Description
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
Various Sources x_refsource_misc
https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet
Scores
CVSS v3
9.6
EPSS
0.0128
EPSS Percentile
66.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-863
CWE-923
Status
published
Products (2)
BlackBerry/QNX Software Development Platform (QNX SDP)
6.6.0
blackberry/qnx_software_development_platform
6.6.0
Published
Nov 14, 2017
Tracked Since
Feb 18, 2026