BlackBerry 10.x < 10.2.1.1925 File Sharing over Wi-Fi Authentication Bypass

Medium Nessus Plugin ID 77247

Synopsis

The version of BlackBerry 10 OS is affected by an authentication bypass vulnerability.

Description

According to its version number, the BlackBerry 10 OS installed on the mobile device is prior to 10.2.1.1925. It is, therefore, affected by an authentication bypass vulnerability related to file sharing over Wi-Fi. An attacker on an adjacent network could exploit this to read or modify data on the device.

Note that file sharing over Wi-Fi is not enabled by default and must be enabled for the device to be affected.

Solution

Upgrade to BlackBerry 10.2.1.1925 or later. Otherwise, refer to the vendor's advisory for mitigation steps involving disabling or restricting file sharing.

See Also

https://www.securityfocus.com/archive/1/533118/30/0/threaded

https://salesforce.services.blackberry.com/kbredirect/KB36174

Plugin Details

Severity: Medium

ID: 77247

File Name: blackberry_10_2_1_1925.nbin

Version: 1.48

Type: local

Published: 2014/08/19

Modified: 2018/12/14

Dependencies: 60033

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:blackberry:blackberry_os

Required KB Items: mdm/dependency/unlocked

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/01/28

Vulnerability Publication Date: 2014/08/12

Reference Information

CVE: CVE-2014-2388

BID: 69207

IAVB: 2014-B-0112