CVE-2014-2388 - OpenCVE

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Blackberry Os Q10 Q5 Z10 Z30

Configuration 1 [-]

AND

cpe:2.3:o:blackberry:blackberry_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:blackberry:q10:-:::::::*
	cpe:2.3:h:blackberry:q5:-:::::::*
	cpe:2.3:h:blackberry:z10:-:::::::*
	cpe:2.3:h:blackberry:z30:-:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/127850
http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html
http://secunia.com/advisories/60156
http://www.blackberry.com/btsc/KB36174
http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt
http://www.securityfocus.com/archive/1/533118/100/0/threaded
http://www.securityfocus.com/bid/69217
https://exchange.xforce.ibmcloud.com/vulnerabilities/95262
https://exchange.xforce.ibmcloud.com/vulnerabilities/95263

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-18T10:00:00

Updated: 2024-08-06T10:14:25.827Z

Reserved: 2014-03-13T00:00:00

Link: CVE-2014-2388

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-08-18T11:15:25.667

Modified: 2018-10-09T19:43:15.207

Link: CVE-2014-2388

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/127850"}, {"name": "blackberry-z10-cve20142388-sec-bypass(95262)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95262"}, {"name": "60156", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60156"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/KB36174"}, {"name": "blackberry-cve20141470-sec-bypass(95263)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95263"}, {"name": "69217", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69217"}, {"tags": ["x_refsource_MISC"], "url": "http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt"}, {"name": "20140812 BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/533118/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2388", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html"}, {"name": "http://packetstormsecurity.com/files/127850", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/127850"}, {"name": "blackberry-z10-cve20142388-sec-bypass(95262)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95262"}, {"name": "60156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60156"}, {"name": "http://www.blackberry.com/btsc/KB36174", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/KB36174"}, {"name": "blackberry-cve20141470-sec-bypass(95263)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95263"}, {"name": "69217", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69217"}, {"name": "http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt", "refsource": "MISC", "url": "http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt"}, {"name": "20140812 BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/533118/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.827Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/127850"}, {"name": "blackberry-z10-cve20142388-sec-bypass(95262)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95262"}, {"name": "60156", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60156"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.blackberry.com/btsc/KB36174"}, {"name": "blackberry-cve20141470-sec-bypass(95263)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95263"}, {"name": "69217", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69217"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt"}, {"name": "20140812 BlackBerry Z 10 - Storage and Access File-Exchange Authentication By-Pass [MZ-13-04]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/533118/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2388", "datePublished": "2014-08-18T10:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2024-08-06T10:14:25.827Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:blackberry:blackberry_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "04DA835E-8AC6-4D91-A7D4-CE989DB4DECE", "versionEndIncluding": "10.1.0.2354", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:blackberry:q10:-:*:*:*:*:*:*:*", "matchCriteriaId": "71D783CC-F87A-4D5E-AC9F-ABBE54FEEAF5", "vulnerable": true}, {"criteria": "cpe:2.3:h:blackberry:q5:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DC93FBB-833A-4AEC-AFBB-DE267968CFE6", "vulnerable": true}, {"criteria": "cpe:2.3:h:blackberry:z10:-:*:*:*:*:*:*:*", "matchCriteriaId": "CFF10379-D135-47B8-90FF-E501AC736F45", "vulnerable": true}, {"criteria": "cpe:2.3:h:blackberry:z30:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B771638-C251-41A7-98ED-32E773F11AA6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode."}, {"lang": "es", "value": "El servicio de almacenamiento y acceso en BlackBerry OS 10.x anterior a 10.2.1.1925 en los dispositivos Q5, Q10, Z10, y Z30 no aplica el requisito de contrase\u00f1as para el acceso al sistema de ficheros SMB, lo que permite a atacantes dependientes de contexto leer ficheros arbitrarios a trav\u00e9s de (1) una sesi\u00f3n por una red Wi-Fi o (2) una sesi\u00f3n por una conexi\u00f3n USB en modo de desarrollo."}], "id": "CVE-2014-2388", "lastModified": "2018-10-09T19:43:15.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-18T11:15:25.667", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.com/files/127850"}, {"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/60156"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.blackberry.com/btsc/KB36174"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/533118/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/69217"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95262"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95263"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}