Lucene search

[email protected]NVD:CVE-2021-32025

HistoryMar 10, 2022 - 5:42 p.m.

CVE-2021-32025

2022-03-1017:42:14

[email protected]

web.nvd.nist.gov

cve-2021-32025

qnx software development platform

qnx momentics

qnx os for safety

qnx for medical

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.

Affected configurations

Nvd

Node

blackberryqnx_momenticsMatch6.3.0

blackberryqnx_momenticsMatch6.3.2

blackberryqnx_software_development_platformRange6.4.0–7.0

blackberryqnx_os_for_medicalRange1.0–1.1.2

blackberryqnx_os_for_medicalMatch2.0.0

blackberryqnx_os_for_safetyRange1.0.0–1.0.3

blackberryqnx_os_for_safetyRange2.0.0–2.0.2

VendorProductVersionCPE
blackberryqnx_momentics6.3.0cpe:2.3:a:blackberry:qnx_momentics:6.3.0:*:*:*:*:*:*:*
blackberryqnx_momentics6.3.2cpe:2.3:a:blackberry:qnx_momentics:6.3.2:*:*:*:*:*:*:*
blackberryqnx_software_development_platform*cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*
blackberryqnx_os_for_medical*cpe:2.3:o:blackberry:qnx_os_for_medical:*:*:*:*:*:*:*:*
blackberryqnx_os_for_medical2.0.0cpe:2.3:o:blackberry:qnx_os_for_medical:2.0.0:*:*:*:*:*:*:*
blackberryqnx_os_for_safety*cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackberry	qnx_momentics	6.3.0	cpe:2.3:a:blackberry:qnx_momentics:6.3.0:::::::*
blackberry	qnx_momentics	6.3.2	cpe:2.3:a:blackberry:qnx_momentics:6.3.2:::::::*
blackberry	qnx_software_development_platform	*	cpe:2.3:a:blackberry:qnx_software_development_platform::::::::
blackberry	qnx_os_for_medical	*	cpe:2.3:o:blackberry:qnx_os_for_medical::::::::
blackberry	qnx_os_for_medical	2.0.0	cpe:2.3:o:blackberry:qnx_os_for_medical:2.0.0:::::::*
blackberry	qnx_os_for_safety	*	cpe:2.3:o:blackberry:qnx_os_for_safety::::::::

References

support.blackberry.com/kb/articleDetail?articleNumber=000090868

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2021-32025

cvelist1 cve1 prion1