Vulnerability Details CVE-2023-48249
The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to steal session cookies of other active users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.1%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-48249
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v-b_(0608842012):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa011s-36v_(0608842011):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v-b_(0608842006):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa015s-36v_(0608842001):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v-b_(0608842007):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa030s-36v_(0608842002):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v-b_(0608842008):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa050s-36v_(0608842003):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v-b_(0608842014):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxa065s-36v_(0608842013):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v-b_(0608842010):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxp012qd-36v_(0608842005):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v-b_(0608842016):-
-
cpe:2.3:h:bosch:nexo_cordless_nutrunner_nxv012t-36v_(0608842015):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2272):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2301):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2514):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2515):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2666):-
-
cpe:2.3:h:bosch:nexo_special_cordless_nutrunner_(0608pe2673):-
-
cpe:2.3:o:bosch:nexo-os:1000
-
cpe:2.3:o:bosch:nexo-os:1500-sp2