CVE-2020-8948

The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sierrawireless:mobile_broadband_driver_package:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:39

Type Values Removed Values Added
References () https://danishcyberdefence.dk/blog/sierra_wireless - Third Party Advisory () https://danishcyberdefence.dk/blog/sierra_wireless - Third Party Advisory
References () https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs - Vendor Advisory () https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs - Vendor Advisory

Information

Published : 2020-04-15 16:15

Updated : 2024-11-21 05:39


NVD link : CVE-2020-8948

Mitre link : CVE-2020-8948

CVE.ORG link : CVE-2020-8948


JSON object : View

Products Affected

sierrawireless

  • mobile_broadband_driver_package
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')