CVE-2013-3694

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.

BlackBerry Link anterior a la versión 1.2.1.31 en Windows y anterior a 1.1.1 build 39 en Mac OS X no requiere autenticación para carpetas file-access remotas, lo que permite a atacantes remotos leer o crear archivos arbitrarios a través de peticiones IPv6 WebDAV, tal y como se demostró mediante un ataque de CSRF que involucraba la reconsolidación de DNS.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-05-30 CVE Reserved
2013-11-16 CVE Published
2024-09-17 CVE Updated
2024-09-17 EPSS Updated
2024-09-17 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-352: Cross-Site Request Forgery (CSRF)

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
http://blog.cmpxchg8b.com/2013/11/qnx.html	2024-09-17

URL	Date	SRC

URL	Date	SRC
http://www.blackberry.com/btsc/KB35315	2013-11-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	<= 1.1.1.26 Search vendor "Blackberry" for product "Blackberry Link" and version " <= 1.1.1.26"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	1.0.1.12 Search vendor "Blackberry" for product "Blackberry Link" and version "1.0.1.12"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	<= 1.2.0.28 Search vendor "Blackberry" for product "Blackberry Link" and version " <= 1.2.0.28"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	1.0.1.12 Search vendor "Blackberry" for product "Blackberry Link" and version "1.0.1.12"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	1.1.1.26 Search vendor "Blackberry" for product "Blackberry Link" and version "1.1.1.26"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	1.1.1.41 Search vendor "Blackberry" for product "Blackberry Link" and version "1.1.1.41"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe
Blackberry Search vendor "Blackberry"	Blackberry Link Search vendor "Blackberry" for product "Blackberry Link"	1.2.0.12 Search vendor "Blackberry" for product "Blackberry Link" and version "1.2.0.12"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	*	-	Safe