Improper access control in the JSON-RPC interface of the Bosch Smart Home Controller (SHC)
CVE-2019-11895

5.3MEDIUM

Key Information:

Vendor: Bosch
Status: Smart Home Controller
Vendor: CVE Published:; 29 May 2019

What is CVE-2019-11895?

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a successful denial of service of the SHC and connected sensors and actuators. In order to exploit the vulnerability, the adversary needs to have successfully paired an app or service, which requires user interaction.

Affected Version(s)

Smart Home Controller < 9.8.905

References

https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2019
Vulnerability Reserved
May 13, 2019

Credit

Philip Kazmeier

CVE-2019-11895 Data

JSON