Details of VAR-201501-0783

ID

VAR-201501-0783

TITLE

Multiple BlackBerry Products Local Security Bypass Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2015-00290

DESCRIPTION

BlackBerry is a mobile phone that supports basic functions such as multiple mail systems, multiple format attachments, mail filtering, and remote clearing of email data. Multiple BlackBerry products have security vulnerabilities that allow local attackers to bypass security restrictions, perform unauthorized operations, etc. through the USB port

Trust: 0.81

sources: CNVD: CNVD-2015-00290 // BID: 71893

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-00290

AFFECTED PRODUCTS

vendor:	blackberry	model:	blackberry	scope:	-	version:	-	Trust: 0.6
vendor:	rim	model:	blackberry	scope:	eq	version:	7.1	Trust: 0.3
vendor:	blackberry	model:	torch	scope:	eq	version:	9860	Trust: 0.3
vendor:	blackberry	model:	torch	scope:	eq	version:	9850	Trust: 0.3
vendor:	blackberry	model:	torch	scope:	eq	version:	9810	Trust: 0.3
vendor:	blackberry	model:	style	scope:	eq	version:	9670	Trust: 0.3
vendor:	blackberry	model:	storm2	scope:	eq	version:	9550	Trust: 0.3
vendor:	blackberry	model:	storm	scope:	eq	version:	9530	Trust: 0.3
vendor:	blackberry	model:	storm	scope:	eq	version:	9500	Trust: 0.3
vendor:	blackberry	model:	pearl flip	scope:	eq	version:	8230	Trust: 0.3
vendor:	blackberry	model:	pearl	scope:	eq	version:	8230	Trust: 0.3
vendor:	blackberry	model:	pearl 8130m	scope:	-	version:	-	Trust: 0.3
vendor:	blackberry	model:	curve	scope:	eq	version:	9370	Trust: 0.3
vendor:	blackberry	model:	curve	scope:	eq	version:	9350	Trust: 0.3
vendor:	blackberry	model:	curve	scope:	eq	version:	9330	Trust: 0.3
vendor:	blackberry	model:	curve	scope:	eq	version:	9310	Trust: 0.3
vendor:	blackberry	model:	curve	scope:	eq	version:	8530	Trust: 0.3
vendor:	blackberry	model:	bold	scope:	eq	version:	9930	Trust: 0.3
vendor:	blackberry	model:	bold	scope:	eq	version:	9900	Trust: 0.3
vendor:	blackberry	model:	bold	scope:	eq	version:	9650	Trust: 0.3

sources: CNVD: CNVD-2015-00290 // BID: 71893

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-00290
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2015-00290
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-00290

THREAT TYPE

local

Trust: 0.3

sources: BID: 71893

TYPE

Design Error

Trust: 0.3

sources: BID: 71893

PATCH

title:

Patches for local security bypass vulnerabilities in multiple BlackBerry products

url:

https://www.cnvd.org.cn/patchinfo/show/53934

Trust: 0.6

sources: CNVD: CNVD-2015-00290

EXTERNAL IDS

db:	BID	id:	71893	Trust: 0.9
db:	CNVD	id:	CNVD-2015-00290	Trust: 0.6

sources: CNVD: CNVD-2015-00290 // BID: 71893

REFERENCES

url:	http://www.securityfocus.com/bid/71893/	Trust: 0.6
url:	http://us.blackberry.com/	Trust: 0.3
url:	http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=ffee88c44e68b677713a75741a6988b8?nocount=true&externalid=kb36557&sliceid=1&cmd=&forward=nonthreadedkc&command=show&kcid=kb36557&viewe	Trust: 0.3

sources: CNVD: CNVD-2015-00290 // BID: 71893

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 71893

SOURCES

db:	CNVD	id:	CNVD-2015-00290
db:	BID	id:	71893

LAST UPDATE DATE

2022-05-17T02:01:11.173000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-00290	date:	2015-01-14T00:00:00
db:	BID	id:	71893	date:	2014-12-26T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-00290	date:	2015-01-14T00:00:00
db:	BID	id:	71893	date:	2014-12-26T00:00:00