Vulnerability Description
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
CVSS Score
4.8
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bosch | Pra-Es8P2S Firmware | <= 1.01.05 |
| Bosch | Pra-Es8P2S | - |
Related Weaknesses (CWE)
References
- https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.htmlVendor Advisory
- https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.htmlVendor Advisory
FAQ
What is CVE-2022-32535?
CVE-2022-32535 is a vulnerability with a CVSS score of 4.8 (MEDIUM). The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
How severe is CVE-2022-32535?
CVE-2022-32535 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32535?
Check the references section above for vendor advisories and patch information. Affected products include: Bosch Pra-Es8P2S Firmware, Bosch Pra-Es8P2S.