Information Disclosure Vulnerability in BlackBerry QNX Software Development Platform
CVE-2017-3892

3.8LOW

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-3892?

In the BlackBerry QNX Software Development Platform (SDP) version 6.6.0, an information disclosure vulnerability exists within the default configuration. This flaw could empower attackers to access sensitive information regarding the memory layout, potentially facilitating blended attacks. By exploiting this configuration, an attacker may execute commands that target procfs resources, amplifying the security risks associated with the platform.

Affected Version(s)

QNX Software Development Platform (SDP) 6.6.0

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Dec 21, 2016

JSON

Blackberry

What is CVE-2017-3892?

Affected Version(s)

References

CVSS V3.1

Timeline