Elevation of Privilege Vulnerability in BlackBerry Protect for Windows
CVE-2021-32023

7.8HIGH

Key Information:

Vendor: Blackberry
Status: Blackberry Protect For Windows
Vendor: CVE Published:; 10 November 2021

What is CVE-2021-32023?

An elevation of privilege vulnerability exists within the message broker component of BlackBerry Protect for Windows. This flaw could allow an attacker to execute arbitrary code with elevated privileges, specifically in the context of a BlackBerry Cylance service running with administrative rights. Systems running version 1574 and earlier are particularly at risk, potentially compromising sensitive data and overall system integrity. Timely updates and security patches are crucial to mitigate this vulnerability.

Affected Version(s)

BlackBerry Protect for Windows Version 1574 and earlier

References

https://support.blackberry.com/kb/articleDetail?articleNu...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2021
Vulnerability Reserved
May 3, 2021

Blackberry

What is CVE-2021-32023?

Affected Version(s)

References

CVSS V3.1

Timeline