CVE-2019-11897 - OpenCVE

A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bosch	Iot Gateway Software Prosyst Mbs Sdk

Configuration 1 [-]

OR	cpe:2.3:a:bosch:iot_gateway_software::::::::
	cpe:2.3:a:bosch:prosyst_mbs_sdk::::::::

References

Link	Resource
https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: bosch

Published: 2019-08-19T00:00:00

Updated: 2019-08-21T17:09:52

Reserved: 2019-05-13T00:00:00

Link: CVE-2019-11897

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-21T18:15:13.273

Modified: 2019-10-09T23:45:39.230

Link: CVE-2019-11897

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"containers": {"cna": {"affected": [{"product": "IoT Gateway Software", "vendor": "Bosch", "versions": [{"lessThan": "9.3.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "mBS SDK", "vendor": "ProSyst", "versions": [{"lessThan": "8.2.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Philip Kazmeier"}], "datePublic": "2019-08-19T00:00:00", "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T17:09:52", "orgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "shortName": "bosch"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}], "source": {"advisory": "BOSCH-SA-562575", "discovery": "EXTERNAL"}, "title": "Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@bosch.com", "DATE_PUBLIC": "2019-08-19T00:00:00.000Z", "ID": "CVE-2019-11897", "STATE": "PUBLIC", "TITLE": "Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IoT Gateway Software", "version": {"version_data": [{"version_affected": "<", "version_value": "9.3.0"}]}}]}, "vendor_name": "Bosch"}, {"product": {"product_data": [{"product_name": "mBS SDK", "version": {"version_data": [{"version_affected": "<", "version_value": "8.2.6"}]}}]}, "vendor_name": "ProSyst"}]}}, "credit": [{"lang": "eng", "value": "Philip Kazmeier"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html", "refsource": "CONFIRM", "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}]}, "source": {"advisory": "BOSCH-SA-562575", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c95f66b2-7e7c-41c5-8f09-6f86ec68659c", "assignerShortName": "bosch", "cveId": "CVE-2019-11897", "datePublished": "2019-08-19T00:00:00", "dateReserved": "2019-05-13T00:00:00", "dateUpdated": "2019-08-21T17:09:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bosch:iot_gateway_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A0D18DA-8DAE-4EF4-BD80-CA327C872487", "versionEndExcluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:bosch:prosyst_mbs_sdk:*:*:*:*:*:*:*:*", "matchCriteriaId": "F04B3C5D-FCB9-48F5-BFA0-3673BCF23D8D", "versionEndExcluding": "8.2.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to read sensitive zip files from the local server."}, {"lang": "es", "value": "Una vulnerabilidad de falsificaci\u00f3n de solicitudes del lado del servidor (SSRF) en la funcionalidad de copia de seguridad y restauraci\u00f3n en versiones anteriores que ProSyst mBS SDK versi\u00f3n 8.2.6 y Bosch IoT Gateway Software 9.3.0 permite a un atacante remoto falsificar solicitudes GET a URL arbitrarias. Adem\u00e1s, esto podr\u00eda permitir que un atacante lea archivos zip confidenciales del servidor local."}], "id": "CVE-2019-11897", "lastModified": "2019-10-09T23:45:39.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@bosch.com", "type": "Secondary"}]}, "published": "2019-08-21T18:15:13.273", "references": [{"source": "psirt@bosch.com", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/Advisory/BOSCH-SA-562575.html"}], "sourceIdentifier": "psirt@bosch.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "psirt@bosch.com", "type": "Secondary"}]}