CVE-2014-2388

BlackBerry Z10 Authentication Bypass

Severity Score

6.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

El servicio de almacenamiento y acceso en BlackBerry OS 10.x anterior a 10.2.1.1925 en los dispositivos Q5, Q10, Z10, y Z30 no aplica el requisito de contraseñas para el acceso al sistema de ficheros SMB, lo que permite a atacantes dependientes de contexto leer ficheros arbitrarios a través de (1) una sesión por una red Wi-Fi o (2) una sesión por una conexión USB en modo de desarrollo.

BlackBerry Z10 suffers from a storage and access file-exchange authentication bypass vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 6.1

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-03-13 CVE Reserved
2014-08-13 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-08-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (9)

URL	Tag	Source
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html	X_refsource_misc
http://secunia.com/advisories/60156	Third Party Advisory
http://www.securityfocus.com/archive/1/533118/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/69217	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263	Vdb Entry

URL	Date	SRC
http://packetstormsecurity.com/files/127850	2024-08-06
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://www.blackberry.com/btsc/KB36174	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Blackberry Search vendor "Blackberry"	Blackberry Os Search vendor "Blackberry" for product "Blackberry Os"	<= 10.1.0.2354 Search vendor "Blackberry" for product "Blackberry Os" and version " <= 10.1.0.2354"	-	Affected	in	Blackberry Search vendor "Blackberry"	Q10 Search vendor "Blackberry" for product "Q10"	-	-	Affected
Blackberry Search vendor "Blackberry"	Blackberry Os Search vendor "Blackberry" for product "Blackberry Os"	<= 10.1.0.2354 Search vendor "Blackberry" for product "Blackberry Os" and version " <= 10.1.0.2354"	-	Affected	in	Blackberry Search vendor "Blackberry"	Q5 Search vendor "Blackberry" for product "Q5"	-	-	Affected
Blackberry Search vendor "Blackberry"	Blackberry Os Search vendor "Blackberry" for product "Blackberry Os"	<= 10.1.0.2354 Search vendor "Blackberry" for product "Blackberry Os" and version " <= 10.1.0.2354"	-	Affected	in	Blackberry Search vendor "Blackberry"	Z10 Search vendor "Blackberry" for product "Z10"	-	-	Affected
Blackberry Search vendor "Blackberry"	Blackberry Os Search vendor "Blackberry" for product "Blackberry Os"	<= 10.1.0.2354 Search vendor "Blackberry" for product "Blackberry Os" and version " <= 10.1.0.2354"	-	Affected	in	Blackberry Search vendor "Blackberry"	Z30 Search vendor "Blackberry" for product "Z30"	-	-	Affected