Lucene search

[email protected]NVD:CVE-2021-32022

HistoryNov 10, 2021 - 6:15 p.m.

CVE-2021-32022

2021-11-1018:15:08

[email protected]

web.nvd.nist.gov

cve-2021-32022

privileged

vulnerability

blackberry protect

windows

cef rpc server

execute code

admin rights

data deletion

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

12.6%

JSON

A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.

Affected configurations

Nvd

Node

blackberryprotectRange≤1574windows

VendorProductVersionCPE
blackberryprotect*cpe:2.3:a:blackberry:protect:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
blackberry	protect	*	cpe:2.3:a:blackberry:protect::::::windows::*

References

support.blackberry.com/kb/articleDetail?articleNumber=000088685

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-32022

prion1 cvelist1 cve1 pentestpartners1