CVE-2019-11891: Incorrect privilege assignment in the app pairing mechanism of the Bosch Smart Home Controller (SHC)
First published: Wed May 29 2019(Updated: )
A potential incorrect privilege assignment vulnerability exists in the app pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in elevated privileges of the adversary's choosing. In order to exploit the vulnerability, the adversary needs physical access to the SHC during the attack.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Smart Home Controller Firmware | <9.8.905 | |
| Bosch Smart Home Controller Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-11891?
CVE-2019-11891 is considered a high-severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2019-11891?
To address CVE-2019-11891, update your Bosch Smart Home Controller Firmware to version 9.8.905 or later.
Who is affected by CVE-2019-11891?
CVE-2019-11891 affects users of the Bosch Smart Home Controller with firmware versions prior to 9.8.905.
What could an attacker do with CVE-2019-11891?
An attacker exploiting CVE-2019-11891 could gain elevated privileges on the Bosch Smart Home Controller.
What is the app pairing mechanism in relation to CVE-2019-11891?
The app pairing mechanism in the Bosch Smart Home Controller is vulnerable due to incorrect privilege assignments, as noted in CVE-2019-11891.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bosch
- canonical/bosch smart home controller firmware