Privilege escalation attacks rely on a user with limited access to a system being able to obtain a higher level of access, in an illicit manner-such as through a vulnerability exploit, or improper permissions on shared files.īecause this particular vulnerability relies on tampering with the Huawei driver software installed on a computer, local or physical access to the computer is required, making this a case of local privilege escalation.īleepingComputer reached out to Trustwave to get some insights on the vulnerability: "All a malicious user needs to do is to replace the file with its own code and wait for a legitimate user to start using the cellular data service via Huawei device," says Rakhmanov. The mbbserviceopen file had full read/write/execute permissions for all users (Trustwave)
0 Comments
Leave a Reply. |