CVE-2019-7728 - OpenCVE

An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Bosch	Smart Camera

Configuration 1 [-]

cpe:2.3:a:bosch:smart_camera:*:*:*:*:*:android:*:*

References

Link	Resource
https://psirt.bosch.com/Advisory/BOSCH-2019-0202.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-02-22T13:00:00

Updated: 2019-02-22T13:57:01

Reserved: 2019-02-11T00:00:00

Link: CVE-2019-7728

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-02-22T13:29:00.277

Modified: 2019-02-22T16:10:11.943

Link: CVE-2019-7728

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bosch:smart_camera:*:*:*:*:*:android:*:*", "matchCriteriaId": "19F999C8-B3FE-4FC4-85DB-C16AECC861B7", "versionEndExcluding": "1.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.)"}, {"lang": "es", "value": "Se ha descubierto un error en versiones anteriores a la 1.3.1 de la aplicaci\u00f3n Bosch Smart Camera para Android. Debido a las comprobaciones de certificados TLS implementadas de forma inadecuada, un actor malicioso podr\u00eda tener \u00e9xito a la hora de ejecutar un ataque Man-in-the-Middle para algunas conexiones. (La aplicaci\u00f3n Bosch Smart Home no se ha visto afectada, as\u00ed como las aplicaciones de iOS)."}], "id": "CVE-2019-7728", "lastModified": "2019-02-22T16:10:11.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-22T13:29:00.277", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://psirt.bosch.com/Advisory/BOSCH-2019-0202.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}