The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.
References
Configurations
History
21 Nov 2024, 05:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://danishcyberdefence.dk/blog/sierra_wireless - Third Party Advisory | |
References | () https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs - Vendor Advisory |
Information
Published : 2020-04-15 16:15
Updated : 2024-11-21 05:39
NVD link : CVE-2020-8948
Mitre link : CVE-2020-8948
CVE.ORG link : CVE-2020-8948
JSON object : View
Products Affected
sierrawireless
- mobile_broadband_driver_package
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')