CyberSec.Space Logo
Back to CVE Browser

CVE-2017-3891

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile22.21th
PublishedNov 14, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Affected Platforms (CPE)

📦
Blackberry

Qnx Software Development Platform

= 6.6.0

References & Advisories

🔗 http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
🔗 https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet
🔗 http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
🔗 https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet

Related Vulnerabilities

CVE-2020-693210.0

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Develop...

CVE-2021-221569.0

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Softwa...

CVE-2021-320258.1

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versi...

CVE-2019-89987.8

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc file...