CVE-2021-32024

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.blackberry.com/kb/articleDetail?articleNumber=000089042	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*

History

15 Dec 2021, 21:54

Type	Values Removed	Values Added
References	~~(MISC) http://support.blackberry.com/kb/articleDetail?articleNumber=000089042 -~~	(MISC) http://support.blackberry.com/kb/articleDetail?articleNumber=000089042 - Patch, Vendor Advisory
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CPE		cpe:2.3:a:blackberry:qnx_software_development_platform::::::::

13 Dec 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-13 19:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-32024

Mitre link : CVE-2021-32024

CVE.ORG link : CVE-2021-32024

JSON object : View

Products Affected

blackberry

qnx_software_development_platform

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-32024", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-12-13T19:15:07.840", "references": [{"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042", "tags": ["Patch", "Vendor Advisory"], "source": "secure@blackberry.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el c\u00f3dec de im\u00e1genes BMP de BlackBerry QNX SDP versiones 6.4 a 7.1, podr\u00eda permitir a un atacante ejecutar potencialmente c\u00f3digo en el contexto del proceso afectado"}], "lastModified": "2022-02-08T15:54:42.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6421B8DD-71CF-42E4-8C89-A91E7FFC9D65", "versionEndIncluding": "7.1", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}