CVE-2017-3891

EPSS 0.3%
Published 14.11.2017 21:29:00
Last modified 22.08.2025 15:15:30
Source secure@blackberry.com
Teams watchlist Login
Open Login

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Affected products Warnungen 0 Metrics 4 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Blackberry ≫ Qnx Software Development Platform Version6.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.527

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
secure@blackberry.com	9.6	2.8	6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

CWE-923 Improper Restriction of Communication Channel to Intended Endpoints

The product establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

http://support.blackberry.com/kb/articleDetail?articleNumber=000046674

Vendor Advisory

Mitigation

https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet

https://nvd.nist.gov/vuln/detail/CVE-2017-3891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3891

EUVD