Elevation of Privilege Vulnerability in BlackBerry QNX SDP 6.6.0
CVE-2017-3891

9.6CRITICAL

Key Information:

Vendor: Blackberry
Status: Qnx Software Development Platform (qnx Sdp)
Vendor: CVE Published:; 14 November 2017

What is CVE-2017-3891?

An elevation of privilege vulnerability exists in the default configuration of the BlackBerry QNX Software Development Platform (SDP) version 6.6.0 when QNet is enabled. This flaw could allow attackers to execute commands targeting arbitrary nodes in a network of QNX nodes. Consequently, they could gain unauthorized access to local and remote files or take ownership of files on other QNX nodes, irrespective of file permissions. Security measures should be implemented to mitigate risks associated with these potential unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QNX Software Development Platform (QNX SDP) 6.6.0

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

https://www.midnightbluelabs.com/blog/2017/12/8/elevation...

x_refsource_MISC

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 14, 2017
Vulnerability Reserved
Dec 21, 2016

JSON

Blackberry

What is CVE-2017-3891?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.