PT-2013-4571 · Microsoft+2 · Windows+2
Publicado
2013-11-16
·
Atualizado
2013-11-19
·
CVE-2013-3694
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BlackBerry Link versions prior to 1.2.1.31 on Windows
BlackBerry Link versions prior to 1.1.1 build 39 on Mac OS X
Description
The issue allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests. This can be achieved through a CSRF attack involving DNS rebinding, as the software does not require authentication for remote file-access folders.
Recommendations
For BlackBerry Link on Windows, update to version 1.2.1.31 or later.
For BlackBerry Link on Mac OS X, update to version 1.1.1 build 39 or later.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Blackberry Link
Macos X
Windows