CVE-2019-11893 MEDIUM

CVE-2019-11893: Incorrect privilege assignment in the app permission update API of the Bosch Smart Home Controller (SHC)

Vendor Bosch
Product Smart Home Controller
Weakness CWE-266
Published May 29, 2019
Last update September 16, 2024

CVSS base score

5.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.

Key dates

02Disclosure timeline

May 29, 2019 CVE published
September 16, 2024 Record updated