BlackBerry OS <= 7.1 Local Security Bypasses

high Nessus Plugin ID 81210

Synopsis

The BlackBerry device is affected by multiple security bypass vulnerabilities.

Description

BlackBerry devices that are Qualcomm-based and running BlackBerry OS prior to version 7.1 are vulnerable to multiple, local security bypass vulnerabilities.

A local attacker, with access to the USB port on the device, can load a modified kernel, make persistent changes between boots, access any data contained on the device, and access any hardware on the device (i.e. camera, microphone, etc.).

Solution

Contact the vendor regarding a patch.

As a workaround, ensure local access to the USB port is disabled.

See Also

https://salesforce.services.blackberry.com/kbredirect/KB36557

Plugin Details

Severity: High

ID: 81210

File Name: blackberry_qualcomm_bypass_check.nbin

Version: 1.87

Type: local

Published: 2/6/2015

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Required KB Items: mdm/dependency/unlocked

Vulnerability Publication Date: 12/26/2014

Reference Information

BID: 71893