CVE-2020-6932 — CRITICAL (10.0)

Q: How severe is CVE-2020-6932?

CVE-2020-6932 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-6932?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.

Vulnerability Description

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Blackberry	Qnx Software Development Platform	>= 6.4.0, <= 6.6.0

Related Weaknesses (CWE)

CWE-150

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000061411Vendor Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000061411Vendor Advisory

FAQ

What is CVE-2020-6932?

CVE-2020-6932 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to poten...

How severe is CVE-2020-6932?

CVE-2020-6932 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-6932?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.