BSRT-2021-003 Vulnerabilities Impact BlackBerry Protect for Windows
Article Number: 000088685
First Published:
Last Modified: November 10, 2021
Type: Security Advisory
Overview
This advisory addresses vulnerabilities in affected versions of BlackBerry® Protect for Windows. The vulnerabilities could potentially allow a successful attacker to execute code in the context of a Cylance service that has admin rights on the system, delete data from the local system, or gain access to the security context of the Cylance service within a less privileged application. BlackBerry is not aware of any exploitation of these vulnerabilities.
BlackBerry investigates all reports of security vulnerabilities affecting supported products and services. A security advisory is issued once the investigation is complete and the software update is released. Installing the recommended update(s) in this advisory will help maintain the security of your BlackBerry product(s).
BlackBerry investigates all reports of security vulnerabilities affecting supported products and services. A security advisory is issued once the investigation is complete and the software update is released. Installing the recommended update(s) in this advisory will help maintain the security of your BlackBerry product(s).
Vulnerability Information
| Vulnerability Categories | CVE-2021-32021 Details | CVE-2021-32022 Details | CVE-2021-32023 Details |
| CVE Identifier | CVE-2021-32021 | CVE-2021-32022 | CVE-2021-32023 |
| Vulnerability Type | Denial of service in message broker | Low privileged delete using CEF RPC server | Elevation of privilege in message broker |
| CVSS Score | 7.8 | 5.5 | 7.8 |
| Affected Product(s) | BlackBerry Protect for Windows version 1574 and all previous agents. | ||
| Affected Component(s) | Message Broker – The message broker is used for communication between UES components CEF RPC Server – The CEF RPC Server receives remote procedure calls for the UES Common Endpoint Framework | ||
| Non-Affected Product(s) |
| ||
| Who Should Read This Advisory/Apply Software Fixes |
| ||
| Requirements for Attacker to be Successful | To exploit this vulnerability, an authenticated local attacker must send a specially crafted RPC call to a specific port. | To exploit this vulnerability, an authenticated local attacker must send a specially crafted RPC call to a specific port. | To exploit this vulnerability, an authenticated local attacker must broadcast an arbitrary message to a specific port. |
| Impact if Requirements are met (exploitation results) | A successful attacker could potentially execute code in the context of a Cylance service that has admin rights on the system. | A successful attacker could potentially gain the ability to delete data from the local system. | A successful attacker could potentially gain access to the security context of the Cylance service. |
| Mitigation(s) | This issue is mitigated by the requirement that a local authenticated attacker is able to execute malware on the system. This vulnerability is further mitigated by the requirement that an attacker must initiate the attack within a window of opportunity. | This issue is mitigated by the requirement that a local authenticated attacker is able to execute targeted malware on the system. This vulnerability is further mitigated by the requirement that an attacker must initiate the attack within a window of opportunity. | This issue is mitigated by the requirement that a local authenticated attacker is able to execute targeted malware on the system. |
| Workaround(s)/ Recommendation(s) All workarounds should be considered temporary measures. BlackBerry recommends that customers install the latest update(s) to protect their systems. | There are no workarounds for these vulnerabilities. | ||
| Software Update(s) | Customers can obtain the latest versions of BlackBerry Protect for Windows via their BlackBerry Protect Console. | ||
More information
Where can I read more about the security of BlackBerry products and services?
For more information on BlackBerry security visit http://www.blackberry.com/psirt.
Definitions
CVE
Common Vulnerabilities and Exposures is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE Corporation.
CVSS
Common Vulnerability Scoring System is a vendor-agnostic, industry open standard designed to convey the severity of a vulnerability. CVSS scores may be used to determine the urgency for update deployment within an organization and can range from 0.0 (no vulnerability) to 10.0 (critical). BlackBerry uses CVSSv3 in vulnerability assessments to present an immutable characterization of security vulnerabilities. BlackBerry assigns all relevant security vulnerabilities a non-zero score. Customers performing their own risk assessments of vulnerabilities that may impact them can benefit from using the same industry-recognized CVSS metrics.
Mitigations
Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. Examples of such conditions include default settings, common configurations, and general best practices.
Workarounds
Workarounds are settings or configuration changes that a user or administrator can apply to help protect against an attack.
Common Vulnerabilities and Exposures is a dictionary of common names (CVE Identifiers) for publicly known information security vulnerabilities maintained by the MITRE Corporation.
CVSS
Common Vulnerability Scoring System is a vendor-agnostic, industry open standard designed to convey the severity of a vulnerability. CVSS scores may be used to determine the urgency for update deployment within an organization and can range from 0.0 (no vulnerability) to 10.0 (critical). BlackBerry uses CVSSv3 in vulnerability assessments to present an immutable characterization of security vulnerabilities. BlackBerry assigns all relevant security vulnerabilities a non-zero score. Customers performing their own risk assessments of vulnerabilities that may impact them can benefit from using the same industry-recognized CVSS metrics.
Mitigations
Mitigations are existing conditions that a potential attacker would need to overcome to mount a successful attack or that would limit the severity of an attack. Examples of such conditions include default settings, common configurations, and general best practices.
Workarounds
Workarounds are settings or configuration changes that a user or administrator can apply to help protect against an attack.
Acknowledgements
BlackBerry would like to thank Ceri Coburn, Pen Test Partners, for their involvement in helping protect our customers.
Legal Disclaimer
All data and information provided in this advisory (“Information”) are provided for informational purposes only and are provided “as is” without any warranties or guarantees, express or implied, including without limitation, any warranties or guarantees relating to the accuracy or reliability of the contents of the Information. In no event shall BlackBerry Limited and/or its subsidiaries and affiliates (“BlackBerry”) be liable to any party for any direct, indirect, special, punitive, consequential, or incidental damages in connection with any reliance on or use of the Information, including without limitation, loss of business revenue or earnings, lost data, damages caused by delays, lost profits or a failure to realize expected savings or revenues, even if BlackBerry was expressly advised of the possibility of such damages.
Change Log
11-10-2021
Adjust formatting
11-09-2021
Initial publication
Adjust formatting
11-09-2021
Initial publication