|
[Japanese]
|
JVNDB-2018-000111
|
BlueStacks App Player fails to restrict access permissions
|
|
BlueStacks App Player fails to restrict access permissions (CWE-284).
Masaki Kubo and Yoshiki Mori of Cybersecurity Laboratory, National Institute of Information and Communications Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Bluestacks
- BlueStacks App Player for Windows 3.0.0 to 4.31.55
- BlueStacks App Player for macOS 2.0.0 and later
|
|
|
A user with access to the network that is connected to the affected product may gain unauthorized access.
|
|
[Update the Software]
Windows users should update to the latest version of software according to the information provided by the developer.
[Apply Workarounds]
macOS users should apply the following workarounds to mitigate the effects of this vulnerability.
* Do not connect BlueStacks installed machine to the network
* Block access from outside to 5555/TCP
|
|
Bluestacks
|
|
- Improper Access Control(CWE-284) [IPA Evaluation]
|
|
- CVE-2018-0701
|
|
- JVN : JVN#60702986
- National Vulnerability Database (NVD) : CVE-2018-0701
|
|
- [2018/10/24]
Web page was published
- [2019/08/27]
References : Content was added
|
