CVE-2019-11602 - Vulnerability Details - OpenCVE

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.002.

Key SSVC decision points have not yet been added.

Vendors	Products
Bosch	Iot Gateway Software Prosyst Mbs Sdk

Configuration 1 [-]

OR	cpe:2.3:a:bosch:iot_gateway_software::::::::
	cpe:2.3:a:bosch:prosyst_mbs_sdk::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-3272	Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-21T19:21:38.452272Z

Updated: 2024-09-17T00:56:40.970Z

Reserved: 2019-04-30T00:00:00

Link: CVE-2019-11602

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-21T20:15:12.507

Modified: 2024-11-21T04:21:25.780

Link: CVE-2019-11602

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "credits": [{"lang": "en", "value": "Philip Kazmeier"}], "datePublic": "2019-08-19T00:00:00", "descriptions": [{"lang": "en", "value": "Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T19:21:38", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}], "source": {"advisory": "BOSCH-SA-562575", "discovery": "EXTERNAL"}, "title": "Leakage of stack traces in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2019-08-19T00:00:00.000Z", "ID": "CVE-2019-11602", "STATE": "PUBLIC", "TITLE": "Leakage of stack traces in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Philip Kazmeier"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html", "refsource": "CONFIRM", "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}]}, "source": {"advisory": "BOSCH-SA-562575", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:41.050Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11602", "datePublished": "2019-08-21T19:21:38.452272Z", "dateReserved": "2019-04-30T00:00:00", "dateUpdated": "2024-09-17T00:56:40.970Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bosch:iot_gateway_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "B46C18AD-AD99-4DEC-9540-DEAB9CA2AB18", "versionEndExcluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bosch:prosyst_mbs_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "F04B3C5D-FCB9-48F5-BFA0-3673BCF23D8D", "versionEndExcluding": "8.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the file system structure."}, {"lang": "es", "value": "La fuga de los trazas de pila en el acceso remoto a backup & restore en versiones anteriores a ProSyst mBS SDK versi\u00f3n 8.2.6 y Bosch IoT Gateway Software versi\u00f3n 9.2.0, permite a atacantes remotos recopilar informaci\u00f3n sobre la estructura del sistema de archivos."}], "id": "CVE-2019-11602", "lastModified": "2024-11-21T04:21:25.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T20:15:12.507", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}