CVE-2018-14327 - OpenCVE

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ee	Ee40vb Ee40vb Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ee:ee40vb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ee:ee40vb:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html
http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html
http://www.securityfocus.com/bid/105385
https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/
https://www.exploit-db.com/exploits/45501/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-09-26T22:00:00

Updated: 2024-08-05T09:21:41.685Z

Reserved: 2018-07-16T00:00:00

Link: CVE-2018-14327

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-09-26T22:29:00.310

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-14327

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-29T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html"}, {"tags": ["x_refsource_MISC"], "url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/"}, {"name": "45501", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45501/"}, {"name": "105385", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105385"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14327", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html", "refsource": "MISC", "url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html"}, {"name": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/", "refsource": "MISC", "url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/"}, {"name": "45501", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45501/"}, {"name": "105385", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105385"}, {"name": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:21:41.685Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/"}, {"name": "45501", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45501/"}, {"name": "105385", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105385"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14327", "datePublished": "2018-09-26T22:00:00", "dateReserved": "2018-07-16T00:00:00", "dateUpdated": "2024-08-05T09:21:41.685Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ee:ee40vb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06AE839F-561A-4C44-B900-95327EDA95CC", "versionEndExcluding": "ee40_00_02.00_45", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ee:ee40vb:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4693BC0-BD61-449F-A4DC-ABD9B03FED39", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the \"Web Connecton\\EE40\" and \"Web Connecton\\EE40\\BackgroundService\" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the \"Web Connecton\\EE40\\BackgroundService\" directory."}, {"lang": "es", "value": "El instalador para el componente OSPREY3_MINI en modems Alcatel de banda ancha m\u00f3vil 4G EE EE40VB con firmware en versiones anteriores a la EE40_00_02.00_45 establece permisos d\u00e9biles (Everyone:Full Control) para los directorios \"Web Connecton\\EE40\" y \"Web Connecton\\EE40\\BackgroundService\", lo que permite que usuarios locales obtengan privilegios. Esto queda demostrado al insertar un archivo troyano ServiceManager.exe en el directorio \"Web Connecton\\EE40\\BackgroundService\"."}], "id": "CVE-2018-14327", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-26T22:29:00.310", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105385"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Technical Description", "Third Party Advisory"], "url": "https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45501/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}