Vulnerability Details CVE-2019-11896
A potential incorrect privilege assignment vulnerability exists in the 3rd party pairing mechanism of the Bosch Smart Home Controller (SHC) before 9.8.907 that may result in a restricted app obtaining default app permissions. In order to exploit the vulnerability, the adversary needs to have successfully paired an app, which requires user interaction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 6.8
References
Products affected by CVE-2019-11896
-
cpe:2.3:h:bosch:smart_home_controller:-
-
cpe:2.3:o:bosch:smart_home_controller_firmware:-
-
cpe:2.3:o:bosch:smart_home_controller_firmware:9.8.905