CVE-2023-48265 — HIGH (8.1)

Q: What is CVE-2023-48265?

CVE-2023-48265 is a vulnerability with a CVSS score of 8.1 (HIGH). The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

Q: How severe is CVE-2023-48265?

CVE-2023-48265 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-48265?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).

Vulnerability Description

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bosch	Nexo-Os	>= 1000, <= 1500-sp2
Bosch	Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\)	-
Bosch	Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\)	-
Bosch	Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V-B \(0608842007\)	-
Bosch	Nexo Cordless Nutrunner Nxa030S-36V \(0608842002\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V-B \(0608842008\)	-
Bosch	Nexo Cordless Nutrunner Nxa050S-36V \(0608842003\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V-B \(0608842014\)	-
Bosch	Nexo Cordless Nutrunner Nxa065S-36V \(0608842013\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V-B \(0608842010\)	-
Bosch	Nexo Cordless Nutrunner Nxp012Qd-36V \(0608842005\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V-B \(0608842016\)	-
Bosch	Nexo Cordless Nutrunner Nxv012T-36V \(0608842015\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2272\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2301\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2514\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2515\)	-
Bosch	Nexo Special Cordless Nutrunner \(0608Pe2666\)	-

Related Weaknesses (CWE)

CWE-121 CWE-787

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.htmlVendor Advisory

FAQ

What is CVE-2023-48265?

CVE-2023-48265 is a vulnerability with a CVSS score of 8.1 (HIGH). The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

How severe is CVE-2023-48265?

CVE-2023-48265 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-48265?

Check the references section above for vendor advisories and patch information. Affected products include: Bosch Nexo-Os, Bosch Nexo Cordless Nutrunner Nxa011S-36V-B \(0608842012\), Bosch Nexo Cordless Nutrunner Nxa011S-36V \(0608842011\), Bosch Nexo Cordless Nutrunner Nxa015S-36V-B \(0608842006\), Bosch Nexo Cordless Nutrunner Nxa015S-36V \(0608842001\).