Spoofing Vulnerability in BlackBerry Enterprise Server Core
CVE-2016-3128

8.2HIGH

Key Information:

Vendor: Blackberry
Status: BES12 versions through 12.5.2
Vendor: CVE Published:; 13 January 2017

What is CVE-2016-3128?

A spoofing vulnerability in the Core component of BlackBerry Enterprise Server (BES) versions 12 through 12.5.2 enables remote attackers to enroll unauthorized devices onto the BES. This security flaw allows adversaries to gain access to sensitive device parameters of legitimate devices enrolled in the BES, as well as to transmit deceptive information back to the BES by exploiting specific details of those legitimate devices. Organizations using these versions of BES should take immediate action to mitigate potential risks.

Affected Version(s)

BES12 through 12.5.2 BES12 versions through 12.5.2

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95624

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1037585

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2017
Vulnerability Reserved
Mar 11, 2016

Blackberry

What is CVE-2016-3128?

Affected Version(s)

References

CVSS V3.1

Timeline