CVE-2023-32701

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.blackberry.com/kb/articleDetail?articleNumber=000112401	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:::::::*

History

21 Nov 2023, 19:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-14 19:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-32701

Mitre link : CVE-2023-32701

CVE.ORG link : CVE-2023-32701

JSON object : View

Products Affected

blackberry

qnx_software_development_platform

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-32701", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "secure@blackberry.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2023-11-14T19:15:27.163", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", "tags": ["Vendor Advisory"], "source": "secure@blackberry.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secure@blackberry.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio."}], "lastModified": "2023-11-21T19:56:58.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23"}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49"}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}