Detections
Analytics

BlackBerry 10 OS Privilege Escalation

medium Nessus Plugin ID 68963

Language:

Synopsis

The BlackBerry 10 device is affected by a privilege escalation vulnerability.

Description

A privilege escalation vulnerability exists in Blackberry 10 devices that could allow a malicious app to take advantage of weak permissions in order to do the following :

 - Gain the device password if a remote password reset command is sent through the BlackBerry Protect website.

 - Intercept and prevent BlackBerry Protect commands.

Solution

BlackBerry has released an OS update that addresses this issue.

See Also

https://salesforce.services.blackberry.com/kbredirect/KB34458

Plugin Details

Severity: Medium

ID: 68963

File Name: blackberry_10_0_10_648.nbin

Version: 1.91

Type: local

Published: 7/18/2013

Updated: 4/8/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Required KB Items: mdm/dependency/unlocked

Exploit Ease: No known exploits are available

Patch Publication Date: 6/11/2013

Vulnerability Publication Date: 6/11/2013

Reference Information

CVE: CVE-2013-3692

BID: 60544

IAVB: 2013-B-0068