CVE-2022-32536

Description

The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights.

Related CPE's

oboschpra-es8p2s_firmware********

hboschpra-es8p2s-*******

References

https://psirt.bosch.com/security-advisories/BOSCH-SA-247052-BT.html

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

9

VectorString

AV:N/AC:L/Au:S/C:C/I:C/A:C

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE

Created by Yello
About Severity.io