Vulnerabilites related to Lenovo - System Update
cve-2020-8342
Vulnerability from cvelistv5
Published
2020-09-15 14:20
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-42150 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | System Update |
Version: unspecified < 5.07.0106 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.07.0106",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T14:20:17",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
}
],
"source": {
"advisory": "LEN-42150",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-15T16:00:00.000Z",
"ID": "CVE-2020-8342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.07.0106"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-42150",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0106 (or newer)."
}
],
"source": {
"advisory": "LEN-42150",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8342",
"datePublished": "2020-09-15T14:20:18.072338Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-17T00:01:40.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6163
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27348 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | System Update |
Version: unspecified < 5.07.0084 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.07.0084",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T18:56:07",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27348",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6163",
"datePublished": "2019-06-26T14:12:34.696699Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T23:41:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6175
Vulnerability from cvelistv5
Published
2019-09-26 15:22
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-28093 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | System Update |
Version: unspecified < 5.07.0088 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-28093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.07.0088",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:22:15",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-28093"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
}
],
"source": {
"advisory": "LEN-28093",
"discovery": "EXTERNAL"
},
"title": "System Update Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6175",
"STATE": "PUBLIC",
"TITLE": "System Update Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.07.0088"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-28093",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-28093"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0088 (or newer)"
}
],
"source": {
"advisory": "LEN-28093",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6175",
"datePublished": "2019-09-26T15:22:15",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0354
Vulnerability from cvelistv5
Published
2022-04-22 20:30
Modified
2024-08-02 23:25
Severity ?
EPSS score ?
Summary
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-76673 | x_refsource_MISC | |
| https://www.infosec.tirol/cve-2022-0354/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | System Update |
Version: various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infosec.tirol/cve-2022-0354/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure GUI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-26T22:24:43",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infosec.tirol/cve-2022-0354/"
}
],
"solutions": [
{
"lang": "en",
"value": "Follow Mitigation Strategy in LEN-76673."
}
],
"source": {
"advisory": "LEN-76673",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2022-0354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Daniel Feichter (@VirtualAllocEx) at Infosec Tirol for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure GUI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-76673",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-76673"
},
{
"name": "https://www.infosec.tirol/cve-2022-0354/",
"refsource": "MISC",
"url": "https://www.infosec.tirol/cve-2022-0354/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Follow Mitigation Strategy in LEN-76673."
}
],
"source": {
"advisory": "LEN-76673",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-0354",
"datePublished": "2022-04-22T20:30:47",
"dateReserved": "2022-01-24T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201505-0140
Vulnerability from variot
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. Lenovo System Update is prone to a security-bypass vulnerability. Attackers can exploit this issue through man-in-the-middle attacks to execute arbitrary code, which may lead to further attacks. Versions prior to Lenovo System Update 5.6.0.27 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc. The vulnerability stems from the fact that the program does not verify the CA chain correctly when performing signature verification operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0140",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.06.0034"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.27"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.34"
}
],
"sources": [
{
"db": "BID",
"id": "74642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Milvich and Sofiane Talmat of IOActive",
"sources": [
{
"db": "BID",
"id": "74642"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2015-2233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-80194",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2233",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2233",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80194",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80194"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. Lenovo System Update is prone to a security-bypass vulnerability. \nAttackers can exploit this issue through man-in-the-middle attacks to execute arbitrary code, which may lead to further attacks. \nVersions prior to Lenovo System Update 5.6.0.27 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc. The vulnerability stems from the fact that the program does not verify the CA chain correctly when performing signature verification operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2233"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "BID",
"id": "74642"
},
{
"db": "VULHUB",
"id": "VHN-80194"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2233",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032268",
"trust": 1.7
},
{
"db": "BID",
"id": "74642",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80194",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80194"
},
{
"db": "BID",
"id": "74642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"id": "VAR-201505-0140",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80194"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:44:17.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80194"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 2.0,
"url": "http://www.ioactive.com/pdfs/lenovo_system_update_multiple_privilege_escalations.pdf"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id/1032268"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74642"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2233"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80194"
},
{
"db": "BID",
"id": "74642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80194"
},
{
"db": "BID",
"id": "74642"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-80194"
},
{
"date": "2015-05-12T00:00:00",
"db": "BID",
"id": "74642"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"date": "2015-05-12T19:59:14.070000",
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80194"
},
{
"date": "2015-05-12T00:00:00",
"db": "BID",
"id": "74642"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002673"
},
{
"date": "2015-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-102"
},
{
"date": "2024-11-21T02:27:02.663000",
"db": "NVD",
"id": "CVE-2015-2233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerable to uploading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-102"
}
],
"trust": 0.6
}
}
var-202204-1314
