7.8

CVE-2017-9247

Multiple unquoted service path vulnerabilities in Sierra Wireless Windows Mobile Broadband Driver Package (MBDP) with build ID < 4657 allows local users to launch processes with elevated privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.215
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

http://support.lenovo.com/us/en/product_security/LEN-12739
Third Party Advisory
https://source.sierrawireless.com/resources/airprime/software/cve-2017-9247-unquoted-service-path-vulnerabilities/
Vendor Advisory