CVE-2017-5873

MEDIUM

Unisys s-Par <4.4.20 - Privilege Escalation

Title source: llm

Description

Unquoted Windows search path vulnerability in the guest service in Unisys s-Par before 4.4.20 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe.

References (1)

[Exploit, Mitigation, Vendor Advisory] http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=41

Scores

CVSS v3 6.7

EPSS 0.0006

EPSS Percentile 20.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-428

Status published

Affected Products (3)

unisys/secure_partitioning

n/a/n/a

Timeline

Published Apr 11, 2017

Tracked Since Feb 18, 2026