Vulnerability from variot
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. Lenovo of System Update There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2022-02-25"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "2022-02-25"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "system update",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"cve": "CVE-2022-0354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-0354",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-413305",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-0354",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@lenovo.com",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2022-0354",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-0354",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-0354",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2022-0354",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-0354",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-4279",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-413305",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-0354",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. Lenovo of System Update There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0354"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "VULMON",
"id": "CVE-2022-0354"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0354",
"trust": 3.4
},
{
"db": "LENOVO",
"id": "LEN-76673",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4279",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-413305",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0354",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"id": "VAR-202204-1314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-413305"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:32:53.198000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lenovo Vantage Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190714"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Code injection (CWE-94) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-94",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.infosec.tirol/cve-2022-0354/"
},
{
"trust": 2.6,
"url": "https://support.lenovo.com/us/en/product_security/len-76673"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0354"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0354/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-413305"
},
{
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-413305"
},
{
"date": "2022-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"date": "2023-07-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"date": "2022-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"date": "2022-04-22T21:15:10.187000",
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-413305"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-0354"
},
{
"date": "2023-07-28T08:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-008720"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4279"
},
{
"date": "2024-11-21T06:38:26.727000",
"db": "NVD",
"id": "CVE-2022-0354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo\u00a0 of \u00a0System\u00a0Update\u00a0 Code injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008720"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4279"
}
],
"trust": 0.6
}
}
var-200807-0235
Vulnerability from variot
The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer. This issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo's System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values (issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------
Secunia Network Software Inspector 2.0 (NSI) - Public Beta
The Public Beta has ended. Thanks to all that participated.
Learn more: http://secunia.com/network_software_inspector_2/
TITLE: ThinkVantage System Update Missing SSL Certificate Chain Verification
SECUNIA ADVISORY ID: SA30379
VERIFY ADVISORY: http://secunia.com/advisories/30379/
CRITICAL: Less critical
IMPACT: Spoofing
WHERE:
From remote
SOFTWARE: ThinkVantage System Update 3.x http://secunia.com/product/15450/
DESCRIPTION: Derek Callaway has reported a security issue in ThinkVantage System Update, which can be exploited by malicious people to conduct spoofing attacks.
Successful exploitation allows e.g. downloading and executing malicious programs, but requires that the application connects to a malicious update server providing a specially crafted X.509 certificate (e.g. via DNS poisoning). Other versions may also be affected. http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-66956
PROVIDED AND/OR DISCOVERED BY: Derek Callaway, Security Objectives
ORIGINAL ADVISORY: SECOBJADV-2008-01: http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200807-0235",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkvantage system update",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "3.13"
},
{
"model": "thinkvantage system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.13.0005"
},
{
"model": "thinkvantage system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "3.14"
},
{
"model": "thinkvantage system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "3.13.0005"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.14"
}
],
"sources": [
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:thinkvantage_system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Derek Callaway",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2008-3249",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-33374",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3249",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200807-352",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33374",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The client in Lenovo System Update before 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote attackers to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM. Lenovo System Update is prone to a security-bypass vulnerability because the application fails to properly check SSL certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers, which can lead to the installation of arbitrary software on an affected computer. This may result in a complete compromise of the computer. \nThis issue affects Lenovo System Update 3 (Version 3.13.0005, Build date 2008-1-3); other versions may also be vulnerable. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Lenovo\u0027s System Update service allows downloading and installing arbitrary update executables from fake servers. After the SSL negotiation is successful, the client will continue to download the XML file, which contains the path name, size and related SHA-1 hash to the EXE file. If the software version displayed in the XML file is higher than the version of the installed software, the EXE file will be downloaded, the SHA-1 hash will be calculated and compared with the hash defined in the XML file, and if it matches, it will be administrator Permission to execute executable programs. To exploit this vulnerability, the attacker must create a self-signed SSL certificate that contains the X.509 header values \u200b\u200b(issuer, common name, organization, etc.) of the public SSL certificate used by the SystemUpdate server (download.boulder.ibm.com) , the attacker would also modify the XML configuration file of the targeted software package so that the version number, file size, and SHA-1 hash match the malicious EXE file. When SystemUpdate tries to connect to the server, the attacker can accept the connection through techniques such as DNS spoofing and ARP redirection. Wireless networks are especially at risk because impersonation of access points can simplify attacks. Once SystemUpdate connects to TCP port 443, the fake server negotiates an SSL session with an attacker-created SSL certificate, then sends malicious XML and EXE files when SystemUpdate requests the targeted software package. ----------------------------------------------------------------------\n\nSecunia Network Software Inspector 2.0 (NSI) - Public