CVE-2017-3891
14.11.2017, 21:29
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.Enginsight
| Vendor | Product | Version |
|---|---|---|
| blackberry | qnx_software_development_platform | 6.6.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-923 - Improper Restriction of Communication Channel to Intended EndpointsThe software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.
- CWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References