CVE-2019-11891 — HIGH (8.0)

Q: How severe is CVE-2019-11891?

CVE-2019-11891 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11891?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Smart Home Controller Firmware, Bosch Smart Home Controller.

Vulnerability Description

A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosch	Smart Home Controller Firmware	< 9.8.905
Bosch	Smart Home Controller	-

Related Weaknesses (CWE)

CWE-266 CWE-269

References

https://psirt.bosch.com/Advisory/BOSCH-SA-662084.htmlVendor Advisory
https://psirt.bosch.com/Advisory/BOSCH-SA-662084.htmlVendor Advisory

FAQ

What is CVE-2019-11891?

CVE-2019-11891 is a vulnerability with a CVSS score of 8.0 (HIGH). A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adver...

How severe is CVE-2019-11891?

CVE-2019-11891 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11891?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Smart Home Controller Firmware, Bosch Smart Home Controller.