Thursday, 3 August 2017

On 00:26 by admin in    No comments
A vulnerability was found in Sierra Wireless Windows Mobile Broadband Driver Package (the affected version is unknown). It has been rated as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.

The weakness was published 08/02/2017. The advisory is shared for download at support.lenovo.com. The identification of this vulnerability is CVE-2017-9247 since 05/28/2017. Attacking locally is a requirement. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

CVSSv3

VulDB Base Score: 5.3
VulDB Temp Score: 5.3
VulDB Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: High

CVSSv2info

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score: 4.1 (CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P)
VulDB Temp Score: 4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: High

CPE

  • cpe:/a:sierra_wireless:windows_mobile_broadband_driver_package

Exploiting

Class: Privilege escalation (CWE-269)
Local: Yes
Remote: No

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k
Countermeasures

Recommended: no mitigation known
0-Day Time: 0 days since found

Timeline

05/28/2017   CVE assigned
08/02/2017  +66 days Advisory disclosed
08/03/2017  +1 days VulDB entry created
08/03/2017  +0 days VulDB last update

Sources

Advisory: support.lenovo.com

CVE: CVE-2017-9247 (mitre.org) (nvd.nist.org) (cvedetails.com)

0 comments:

Post a comment