[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

251782

 
 

909

 
 

196543

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-2388Date: (C)2014-08-19   (M)2023-12-22


The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.1
Exploit Score: 6.5
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/533118/100/0/threaded
SECUNIA-60156
BID-69217
blackberry-cve20141470-sec-bypass(95263)
blackberry-z10-cve20142388-sec-bypass(95262)
http://packetstormsecurity.com/files/127850
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html
http://www.blackberry.com/btsc/KB36174
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt

CPE    2
cpe:/h:blackberry:q10:-
cpe:/h:blackberry:z10:-
CWE    1
CWE-264

© SecPod Technologies