BlackBerry 10.x < 10.2.0.1055 'qconnDoor' Buffer Overflow
High Nessus Network Monitor Plugin ID 8217
SynopsisThe BlackBerry mobile device is vulnerable to a buffer overflow.
DescriptionVersions of BlackBerry 10.x earlier than 10.2.0.1055 are affected by a buffer overflow vulnerability in the 'qconnDoor' service. An attacker could leverage this for denial of service attacks and possibly arbitrary code execution. A successful attack requires having turned on developer mode once during the phone's runtime (and notably, can still be exploited even after the mode has been shut off).
SolutionUpgrade the BlackBerry to 10.2.0.1055, or later. Refer to the vendor's advisory for mitigation involving the development mode, Wi-Fi and safely using USB functionality.