CVE-2014-2388

EUVD-2014-2424
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 UNKNOWN
ADJACENT_NETWORK
LOW
AV:A/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
blackberryblackberry_os
𝑥
≤ 10.1.0.2354
blackberryq10
-
blackberryq5
-
blackberryz10
-
blackberryz30
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/127850
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html
http://secunia.com/advisories/60156
http://www.blackberry.com/btsc/KB36174
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
http://www.securityfocus.com/archive/1/533118/100/0/threaded
http://www.securityfocus.com/bid/69217
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263
http://packetstormsecurity.com/files/127850
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html
http://secunia.com/advisories/60156
http://www.blackberry.com/btsc/KB36174
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
http://www.securityfocus.com/archive/1/533118/100/0/threaded
http://www.securityfocus.com/bid/69217
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263