PT-2020-20386 · Sierra Wireless · Sierra Wireless Windows Mobile Broadband Driver Package

Published

2020-04-15

Updated

2021-07-21

CVE-2020-8948

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) versions prior to build 5043

Description The issue allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. This could be leveraged to execute arbitrary code with system privileges.

Recommendations For versions prior to build 5043, update to build 5043 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and folders to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2020-8948

Affected Products

Sierra Wireless Windows Mobile Broadband Driver Package

PT-2020-20386 · Sierra Wireless · Sierra Wireless Windows Mobile Broadband Driver Package

CVE-2020-8948

Weakness Enumeration

Related Identifiers

Affected Products

References · 5