CVE-2014-2388 Information
Description
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5 Q10 Z10 and Z30 devices does not enforce the password requirement for SMB filesystem access which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.
Reference
http://packetstormsecurity.com/files/127850 http://packetstormsecurity.com/files/127850/BlackBerry-Z10-Authentication-Bypass.html http://secunia.com/advisories/60156 http://www.blackberry.com/btsc/KB36174 http://www.modzero.ch/advisories/MZ-13-04-Blackberry_Z10-File-Exchange-Authentication-By-Pass.txt http://www.securityfocus.com/archive/1/533118/100/0/threaded http://www.securityfocus.com/bid/69217 https://exchange.xforce.ibmcloud.com/vulnerabilities/95262 https://exchange.xforce.ibmcloud.com/vulnerabilities/95263
Share on: