CVE-2019-11896 Information

Description

A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability the adversary needs to have successfully paired an app which requires user interaction.

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.1