Vulnerability Details CVE-2020-8948
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://danishcyberdefence.dk/blog/sierra_wireless
- https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs
- https://danishcyberdefence.dk/blog/sierra_wireless
- https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2020-002-cve-2020-8948/#sthash.ByZB8ifG.dpbs
Products affected by CVE-2020-8948
-
cpe:2.3:a:sierrawireless:mobile_broadband_driver_package:*