add blackberry to captured data potential from advisory example

2022-05-20 23:21:30 -05:00 · 2022-05-20 23:21:30 -05:00 · 8797fdbd8d
commit 8797fdbd8d
parent 992014eb77
1 changed files with 54 additions and 2 deletions
--- a/doc/cna_readme_notes/cnas_with_html_advisories.md
+++ b/doc/cna_readme_notes/cnas_with_html_advisories.md
@ -312,12 +312,64 @@ https://www.bitdefender.com/support/security-advisories/
 404 on the advisory page for me
 #### Captured Data Potential From Advisory

-
 ## BlackBerry
 ### Advisory
 https://www.blackberry.com/us/en/services/blackberry-product-security-incident-response
 #### Captured Data Potential From Advisory
-
+```
+{
+  :bulletin_id => 'QNX-2022-001',
+  :article_number => '000090868',
+  :first_published => '',
+  :last_modified => 'January 11, 2022',
+  :type => 'security_advisory',
+  :overview => 'This advisory addresses an elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) that could potentially allow a successful attacker to access data, modify behavior, or permanently crash the system. BlackBerry is not aware of any exploitation of this vulnerability. BlackBerry investigates all reports of security vulnerabilities affecting supported products and services. A security advisory is issued once the investigation is complete and the software update is released. Installing the recommended update(s) in this advisory will help maintain the security of your BlackBerry products(s). ',
+  :vulnerability_information =>
+  {
+    :cve_identifier => 'CVE-2021-32025',
+    :vulnerability_type => 'Elevation of privilege',
+    :cvss_score => '8.1',
+    :affected_products => [
+      'QNX SDP versions 6.4.0 to 7.0',
+      'QNX® Momentics® all 6.3.x versions',
+      'QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262 ',
+      'QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262 ',
+      'QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304',
+      'QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304'
+    ],
+    :affected_components => [
+      'QNX Neutrino Kernel - The kernel implements the core POSIX features used in embedded real-time systems, along with the fundamental QNX Neutrino message-passing services.'
+    ],
+    :non_affected_products => [
+      'QNX SDP 7.0 (com.qnx.sdp.target.microkernel.core version 7.0.4298.S202111170916)',
+      'QNX SDP 6.6.0 with Patch ID 4884 applied',
+      'QNX SDP 6.5.0SP1 with Patch ID 4880 applied',
+      'QNX SDP 6.4.1 with Patch ID 4891 applied',
+      'QNX Momentics Development Suite 6.3.2 with Patch ID 4892 applied',
+      'QNX OS for Safety versions 1.0.3 safety products compliant with IEC 61508 and/or ISO 26262',
+      'QNX OS for Safety version 2.0.2 safety products compliant with IEC 61508 and/or ISO 26262 (com.qnx.sdp.target.qos.group version 2.0.643.S202110182332)',
+      'QNX OS for Medical versions 1.1.2 safety products compliant with IEC 62304 with patch ID 4888',
+      'QNX OS for Medical version 2.0.1 safety products compliant with IEC 62304 (com.qnx.sdp.target.qosm.group version 2.0.23.S202110290907)',
+      'System hardware architectures other than 32-bit x86',
+      'QNX SDP 7.1 and later versions',
+      'QNX OS for Safety 2.1 and later versions'
+    ],
+    :who_should_read_this_advisory_apply_software_updates => 'Developers, administrators, and project managers who develop, maintain, or support affected QNX-based systems.',
+    :requirements_for_attacker_to_be_succesful => 'To exploit this vulnerability, an attacker must either persuade a user to execute malicious code or exploit an unrelated weakness to gain unrestricted ability to execute code',
+    :impact_if_requirements_met => 'If the requirements are met for exploitation, a successful attacker could potentially access data, modify behavior, or permanently crash the system.',
+    :mitigation => 'This issue is mitigated by the requirement that an attacker must first gain local access to the system, either via manipulating a valid user or by an unrelated weakness in the system. This issue is mitigated completely in systems running on hardware architectures other than 32-bit x86. This issue is also mitigated in systems that do not allow arbitrary programs to be run.',
+    :workarounds_recommendations => 'There are no workarounds for this vulnerability.',
+    :software_updates => [
+      'QNX SDP 6.6.0 https://www.qnx.com/download/group.html?programid=26071',
+      'QNX SDP 6.5.0SP1 https://www.qnx.com/download/group.html?programid=20905',
+      'QNX SDP 6.4.1 https://www.qnx.com/download/group.html?programid=18770',
+      'QNX Momentics Development Suite 6.3.2 https://www.qnx.com/download/group.html?programid=17103',
+      'QNX OS for Safety 1.0.3 http://www.qnx.com/download/group.html?programid=27165',
+      'QNX OS for Medical 1.1.2 http://www.qnx.com/download/group.html?programid=26463'
+    ]
+  }
+}
+```
 ## Brocade Communication Systems, LLC
 ### Advisory
 https://www.broadcom.com/support/fibre-channel-networking/security-advisories