CVE-2020-8948
HIGHSierra Wireless Mobile Broadband Driver Package < 5043 - Unauthenticated Arbitrary File Write via Hard Link
Title source: llmDescription
The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unprivileged user to overwrite arbitrary files in arbitrary folders using hard links. An unprivileged user could leverage this vulnerability to execute arbitrary code with system privileges.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://danishcyberdefence.dk/blog/sierra_wireless
Scores
CVSS v3
7.8
EPSS
0.0048
EPSS Percentile
37.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
sierrawireless/mobile_broadband_driver_package
< 5043
Published
Apr 15, 2020
Tracked Since
Feb 18, 2026