9.3

CVE-2018-14327

Exploit
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EeEe40vb Firmware Version < ee40_00_02.00_45
   EeEe40vb Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.39% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html
Patch
Exploit
http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html
Third Party Advisory
Exploit
VDB Entry
http://www.securityfocus.com/bid/105385
Third Party Advisory
VDB Entry
https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/
Patch
Third Party Advisory
Exploit
Technical Description
https://www.exploit-db.com/exploits/45501/
Third Party Advisory
Exploit
VDB Entry