Beta\n\nThe Public Beta has ended. Thanks to all that participated. \n\nLearn more:\nhttp://secunia.com/network_software_inspector_2/\n\n----------------------------------------------------------------------\n\nTITLE:\nThinkVantage System Update Missing SSL Certificate Chain Verification\n\nSECUNIA ADVISORY ID:\nSA30379\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/30379/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSpoofing\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nThinkVantage System Update 3.x\nhttp://secunia.com/product/15450/\n\nDESCRIPTION:\nDerek Callaway has reported a security issue in ThinkVantage System\nUpdate, which can be exploited by malicious people to conduct\nspoofing attacks. \n\nSuccessful exploitation allows e.g. downloading and executing\nmalicious programs, but requires that the application connects to a\nmalicious update server providing a specially crafted X.509\ncertificate (e.g. via DNS poisoning). Other versions\nmay also be affected. \nhttp://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-66956\n\nPROVIDED AND/OR DISCOVERED BY:\nDerek Callaway, Security Objectives\n\nORIGINAL ADVISORY:\nSECOBJADV-2008-01:\nhttp://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "PACKETSTORM",
"id": "66635"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3249",
"trust": 2.8
},
{
"db": "BID",
"id": "29366",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "30379",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1020112",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080525 SECOBJADV-2008-01: LENOVO SYSTEMUPDATE SSL CERTIFICATE ISSUER SPOOFING VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "42638",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33374",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "66635",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"id": "VAR-200807-0235",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:53:54.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lenovo System Update",
"trust": 0.8,
"url": "http://support.lenovo.com/en_US/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.security-objectives.com/advisories/secobjadv-2008-01.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/29366"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/492579"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1020112"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/30379"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42638"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3249"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3249"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/42638"
},
{
"trust": 0.4,
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=migr-66956"
},
{
"trust": 0.3,
"url": "/archive/1/492579"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/15450/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector_2/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/30379/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33374"
},
{
"db": "BID",
"id": "29366"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"db": "PACKETSTORM",
"id": "66635"
},
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-33374"
},
{
"date": "2008-05-25T00:00:00",
"db": "BID",
"id": "29366"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"date": "2008-05-27T20:29:09",
"db": "PACKETSTORM",
"id": "66635"
},
{
"date": "2008-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"date": "2008-07-21T17:41:00",
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-33374"
},
{
"date": "2015-05-07T17:28:00",
"db": "BID",
"id": "29366"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004654"
},
{
"date": "2009-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200807-352"
},
{
"date": "2024-11-21T00:48:48.303000",
"db": "NVD",
"id": "CVE-2008-3249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerability to install arbitrary packages on the client",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200807-352"
}
],
"trust": 0.6
}
}
var-202003-1198
Vulnerability from variot
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. Lenovo System Update Exists in a digital signature validation vulnerability.Information may be tampered with. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. Security vulnerabilities exist in Lenovo System Update 5.07.0008 and earlier versions. An attacker could exploit this vulnerability to bypass signature checks for updates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0008"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
}
]
},
"cve": "CVE-2015-7336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7336",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-008634",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85297",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7336",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-008634",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7336",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2015-008634",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1670",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85297",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed. Lenovo System Update Exists in a digital signature validation vulnerability.Information may be tampered with. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. Security vulnerabilities exist in Lenovo System Update 5.07.0008 and earlier versions. An attacker could exploit this vulnerability to bypass signature checks for updates",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "VULMON",
"id": "CVE-2015-7336"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7336",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1670",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85297",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7336",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"id": "VAR-202003-1198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85297"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:11:35.804000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-347",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7336"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7336"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/347.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85297"
},
{
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85297"
},
{
"date": "2020-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"date": "2020-03-27T15:15:11.710000",
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-85297"
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7336"
},
{
"date": "2020-04-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008634"
},
{
"date": "2020-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1670"
},
{
"date": "2024-11-21T02:36:36.740000",
"db": "NVD",
"id": "CVE-2015-7336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Digital Signature Verification Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1670"
}
],
"trust": 0.6
}
}
var-202003-1196
Vulnerability from variot
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) that checks for new drivers and installs them. There is a privilege escalation vulnerability in Lenovo System Update 5.07.0008 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1196",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0008"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
}
]
},
"cve": "CVE-2015-7334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7334",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-008628",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-85295",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2015-7334",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2015-008628",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7334",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2015-008628",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85295",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) that checks for new drivers and installs them. There is a privilege escalation vulnerability in Lenovo System Update 5.07.0008 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7334"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "VULHUB",
