The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Jul 2022, 13:56
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
First Time |
Bosch pra-es8p2s
Bosch Bosch pra-es8p2s Firmware |
|
CPE | cpe:2.3:o:bosch:pra-es8p2s_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:bosch:pra-es8p2s:-:*:*:*:*:*:*:* |
|
CWE | CWE-269 |
23 Jun 2022, 17:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-23 17:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-32536
Mitre link : CVE-2022-32536
CVE.ORG link : CVE-2022-32536
JSON object : View
Products Affected
bosch
- pra-es8p2s_firmware
- pra-es8p2s
CWE
CWE-269
Improper Privilege Management