The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.
By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device.
References
Link | Resource |
---|---|
https://psirt.bosch.com/security-advisories/BOSCH-SA-711465.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: bosch
Published: 2024-01-10T10:36:56.971Z
Updated: 2024-01-10T10:36:56.971Z
Reserved: 2023-11-13T13:44:23.702Z
Link: CVE-2023-48243
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-10T11:15:08.777
Modified: 2024-01-16T20:17:41.990
Link: CVE-2023-48243
JSON object: View
Redhat Information
No data.
CWE