Information Disclosure Vulnerability in BlackBerry QNX Software Development Platform
CVE-2017-3892

7.5HIGH

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (qnx Sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-3892?

In the BlackBerry QNX Software Development Platform (SDP) version 6.6.0, an information disclosure vulnerability exists within the default configuration. This flaw could empower attackers to access sensitive information regarding the memory layout, potentially facilitating blended attacks. By exploiting this configuration, an attacker may execute commands that target procfs resources, amplifying the security risks associated with the platform.

Affected Version(s)

QNX Software Development Platform (QNX SDP) 6.6.0

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Dec 21, 2016

Blackberry

What is CVE-2017-3892?

Affected Version(s)

References

CVSS V3.1

Timeline