Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-2388

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

Published

2014-08-18T11:15:25.667

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.1 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:C/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

6.5

Impact Score

6.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	blackberry	blackberry_os	≤ 10.1.0.2354	Yes
Hardware	blackberry	q10	-	Yes
Hardware	blackberry	q5	-	Yes
Hardware	blackberry	z10	-	Yes
Hardware	blackberry	z30	-	Yes

References

http://packetstormsecurity.com/files/127850 Exploit ([email protected])
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html ([email protected])
http://secunia.com/advisories/60156 ([email protected])
http://www.blackberry.com/btsc/KB36174 Vendor Advisory ([email protected])
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt Exploit ([email protected])
http://www.securityfocus.com/archive/1/533118/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/69217 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263 ([email protected])
http://packetstormsecurity.com/files/127850 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60156 (af854a3a-2127-422b-91ae-364da2661108)
http://www.blackberry.com/btsc/KB36174 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/533118/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/69217 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263 (af854a3a-2127-422b-91ae-364da2661108)