The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to steal session cookies of other active users.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
16 Jan 2024, 19:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Bosch nexo Special Cordless Nutrunner \(0608pe2301\)
Bosch nexo Special Cordless Nutrunner \(0608pe2272\) Bosch nexo Cordless Nutrunner Nxp012qd-36v \(0608842005\) Bosch nexo Special Cordless Nutrunner \(0608pe2515\) Bosch nexo Cordless Nutrunner Nxv012t-36v \(0608842015\) Bosch nexo Cordless Nutrunner Nxa050s-36v \(0608842003\) Bosch nexo Special Cordless Nutrunner \(0608pe2514\) Bosch nexo Special Cordless Nutrunner \(0608pe2666\) Bosch nexo Cordless Nutrunner Nxv012t-36v-b \(0608842016\) Bosch nexo Cordless Nutrunner Nxa015s-36v \(0608842001\) Bosch nexo Cordless Nutrunner Nxa015s-36v-b \(0608842006\) Bosch nexo Special Cordless Nutrunner \(0608pe2673\) Bosch nexo Cordless Nutrunner Nxa065s-36v-b \(0608842014\) Bosch nexo Cordless Nutrunner Nxa050s-36v-b \(0608842008\) Bosch Bosch nexo Cordless Nutrunner Nxa030s-36v-b \(0608842007\) Bosch nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) Bosch nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\) Bosch nexo-os Bosch nexo Cordless Nutrunner Nxa030s-36v \(0608842002\) Bosch nexo Cordless Nutrunner Nxa065s-36v \(0608842013\) Bosch nexo Cordless Nutrunner Nxp012qd-36v-b \(0608842010\) |
|
CWE | CWE-22 | |
CPE | cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2673\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2301\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2666\):-:*:*:*:*:*:*:* cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2272\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2515\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2514\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:*:*:*:*:*:*:* cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:*:*:*:*:*:*:* |
10 Jan 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 11:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48249
Mitre link : CVE-2023-48249
CVE.ORG link : CVE-2023-48249
JSON object : View
Products Affected
bosch
- nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)
- nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)
- nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)
- nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)
- nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)
- nexo_special_cordless_nutrunner_\(0608pe2666\)
- nexo-os
- nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)
- nexo_special_cordless_nutrunner_\(0608pe2515\)
- nexo_special_cordless_nutrunner_\(0608pe2301\)
- nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)
- nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)
- nexo_special_cordless_nutrunner_\(0608pe2514\)
- nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)
- nexo_special_cordless_nutrunner_\(0608pe2272\)
- nexo_special_cordless_nutrunner_\(0608pe2673\)
- nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)
- nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)
- nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)
- nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)
- nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')