"id": "VHN-85295"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7334",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85295",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"id": "VAR-202003-1196",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85295"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:55:16.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"title": "Lenovo System Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7334"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7334"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85295"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85295"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"date": "2020-03-27T15:15:11.617000",
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85295"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008628"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1671"
},
{
"date": "2024-11-21T02:36:36.490000",
"db": "NVD",
"id": "CVE-2015-7334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerability related to authority management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1671"
}
],
"trust": 0.6
}
}
var-201704-0227
Vulnerability from variot
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability.". Lenovo System Update ( Old ThinkVantage System Update) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Lenovo System Update is prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to gain elevated privileges. Versions prior to Lenovo System Update 5.07.0019 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0013"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0019"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.07.0013"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.34"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.28"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.27"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.14"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.7.19"
}
],
"sources": [
{
"db": "BID",
"id": "98037"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sofiane Talmat of IOActive",
"sources": [
{
"db": "BID",
"id": "98037"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8110",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-8110",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-86071",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2015-8110",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8110",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8110",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1365",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86071",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) \"Click here to learn more\" or (2) \"View privacy policy\" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a \"local privilege escalation vulnerability.\". Lenovo System Update ( Old ThinkVantage System Update) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Lenovo System Update is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this vulnerability to gain elevated privileges. \nVersions prior to Lenovo System Update 5.07.0019 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8110"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "BID",
"id": "98037"
},
{
"db": "VULHUB",
"id": "VHN-86071"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8110",
"trust": 2.8
},
{
"db": "BID",
"id": "98037",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-86071",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86071"
},
{
"db": "BID",
"id": "98037"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"id": "VAR-201704-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86071"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:26:47.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/lsu_privilege"
},
{
"title": "Lenovo System Update Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69730"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86071"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 2.0,
"url": "https://ioactive.com/pdfs/ioactive_advisory_lenovo_tvsukernel-escalation-privileges.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/98037"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8110"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8110"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86071"
},
{
"db": "BID",
"id": "98037"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86071"
},
{
"db": "BID",
"id": "98037"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-86071"
},
{
"date": "2017-04-24T00:00:00",
"db": "BID",
"id": "98037"
},
{
"date": "2017-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"date": "2017-04-24T06:59:00.540000",
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-86071"
},
{
"date": "2017-05-02T00:10:00",
"db": "BID",
"id": "98037"
},
{
"date": "2017-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007541"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1365"
},
{
"date": "2024-11-21T02:38:02.247000",
"db": "NVD",
"id": "CVE-2015-8110"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "98037"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1365"
}
],
"trust": 0.6
}
}
var-202003-1195
Vulnerability from variot
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. There is a privilege escalation vulnerability in Lenovo System Update 5.07.0008 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1195",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0008"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
}
]
},
"cve": "CVE-2015-7333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7333",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-008627",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-85294",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2015-7333",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2015-008627",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2015-008627",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1666",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85294",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7333",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. There is a privilege escalation vulnerability in Lenovo System Update 5.07.0008 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "VULMON",
"id": "CVE-2015-7333"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7333",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85294",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7333",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"id": "VAR-202003-1195",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85294"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:59:23.088000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"title": "Lenovo System Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113066"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7333"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7333"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85294"
},
{
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85294"
},
{
"date": "2020-03-27T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"date": "2020-03-27T15:15:11.553000",
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85294"
},
{
"date": "2020-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7333"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008627"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1666"
},
{
"date": "2024-11-21T02:36:36.367000",
"db": "NVD",
"id": "CVE-2015-7333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerability related to authority management in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1666"
}
],
"trust": 0.6
}
}
var-201909-0026
Vulnerability from variot
