CVE-2017-5873

MEDIUM

Unisys s-Par <4.4.20 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

References (1)

Core 1
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_confirm
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41

Scores

CVSS v3 6.7
EPSS 0.0041
EPSS Percentile 32.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (2)
unisys/secure_partitioning 4.3.403
unisys/secure_partitioning 4.4.19
Published Apr 11, 2017
Tracked Since Feb 18, 2026