CVE-2017-3891

Name of the Vulnerable Software and Affected Versions BlackBerry QNX Software Development Platform (SDP) version 6.6.0

Description The issue is related to an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled. This could allow an attacker to access local and remote files or take ownership of files on other QNX nodes, regardless of permissions. The attacker can execute commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.

Recommendations For BlackBerry QNX Software Development Platform (SDP) version 6.6.0, consider disabling QNet or restricting its use to minimize the risk of exploitation until a patch is available. Restrict access to sensitive files and nodes to prevent unauthorized access.