CVE-2019-11896
5.5
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Bosch | Smart Home Controller | unspecified < 9.8.907 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.