Unquoted Service Path Vulnerability in Sierra Wireless Windows Mobile Broadband Driver Package
CVE-2017-9247

7.8HIGH

Key Information:

Vendor: Sierrawireless
Status: Sierra Wireless Em7455 Software; Sierra Wireless Location Sensor Driver; Sierra Wireless Em7345 Software
Vendor: CVE Published:; 2 August 2017

🔔 Create Sierrawireless Vulnerability Alert

What is CVE-2017-9247?

The unquoted service path vulnerability present in the Sierra Wireless Windows Mobile Broadband Driver Package allows local users to exploit improperly configured service paths. When these paths are not enclosed in quotes, users could potentially escalate their privileges by launching unauthorized processes. This flaw affects versions with build ID less than 4657, putting systems at risk for unauthorized access and control.

References

https://source.sierrawireless.com/resources/airprime/soft...

x_refsource_CONFIRM

http://support.lenovo.com/us/en/product_security/LEN-12739

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2017
Vulnerability Reserved
May 28, 2017