Thursday, 3 August 2017
On 00:26 by admin in vulns No comments
A vulnerability was found in Sierra Wireless Windows Mobile Broadband Driver Package (the affected version is unknown). It has been rated as problematic. This issue affects an unknown function. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.
The weakness was published 08/02/2017. The advisory is shared for download at support.lenovo.com. The identification of this vulnerability is CVE-2017-9247 since 05/28/2017. Attacking locally is a requirement. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
CVSSv3
VulDB Base Score: 5.3VulDB Temp Score: 5.3
VulDB Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X
VulDB Reliability: High
CVSSv2info
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
VulDB Temp Score: 4.1 (CVSS2#E:ND/RL:ND/RC:ND)
VulDB Reliability: High
CPE
- cpe:/a:sierra_wireless:windows_mobile_broadband_driver_package
Exploiting
Class: Privilege escalation (CWE-269)Local: Yes
Remote: No
Availability: No
Price Prediction: steady
Current Price Estimation:
| 0-Day | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
|---|---|---|---|---|
| Today | $0-$5k | $5k-$25k | $25k-$100k | $100k-$500k |
Recommended: no mitigation known
0-Day Time: 0 days since found
Timeline
05/28/2017 CVE assigned08/02/2017 +66 days Advisory disclosed
08/03/2017 +1 days VulDB entry created
08/03/2017 +0 days VulDB last update
Sources
Advisory: support.lenovo.comCVE: CVE-2017-9247 (mitre.org) (nvd.nist.org) (cvedetails.com)
Subscribe to:
Post Comments (Atom)
Search
Sectoon
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...
Blog archive
Top certifications to plan in 2018 ?
0 comments:
Post a comment