CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html	Vendor Advisory
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:bosch:nexo-os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\):-:::::::*
	cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2272\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2301\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2514\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2515\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2666\):-:::::::*
	cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_\(0608pe2673\):-:::::::*

History

21 Nov 2024, 08:31

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.1
References	~~() https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html - Vendor Advisory~~	() https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html - Vendor Advisory

16 Jan 2024, 20:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-10 13:15

Updated : 2024-11-21 08:31

NVD link : CVE-2023-48265

Mitre link : CVE-2023-48265

CVE.ORG link : CVE-2023-48265

JSON object : View

Products Affected

bosch

nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\)
nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\)
nexo_cordless_nutrunner_nxa065s-36v_\(0608842013\)
nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\)
nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\)
nexo_cordless_nutrunner_nxp012qd-36v-b_\(0608842010\)
nexo_special_cordless_nutrunner_\(0608pe2673\)
nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\)
nexo_special_cordless_nutrunner_\(0608pe2272\)
nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\)
nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\)
nexo-os
nexo_special_cordless_nutrunner_\(0608pe2301\)
nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\)
nexo_special_cordless_nutrunner_\(0608pe2515\)
nexo_cordless_nutrunner_nxv012t-36v_\(0608842015\)
nexo_special_cordless_nutrunner_\(0608pe2666\)
nexo_special_cordless_nutrunner_\(0608pe2514\)
nexo_cordless_nutrunner_nxp012qd-36v_\(0608842005\)
nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\)
nexo_cordless_nutrunner_nxv012t-36v-b_\(0608842016\)

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

8.1 /10