CVE-2017-3891
First published: Tue Nov 14 2017(Updated: )
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
Credit: secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry QNX Software Development Platform | =6.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-3891?
CVE-2017-3891 is an elevation of privilege vulnerability in the BlackBerry QNX Software Development Platform (SDP) 6.6.0.
What is the severity of CVE-2017-3891?
The severity of CVE-2017-3891 is high with a CVSS score of 8.1.
How does CVE-2017-3891 impact the QNX SDP?
CVE-2017-3891 allows an attacker to access local and remote files or take ownership of files on the QNX SDP.
How can I fix CVE-2017-3891?
To fix CVE-2017-3891, it is recommended to update to a version of the BlackBerry QNX Software Development Platform (SDP) that does not have this vulnerability.
Where can I find more information about CVE-2017-3891?
More information about CVE-2017-3891 can be found in the references: http://support.blackberry.com/kb/articleDetail?articleNumber=000046674 and https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- vendor/blackberry
- canonical/blackberry qnx software development platform
- version/blackberry qnx software development platform/6.6.0