CVE-2023-48248 — MEDIUM (5.5)

Q: How severe is CVE-2023-48248?

CVE-2023-48248 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48248?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).

Vulnerability Description

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Bosch	Nexo-Os	>= 1000, <= 1500-sp2
Bosch	Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\)	-
Bosch	Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V-B \(0608842007\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V \(0608842002\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V-B \(0608842008\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V \(0608842003\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V-B \(0608842014\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V \(0608842013\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V-B \(0608842010\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V \(0608842005\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V-B \(0608842016\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V \(0608842015\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2272\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2301\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2514\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2515\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2666\)	-

Related Weaknesses (CWE)

CWE-79

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory

FAQ

What is CVE-2023-48248?

CVE-2023-48248 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via ...

How severe is CVE-2023-48248?

CVE-2023-48248 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48248?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).