CVE-2020-8948

The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://danishcyberdefence.dk/blog/sierra_wireless	Third Party Advisory
https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sierrawireless:mobile_broadband_driver_package:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-15 16:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-8948

Mitre link : CVE-2020-8948

CVE.ORG link : CVE-2020-8948

JSON object : View

Products Affected

sierrawireless

mobile_broadband_driver_package

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2020-8948", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-04-15T16:15:17.940", "references": [{"url": "https://danishcyberdefence.dk/blog/sierra_wireless", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges."}, {"lang": "es", "value": "El Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) anteriores al build 5043, permiten a un usuario no privilegiado sobrescribir archivos arbitrarios en carpetas arbitrarias usando enlaces f\u00edsicos. Un usuario no privilegiado podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario con privilegios system."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sierrawireless:mobile_broadband_driver_package:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F878B2BC-720C-4BAE-A508-095FC9131960", "versionEndExcluding": "5043"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}