CVE-2023-32701 - Vulnerability Details - OpenCVE

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Qnx Software Development Platform

Configuration 1 [-]

OR	cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:::::::*
	cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:::::::*

No data.

References

Link	Providers
https://support.blackberry.com/kb/articleDetail?articleNumber=000112401

History

No history.

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2023-11-14T18:33:59.148Z

Updated: 2024-08-30T18:05:56.808Z

Reserved: 2023-05-11T20:52:48.323Z

Link: CVE-2023-32701

Vulnrichment

Updated: 2024-08-02T15:25:36.816Z

NVD

Status : Modified

Published: 2023-11-14T19:15:27.163

Modified: 2024-11-21T08:03:52.980

Link: CVE-2023-32701

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-32701", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "state": "PUBLISHED", "assignerShortName": "blackberry", "dateReserved": "2023-05-11T20:52:48.323Z", "datePublished": "2023-11-14T18:33:59.148Z", "dateUpdated": "2024-08-30T18:05:56.808Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Networking Stack"], "product": "QNX Software Development Platform", "vendor": "BlackBerry", "versions": [{"status": "affected", "version": "6.6, 7.0, and 7.1"}]}], "datePublic": "2023-11-14T18:01:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. <p></p>"}], "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2023-11-14T18:33:59.148Z"}, "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T18:05:38.851186Z", "id": "CVE-2023-32701", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:05:56.808Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:25:36.816Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-32701", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-30T18:05:38.851186Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:05:52.328Z"}}], "cna": {"title": "Vulnerability in Networking Stack Impacts QNX Software Development Platform (SDP)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BlackBerry", "modules": ["Networking Stack"], "product": "QNX Software Development Platform", "versions": [{"status": "affected", "version": "6.6, 7.0, and 7.1"}], "defaultStatus": "unaffected"}], "datePublic": "2023-11-14T18:01:00.000Z", "references": [{"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n", "supportingMedia": [{"type": "text/html", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. <p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry", "dateUpdated": "2023-11-14T18:33:59.148Z"}}}, "cveMetadata": {"cveId": "CVE-2023-32701", "state": "PUBLISHED", "dateUpdated": "2024-08-30T18:05:56.808Z", "dateReserved": "2023-05-11T20:52:48.323Z", "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "datePublished": "2023-11-14T18:33:59.148Z", "assignerShortName": "blackberry"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n"}, {"lang": "es", "value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2023-32701", "lastModified": "2024-11-21T08:03:52.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "secure@blackberry.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-14T19:15:27.163", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "secure@blackberry.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}