CVE-2014-2388 — MEDIUM (6.1)

Q: How severe is CVE-2014-2388?

CVE-2014-2388 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2388?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Blackberry Os, Blackberry Q10, Blackberry Q5, Blackberry Z10, Blackberry Z30.

Vulnerability Description

The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.

CVSS Score

6.1

MEDIUM

AV:A/AC:L/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Blackberry	Blackberry Os	<= 10.1.0.2354
Blackberry	Q10	-
Blackberry	Q5	-
Blackberry	Z10	-
Blackberry	Z30	-

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-2388?

CVE-2014-2388 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-depen...

How severe is CVE-2014-2388?

CVE-2014-2388 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2388?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Blackberry Os, Blackberry Q10, Blackberry Q5, Blackberry Z10, Blackberry Z30.