Elevation of Privilege Vulnerability in BlackBerry QNX SDP 6.6.0
CVE-2017-3891

8.1HIGH

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (qnx Sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-3891?

An elevation of privilege vulnerability exists in the default configuration of the BlackBerry QNX Software Development Platform (SDP) version 6.6.0 when QNet is enabled. This flaw could allow attackers to execute commands targeting arbitrary nodes in a network of QNX nodes. Consequently, they could gain unauthorized access to local and remote files or take ownership of files on other QNX nodes, irrespective of file permissions. Security measures should be implemented to mitigate risks associated with these potential unauthorized actions.

Affected Version(s)

QNX Software Development Platform (QNX SDP) 6.6.0

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

https://www.midnightbluelabs.com/blog/2017/12/8/elevation...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Dec 21, 2016

Blackberry

What is CVE-2017-3891?

Affected Version(s)

References

CVSS V3.1

Timeline