Published: 26/09/2018 Updated: 03/10/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ee ee40vb_firmware

# Title: EE 4GEE Mini EE40_00_0200_44 - Privilege Escalation # Date: 2018-09-22 # Software Version: EE40_00_0200_44 # Tested on: Windows 10 64-bit and Windows 7 64-bit # Exploit Author: Osanda Malith Jayathissa (@OsandaMalith) # Original Advisory: blogzerodaylabcom/2018/09/zerodaylab-discovers-ee-unquotedhtml # Original Write-up: https ...

EE 4GEE Mini suffers from a unquoted service path local privilege escalation vulnerability ...

CWE-732 https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/http://www.securityfocus.com/bid/105385 http://packetstormsecurity.com/files/149492/EE-4GEE-Mini-Local-Privilege-Escalation.html http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html https://www.exploit-db.com/exploits/45501/https://nvd.nist.gov https://www.exploit-db.com/exploits/45501/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-14327

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect