{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48257", "assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "state": "PUBLISHED", "assignerShortName": "bosch", "dateReserved": "2023-11-13T13:44:23.705Z", "datePublished": "2024-01-10T13:04:36.606Z", "dateUpdated": "2024-08-02T21:23:39.464Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch", "dateUpdated": "2024-01-10T13:04:36.606Z"}, "descriptions": [{"lang": "en", "value": "The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request."}], "affected": [{"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA015S-36V (0608842001)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA030S-36V (0608842002)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA050S-36V (0608842003)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXP012QD-36V (0608842005)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA015S-36V-B (0608842006)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA030S-36V-B (0608842007)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA050S-36V-B (0608842008)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXP012QD-36V-B (0608842010)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA011S-36V (0608842011)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA011S-36V-B (0608842012)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA065S-36V (0608842013)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXA065S-36V-B (0608842014)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXV012T-36V (0608842015)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo cordless nutrunner NXV012T-36V-B (0608842016)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2272)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2301)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2514)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2515)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2666)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}, {"vendor": "Rexroth", "product": "Nexo special cordless nutrunner (0608PE2673)", "versions": [{"version": "NEXO-OS V1000-Release", "status": "affected", "versionType": "custom", "lessThanOrEqual": "NEXO-OS V1500-SP2"}]}], "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "n/a", "cweId": "CWE-1391"}]}], "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:23:39.464Z"}, "title": "CVE Program Container", "references": [{"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html", "tags": ["vendor-advisory", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*", "matchCriteriaId": "73D9F18A-94BD-4EC8-A39A-0A6E8E4315D8", "versionEndIncluding": "1500-sp2", "versionStartIncluding": "1000", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\\(0608842012\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "5DC8C39A-F26D-4A5E-A502-5AA26651FD95", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\\(0608842011\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "871F225C-EE0D-409E-98FF-CF8B2C83E877", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\\(0608842006\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "D77B7A94-EB41-442E-9930-3372EFF0C469", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\\(0608842001\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "6CF63477-0CE7-446C-9872-C186AB55ADEF", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\\(0608842007\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "8703D886-1E08-40B1-9666-3D585A3CB52F", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\\(0608842002\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "43D5973C-E4B3-4111-A710-FE48CFE5C1A5", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\\(0608842008\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "EA7D4812-024D-432B-A526-0858427ED545", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\\(0608842003\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "1614F6BA-E265-4344-A5B4-6DD0D3EC0BCF", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\\(0608842014\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "206B990F-9ACD-408D-93BB-F43F25686862", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\\(0608842013\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E092DE8F-DB60-4D77-BCE5-8820B6190856", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\\(0608842010\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "94D48DD5-DF3B-4D74-B8D8-E1E0468DE2DC", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\\(0608842005\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "63746CB7-DBDF-4705-A771-CE9581742980", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\\(0608842016\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "2F974170-84B6-49FF-9988-7EFDA5964E1A", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\\(0608842015\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "87D757FC-2CBA-419F-84E8-518CBEB98646", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2272\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "3E3E3820-FF4C-4B75-9541-B807EF52E661", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2301\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "9B1B2908-2C42-4E6B-9953-30B2BE2E63F4", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2514\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "6A09E202-1E38-433B-A039-F7B62C275E40", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2515\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "206E809F-D1CA-437C-9C78-76E39F7A8D69", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2666\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "7BF33E7B-B131-4A7C-8C4F-47906B8AEFC8", "vulnerable": false}, {"criteria": "cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\\(0608pe2673\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E14B2068-DEEE-4C3F-9FCE-108A3F5E83DB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request."}, {"lang": "es", "value": "La vulnerabilidad permite a un atacante remoto acceder a datos confidenciales dentro de paquetes exportados u obtener hasta ejecuci\u00f3n remota de c\u00f3digo (RCE) con privilegios de root en el dispositivo. La vulnerabilidad puede ser explotada directamente por usuarios autenticados, a trav\u00e9s de solicitudes HTTP manipuladas, o indirectamente por usuarios no autenticados, accediendo a paquetes de respaldo ya exportados o creando un paquete de importaci\u00f3n e induciendo a una v\u00edctima autenticada a enviar la solicitud de carga HTTP."}], "id": "CVE-2023-48257", "lastModified": "2024-11-21T08:31:20.490", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@bosch.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-10T13:15:46.590", "references": [{"source": "psirt@bosch.com", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1391"}], "source": "psirt@bosch.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}