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Lenovo System Update Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Lenovo 3000 C100, etc. are all products of China Lenovo (Lenovo). The Lenovo 3000 C100 is a laptop. The Lenovo 3000 C200 is a laptop. Lenovo ThinkCentre is a desktop computer. Lenovo System Update is one of the system update tools. A denial of service vulnerability exists in several Lenovo products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Lenovo 3000 C100; 3000 C200; 3000 N100; 3000 N200; 3000 V100; 3000 V200; Lenovo 3000 J100; ;3000 S200p;3000 S205;ThinkPad;ThinkCentre;ThinkStation;Lenovo V Series;B Series;K Series;E Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201909-0026",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "5.07.0088"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
}
]
},
"cve": "CVE-2019-6175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6175",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157610",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6175",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6175",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6175",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-6175",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201909-1102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157610",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations. Lenovo System Update Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Lenovo 3000 C100, etc. are all products of China Lenovo (Lenovo). The Lenovo 3000 C100 is a laptop. The Lenovo 3000 C200 is a laptop. Lenovo ThinkCentre is a desktop computer. Lenovo System Update is one of the system update tools. A denial of service vulnerability exists in several Lenovo products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Lenovo 3000 C100; 3000 C200; 3000 N100; 3000 N200; 3000 V100; 3000 V200; Lenovo 3000 J100; ;3000 S200p;3000 S205;ThinkPad;ThinkCentre;ThinkStation;Lenovo V Series;B Series;K Series;E Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6175"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "VULHUB",
"id": "VHN-157610"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6175",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-28093",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157610",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"id": "VAR-201909-0026",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157610"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:06:01.697000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-28093",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-28093"
},
{
"title": "Multiple Lenovo Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=98520"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/solutions/len-28093"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6175"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6175"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/solutions/len-28093"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157610"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157610"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"date": "2019-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"date": "2019-09-26T16:15:12.050000",
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-157610"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-009739"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201909-1102"
},
{
"date": "2024-11-21T04:46:06.273000",
"db": "NVD",
"id": "CVE-2019-6175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-009739"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201909-1102"
}
],
"trust": 0.6
}
}
var-201710-0056
Vulnerability from variot
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. Lenovo System Update ( Old ThinkVantage System Update) Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc. A race condition vulnerability exists in versions prior to Lenovo System Update 5.06.0043. An attacker could exploit this vulnerability to run arbitrary commands with a specially crafted security token
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0056",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.06.0034"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0013"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.06.0034"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
}
]
},
"cve": "CVE-2015-6971",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6971",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-84932",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2015-6971",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6971",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6971",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-427",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84932",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84932"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables. Lenovo System Update ( Old ThinkVantage System Update) Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc. A race condition vulnerability exists in versions prior to Lenovo System Update 5.06.0043. An attacker could exploit this vulnerability to run arbitrary commands with a specially crafted security token",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6971"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "VULHUB",
"id": "VHN-84932"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6971",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-89992",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-84932",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84932"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"id": "VAR-201710-0056",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84932"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:40:21.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/en/product_security/lsu_privilege"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84932"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.7,
"url": "https://www.trustwave.com/resources/security-advisories/advisories/twsl2015-018/?fid=7172"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6971"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6971"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84932"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84932"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84932"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"date": "2017-10-03T01:29:00.637000",
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-84932"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008002"
},
{
"date": "2017-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-427"
},
{
"date": "2024-11-21T02:35:58.100000",
"db": "NVD",
"id": "CVE-2015-6971"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008002"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-427"
}
],
"trust": 0.6
}
}
var-201805-0936
Vulnerability from variot
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. Lenovo System Update Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow attackers to execute arbitrary code with elevated privileges. Failed exploits may result in denial-of-service conditions. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Document Title: =============== Lenovo SU v5.07 - Buffer Overflow & Code Execution Vulnerability
References (Source):
https://www.vulnerability-lab.com/get_content.php?id=2131
Lenovo Security ID: LEN-19625
https://nvd.nist.gov/vuln/detail/CVE-2018-9063 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9063
Acknowledgements: https://support.lenovo.com/us/fr/solutions/len-19625
News & Press References: https://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers https://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9063
CVE-ID:
CVE-2018-9063
Release Date:
2018-07-12
Vulnerability Laboratory ID (VL-ID):
2131
Common Vulnerability Scoring System:
7.8
Vulnerability Class:
Buffer Overflow
Current Estimated Price:
4.000a! - 5.000a!
Abstract Advisory Information:
The vulnerability laboratory core research team discovered a local buffer overflow vulnerability in the official Lenovo SU v5.7.x & v5.6.x. software.
