CVE-2017-3891 — CRITICAL (9.6)

Vulnerability Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Blackberry	Qnx Software Development Platform	6.6.0

Related Weaknesses (CWE)

CWE-923 CWE-863

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000046674MitigationVendor Advisory
https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerabi
http://support.blackberry.com/kb/articleDetail?articleNumber=000046674MitigationVendor Advisory
https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerabi

FAQ

What is CVE-2017-3891?

CVE-2017-3891 is a vulnerability with a CVSS score of 9.6 (CRITICAL). In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QN...

How severe is CVE-2017-3891?

CVE-2017-3891 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-3891?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform.