- Description
- BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.2
- Impact score
- 10
- Exploitability score
- 1.9
- Vector string
- AV:L/AC:H/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:blackberry_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54F40B08-2086-462C-96C2-EB1BC5EADE74",
"versionEndIncluding": "10.0.10.261"
},
{
"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E79BD27F-78B5-47BA-A563-DEF8C6523633"
},
{
"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45F7C9A1-C660-45D7-A1B6-84B0E05837D9"
},
{
"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.0.10.85:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBE51ED2-458E-4E95-B6EB-BAFD2EE05227"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:blackberry:z10:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFF10379-D135-47B8-90FF-E501AC736F45"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]