{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T01:28:34.027","vulnerabilities":[{"cve":{"id":"CVE-2019-11893","sourceIdentifier":"psirt@bosch.com","published":"2019-05-29T20:29:00.297","lastModified":"2024-11-21T04:21:58.410","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction."},{"lang":"es","value":"Existe una vulnerabilidad potencial de asignación de privilegios inapropiada en la API de actualización de permisos de aplicación del Smart Home Controller (SHC) de Bosch anteriores de la 9.8.905, que puede conllevar a una aplicación restringida obtenga los permisos por defecto de la aplicación. Para aprovechar la vulnerabilidad, el adversario necesita haber emparejado con éxito una aplicación con permisos restringidos, que requiere la interacción del usuario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV30":[{"source":"psirt@bosch.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:S/C:P/I:P/A:P","baseScore":4.9,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@bosch.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bosch:smart_home_controller_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"9.8.905","matchCriteriaId":"208D1A1D-4982-457F-A29B-0BE857355DC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:bosch:smart_home_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"83665608-FC8C-4C92-9DAD-A025433DDD33"}]}]}],"references":[{"url":"https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html","source":"psirt@bosch.com","tags":["Vendor Advisory"]},{"url":"https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}