CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-3891

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.1640%
EPSS Percentile22.21th
Published2017年11月14日
Last Modified2026年5月13日

Vulnerability Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Affected Platforms (CPE)

📦
Blackberry

Qnx Software Development Platform

= 6.6.0

References & Advisories

🔗 http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
🔗 https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet
🔗 http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
🔗 https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet

関連する脆弱性情報

CVE-2020-693210.0

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Develop...

CVE-2021-221569.0

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Softwa...

CVE-2021-320258.1

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versi...

CVE-2019-89987.8

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc file...