwareeq*

CPE	Name	Operator	Version
boschrexroth:ctrlx_hmi_web_panel_wr2107_firmware	boschrexroth ctrlx hmi web panel wr2107 firmware	eq	*

References

psirt.bosch.com/security-advisories/BOSCH-SA-175607.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for CVE-2023-43488

prion1 cvelist1