BlackBerry 10.x < 10.2.1.1925 File Sharing over Wi-Fi Authentication Bypass

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The version of BlackBerry 10 OS is affected by an authentication
bypass vulnerability.

Description :

According to its version number, the BlackBerry 10 OS installed on the
mobile device is prior to 10.2.1.1925. It is, therefore, affected by
an authentication bypass vulnerability related to file sharing over
Wi-Fi. An attacker on an adjacent network could exploit this to read
or modify data on the device.

Note that file sharing over Wi-Fi is not enabled by default and must
be enabled for the device to be affected.

See also :

http://www.securityfocus.com/archive/1/533118/30/0/threaded
http://www.blackberry.com/btsc/KB36174

Solution :

Upgrade to BlackBerry 10.2.1.1925 or later. Otherwise, refer to the
vendor's advisory for mitigation steps involving disabling or
restricting file sharing.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mobile Devices

Nessus Plugin ID: 77247 ()

Bugtraq ID: 69207

CVE ID: CVE-2014-2388

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now