Vulnerability CVE-2014-2388


Published: 2014-08-18

Description:
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:A/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.1/10
6.9/10
6.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Blackberry -> Q10 
Blackberry -> Q5 
Blackberry -> Z10 
Blackberry -> Z30 
Blackberry -> Blackberry os 

 References:
http://packetstormsecurity.com/files/127850
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html
http://secunia.com/advisories/60156
http://www.blackberry.com/btsc/KB36174
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
http://www.securityfocus.com/archive/1/533118/100/0/threaded
http://www.securityfocus.com/bid/69217
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263

Copyright 2024, cxsecurity.com

 

Back to Top