Detections
Analytics

BlackBerry 10.x < 10.2.1.1925 File Sharing over Wi-Fi Authentication Bypass

medium Nessus Plugin ID 77247

Language:

Synopsis

The version of BlackBerry 10 OS is affected by an authentication bypass vulnerability.

Description

According to its version number, the BlackBerry 10 OS installed on the mobile device is prior to 10.2.1.1925. It is, therefore, affected by an authentication bypass vulnerability related to file sharing over Wi-Fi. An attacker on an adjacent network could exploit this to read or modify data on the device.

Note that file sharing over Wi-Fi is not enabled by default and must be enabled for the device to be affected.

Solution

Upgrade to BlackBerry 10.2.1.1925 or later. Otherwise, refer to the vendor's advisory for mitigation steps involving disabling or restricting file sharing.

See Also

https://www.securityfocus.com/archive/1/533118/30/0/threaded

https://salesforce.services.blackberry.com/kbredirect/KB36174

Plugin Details

Severity: Medium

ID: 77247

File Name: blackberry_10_2_1_1925.nbin

Version: 1.100

Type: local

Published: 8/19/2014

Updated: 9/4/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2014-2388

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2014

Vulnerability Publication Date: 8/12/2014

Reference Information

CVE: CVE-2014-2388

BID: 69207

IAVB: 2014-B-0112