CVE-2022-32536: Privilege Escalation
First published: Wed Jun 22 2022(Updated: )
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.
Credit: psirt@bosch.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bosch Pra-es8p2s Firmware | <=1.01.05 | |
| Bosch Pra-es8p2s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2022-32536.
What is the title of this vulnerability?
The title of this vulnerability is 'The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 is insufficient.'
What is the severity of CVE-2022-32536?
The severity of CVE-2022-32536 is critical with a CVSS score of 8.8.
What is the affected software version of CVE-2022-32536?
The affected software version of CVE-2022-32536 is 1.01.05.
How can a non-administrator user exploit this vulnerability?
A non-administrator user can exploit this vulnerability by obtaining administrator user access rights.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/bosch
- canonical/bosch pra-es8p2s firmware
- version/bosch pra-es8p2s firmware/1.01.05
- canonical/bosch pra-es8p2s