Authentication Bypass in BlackBerry OS 10.x Affects Multiple Devices
CVE-2014-2388

Currently unrated

Key Information:

Vendor: Blackberry
Status: Blackberry Os; Q10; Q5; Z10
Vendor: CVE Published:; 18 August 2014

What is CVE-2014-2388?

The Storage and Access service in BlackBerry OS 10.x prior to version 10.2.1.1925 suffers from an authentication bypass issue. This vulnerability allows unauthorized users to access the SMB filesystem without proper password enforcement. Attackers can exploit this flaw to read arbitrary files over Wi-Fi networks or USB connections while in Development Mode, potentially exposing sensitive data stored on devices like the Q5, Q10, Z10, and Z30.

References

http://packetstormsecurity.com/files/127850/BlackBerry-Z1...

x_refsource_MISC

http://packetstormsecurity.com/files/127850

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/95262

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2014
Vulnerability Reserved
Mar 13, 2014

Blackberry

What is CVE-2014-2388?

References

Timeline