PT-2013-4571 · Microsoft+2 · Windows+2

Published

2013-11-16

Updated

2013-11-19

CVE-2013-3694

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BlackBerry Link versions prior to 1.2.1.31 on Windows BlackBerry Link versions prior to 1.1.1 build 39 on Mac OS X

Description The issue allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests. This can be achieved through a CSRF attack involving DNS rebinding, as the software does not require authentication for remote file-access folders.

Recommendations For BlackBerry Link on Windows, update to version 1.2.1.31 or later. For BlackBerry Link on Mac OS X, update to version 1.1.1 build 39 or later.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2013-3694

Affected Products

Blackberry Link

Macos X

Windows

PT-2013-4571 · Microsoft+2 · Windows+2

CVE-2013-3694

Weakness Enumeration

Related Identifiers

Affected Products

References · 3