CVE-2020-8948
First published: Wed Apr 15 2020(Updated: )
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sierrawireless Mobile Broadband Driver Package | <5043 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8948?
CVE-2020-8948 is a vulnerability in the Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 that allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links, potentially leading to arbitrary code execution with system privileges.
What is the severity of CVE-2020-8948?
The severity of CVE-2020-8948 is high, with a CVSS score of 7.8.
How does CVE-2020-8948 affect Sierra Wireless Mobile Broadband Driver Package?
CVE-2020-8948 affects Sierra Wireless Mobile Broadband Driver Package versions prior to build 5043.
How can an attacker exploit CVE-2020-8948?
An attacker can exploit CVE-2020-8948 by leveraging the vulnerability to overwrite arbitrary files in arbitrary folders using hard links, potentially executing arbitrary code with system privileges.
Is there a fix for CVE-2020-8948?
Yes, updating Sierra Wireless Mobile Broadband Driver Package to build 5043 or later resolves CVE-2020-8948.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sierrawireless
- canonical/sierrawireless mobile broadband driver package