CVE-2019-11895 MEDIUM

CVE-2019-11895: Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)

Vendor Bosch

Product Smart Home Controller

Weakness CWE-284

Published May 29, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Adjacent

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.

Key dates

02Disclosure timeline

May 29, 2019 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-11895 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2019-11895

CWE CWE-284

CVSS 5.3 / MEDIUM

Affected versions