Detections
Analytics
BlackBerry Enterprise Service Remote Code Execution (KB35139)
high Nessus Plugin ID 70498
Language:
Synopsis
The remote Windows host has an application that is affected by a remote code execution vulnerability.Description
According to its version, the BlackBerry Enterprise Service (BES) install on the remote host is older than 10.1.3. Such versions may be affected by a remote code execution vulnerability in its Universal Device Service (UDS) component because it does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface. A remote attacker within the adjacent network and with knowledge of the address of that component could leverage this issue to upload arbitrary packages via a request to port 1098 and then execute code as the BES or UDS administration service account.There are multiple workarounds detailed in the BlackBerry advisory if updating BlackBerry Enterprise Service as a whole is not possible. If any of these workarounds have been applied, this finding may be a false positive.
Solution
Update to BlackBerry Enterprise Service 10.1.3 or later or apply a workaround detailed in the advisory.See Also
https://salesforce.services.blackberry.com/kbredirect/KB35139
Plugin Details
Severity: High
ID: 70498
File Name: blackberry_es_10_1_3.nasl
Version: 1.4
Type: local
Agent: windows
Family: Windows
Published: 10/18/2013
Updated: 11/15/2018
Configuration: Enable paranoid mode
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.9
Temporal Score: 5.8
Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:blackberry:blackberry_enterprise_service
Required KB Items: SMB/Registry/Enumerated, BlackBerry_ES/Product, Settings/ParanoidReport
Exploit Ease: No known exploits are available
Patch Publication Date: 10/8/2013
Vulnerability Publication Date: 10/8/2013
Reference Information
CVE: CVE-2013-3693
BID: 62920
IAVB: 2013-B-0118