cnvd - cnvd-2017-00784

CNVD-2017-00784

Vulnerability from cnvd - Published: 2017-01-25

Title

BlackBerry Enterprise Server权限提升漏洞

Description

BlackBerry Enterprise Server（BES）是加拿大黑莓（BlackBerry）公司的一套无线解决方案。该方案为移动设备提供了一个统一的架构来访问企业应用、无线邮件通信。 BES12至12.5.2版本中Core存在安全漏洞。远程攻击者可利用该漏洞获取设备的访问权限，向服务器发送错误信息。

Severity

中

Patch Name

BlackBerry Enterprise Server权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://support.blackberry.com/kb/articleDetail?articleNumber=000038913

Reference

http://support.blackberry.com/kb/articleDetail?articleNumber=000038913

Impacted products

Name
Blackberry Enterprise Server <=12.5.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-3128"
    }
  },
  "description": "BlackBerry Enterprise Server\uff08BES\uff09\u662f\u52a0\u62ff\u5927\u9ed1\u8393\uff08BlackBerry\uff09\u516c\u53f8\u7684\u4e00\u5957\u65e0\u7ebf\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e3a\u79fb\u52a8\u8bbe\u5907\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7edf\u4e00\u7684\u67b6\u6784\u6765\u8bbf\u95ee\u4f01\u4e1a\u5e94\u7528\u3001\u65e0\u7ebf\u90ae\u4ef6\u901a\u4fe1\u3002\r\n\r\nBES12\u81f312.5.2\u7248\u672c\u4e2dCore\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbe\u5907\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5411\u670d\u52a1\u5668\u53d1\u9001\u9519\u8bef\u4fe1\u606f\u3002",
  "discovererName": "BlackBerry",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://support.blackberry.com/kb/articleDetail?articleNumber=000038913",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00784",
  "openTime": "2017-01-25",
  "patchDescription": "BlackBerry Enterprise Server\uff08BES\uff09\u662f\u52a0\u62ff\u5927\u9ed1\u8393\uff08BlackBerry\uff09\u516c\u53f8\u7684\u4e00\u5957\u65e0\u7ebf\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u4e3a\u79fb\u52a8\u8bbe\u5907\u63d0\u4f9b\u4e86\u4e00\u4e2a\u7edf\u4e00\u7684\u67b6\u6784\u6765\u8bbf\u95ee\u4f01\u4e1a\u5e94\u7528\u3001\u65e0\u7ebf\u90ae\u4ef6\u901a\u4fe1\u3002\r\n\r\nBES12\u81f312.5.2\u7248\u672c\u4e2dCore\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbe\u5907\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5411\u670d\u52a1\u5668\u53d1\u9001\u9519\u8bef\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "BlackBerry Enterprise Server\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Blackberry Enterprise Server \u003c=12.5.2"
  },
  "referenceLink": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-18",
  "title": "BlackBerry Enterprise Server\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2016-3128 (GCVE-0-2016-3128)

Vulnerability from cvelistv5 – Published: 2017-01-13 09:00 – Updated: 2024-08-05 23:47

Summary

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.

Severity ?

No CVSS data available.

CWE

spoofing

Assigner

blackberry

References

URL

Tags

	http://support.blackberry.com/kb/articleDetail?ar…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95624	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037585	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	BES12 versions through 12.5.2	Affected: BES12 versions through 12.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913"
          },
          {
            "name": "95624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95624"
          },
          {
            "name": "1037585",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037585"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BES12 versions through 12.5.2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "BES12 versions through 12.5.2"
            }
          ]
        }
      ],
      "datePublic": "2017-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-19T10:57:01",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913"
        },
        {
          "name": "95624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95624"
        },
        {
          "name": "1037585",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037585"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@blackberry.com",
          "ID": "CVE-2016-3128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BES12 versions through 12.5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "BES12 versions through 12.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913",
              "refsource": "CONFIRM",
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038913"
            },
            {
              "name": "95624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95624"
            },
            {
              "name": "1037585",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037585"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2016-3128",
    "datePublished": "2017-01-13T09:00:00",
    "dateReserved": "2016-03-11T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-00784

CVE-2016-3128 (GCVE-0-2016-3128)

Tags

Sightings

Nomenclature