First published: Wed Jan 10 2024(Updated: )
The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log.
Credit: psirt@bosch.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Bosch Nexo-os | >=1000<=1500-sp2 | |
Any of | ||
Bosch Nexo Cordless Nutrunner Nxa011s-36v-b (0608842012) | ||
Bosch Nexo Cordless Nutrunner Nxa011s-36v | ||
Bosch Nexo Cordless Nutrunner Nxa015s-36v-b | ||
Bosch Nexo Cordless Nutrunner Nxa015s-36v | ||
Bosch Nexo Cordless Nutrunner Nxa030s-36v-b (0608842007) | ||
Bosch Nexo Cordless Nutrunner Nxa030s-36v | ||
Bosch Nexo Cordless Nutrunner Nxa050s-36v-b | ||
Bosch Nexo Cordless Nutrunner Nxa050s-36v | ||
Bosch Nexo Cordless Nutrunner Nxa065s-36v-b | ||
Bosch Nexo Cordless Nutrunner Nxa065s-36v | ||
Bosch Nexo Cordless Nutrunner Nxp012qd-36v-b | ||
Bosch Nexo Cordless Nutrunner Nxp012qd-36v | ||
Bosch Nexo Cordless Nutrunner Nxv012t-36v-b | ||
Bosch Nexo Cordless Nutrunner Nxv012t-36v (0608842015) | ||
Bosch Nexo Special Cordless Nutrunner | ||
Bosch Nexo Special Cordless Nutrunner | ||
Bosch Nexo Special Cordless Nutrunner | ||
Bosch Nexo Special Cordless Nutrunner | ||
Bosch Nexo Special Cordless Nutrunner (0608pe2666) | ||
Bosch Nexo Special Cordless Nutrunner |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-48255 is categorized as a critical vulnerability due to its potential for remote exploitation and execution of arbitrary script code.
To remediate CVE-2023-48255, users should update their Bosch Nexo OS to a version that addresses the vulnerability as specified in the vendor's security advisory.
An unauthenticated remote attacker can exploit CVE-2023-48255 by sending malicious network requests that trigger script code execution in the victim's session.
CVE-2023-48255 primarily affects Bosch Nexo OS versions between 1000 and 1500-sp2.
Yes, CVE-2023-48255 is considered easy to exploit, as it allows attackers to remotely execute code without prior authentication.