BlackBerry 10 OS Privilege Escalation

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The BlackBerry 10 device is affected by a privilege escalation
vulnerability.

Description :

A privilege escalation vulnerability exists in Blackberry 10 devices
that could allow a malicious app to take advantage of weak permissions
in order to do the following :

- Gain the device password if a remote password reset
command is sent through the BlackBerry Protect website.

- Intercept and prevent BlackBerry Protect commands.

See also :

http://www.blackberry.com/btsc/KB34458

Solution :

BlackBerry has released an OS update that addresses this issue.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 4.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mobile Devices

Nessus Plugin ID: 68963 ()

Bugtraq ID: 60544

CVE ID: CVE-2013-3692