CVE-2019-11893
HIGHBosch Smart Home Controller <9.8.905 - Privilege Escalation
Title source: llmDescription
A potential incorrect privilege assignment vulnerability exists in the app permission update API of the Bosch Smart Home Controller (SHC) before 9.8.905 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app with restricted permissions, which required user interaction.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://psirt.bosch.com/Advisory/BOSCH-SA-662084.html
Scores
CVSS v3
8.0
EPSS
0.0045
EPSS Percentile
35.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-266
CWE-269
Status
published
Products (1)
bosch/smart_home_controller_firmware
< 9.8.905
Published
May 29, 2019
Tracked Since
Feb 18, 2026