Vulnerability Disclosure Timeline:
2018-05-03: Release Date (Lenovo) 2018-07-12: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
Published
Affected Product(s):
Lenovo Product: SU (MapDrv - mapdrv.exe) 5.7.19, 5.6.34, 5.6.0.28 & 5.6.0.27
Exploitation Technique:
Local
Severity Level:
High
Authentication Type:
Restricted authentication (user/moderator) - User privileges
User Interaction:
No User Interaction
Disclosure Type:
Responsible Disclosure Program
Technical Details & Description:
A local buffer overflow and arbitrary code exeuction has been discovered in the official Lenovo SU v5.7.x & v5.6.x. software. The vulnerability allows to overwrite the active registers of the process to compromise the affected software by gaining higher system access privileges.
Exploitation of the local buffer overflow vulnerability requires no user interaction and system user process privileges of the driver. Successful exploitation of the buffer overflow vulnerability results in a compromise of the local system process or affected computer system.
Vulnerable Driver: [+] MapDrv
Affected Process: [+] mapdrv.exe
Proof of Concept (PoC):
The vulnerability can be exploited by local attackers with system process privileges and without user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below.
--- Debug Error Exception Session Log (Exception) --- (d8c.1988): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=029ab7a0 ebx=0031fe05 ecx=00000041 edx=fd974860 esi=029a9d70 edi=0031fd04 eip=00a256b3 esp=0031e54c ebp=0031fc70 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206 *** ERROR: Module load completed but symbols could not be loaded for image00a20000 image00a20000+0x56b3: 00a256b3 66890c02 mov word ptr [edx+eax],cx ds:0023:00320000=0000
--- Debug Session Log [Exception Analysis] --- FAULTING_IP: image00a20000+56b3 00a256b3 66890c02 mov word ptr [edx+eax],cx
EXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff) ExceptionAddress: 00a256b3 (image00a20000+0x000056b3) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000001 Parameter[1]: 00320000 Attempt to write to address 00320000
FAULTING_THREAD: 00001988 PROCESS_NAME: image00a20000 FAULTING_MODULE: 77ab0000 ntdll DEBUG_FLR_IMAGE_TIMESTAMP: 594b6578 ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. WRITE_ADDRESS: 00320000 BUGCHECK_STR: ACCESS_VIOLATION
IP_ON_HEAP: 00410041 The fault address in not in any loaded module, please check your build's rebase log at binbuild_logstimebuildntrebase.log for module which may contain the address if it were loaded.
DEFAULT_BUCKET_ID: WRONG_SYMBOLS FRAME ONE INVALID: 1800200000000a LAST_CONTROL_TRANSFER: from 00410041 to 00a256b3
STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 0031fc70 00410041 00410041 00410041 00410041 image00a20000+0x56b3 0031fc74 00410041 00410041 00410041 00410041 0x410041 0031fc78 00410041 00410041 00410041 00410041 0x410041 0031fc7c 00410041 00410041 00410041 00410041 0x410041 0031fc80 00410041 00410041 00410041 00410041 0x410041 0031fc84 00410041 00410041 00410041 00410041 0x410041 0031fc88 00410041 00410041 00410041 00410041 0x410041 0031fc8c 00410041 00410041 00410041 00410041 0x410041 0031fc90 00410041 00410041 00410041 00410041 0x410041 0031fc94 00410041 00410041 00410041 00410041 0x410041 0031fc98 00410041 00410041 00410041 00410041 0x410041 0031fc9c 00410041 00410041 00410041 00410041 0x410041 0031fca0 00410041 00410041 00410041 00410041 0x410041 0031fca4 00410041 00410041 00410041 00410041 0x410041 0031fca8 00410041 00410041 00410041 00410041 0x410041 0031fcac 00410041 00410041 00410041 00410041 0x410041 0031fcb0 00410041 00410041 00410041 00410041 0x410041 0031fcb4 00410041 00410041 00410041 00410041 0x410041 0031fcb8 00410041 00410041 00410041 00410041 0x410041 0031fcbc 00410041 00410041 00410041 00410041 0x410041 0031fcc0 00410041 00410041 00410041 00410041 0x410041 0031fcc4 00410041 00410041 00410041 00410041 0x410041 0031fcc8 00410041 00410041 00410041 00410041 0x410041 0031fccc 00410041 00410041 00410041 00410041 0x410041 0031fcd0 00410041 00410041 00410041 00410041 0x410041 0031fcd4 00410041 00410041 00410041 00410041 0x410041 0031fcd8 00410041 00410041 00410041 00410041 0x410041 0031fcdc 00410041 00410041 00410041 00410041 0x410041 0031fce0 00410041 00410041 00410041 00410041 0x410041 0031fce4 00410041 00410041 00410041 00410041 0x410041 0031fce8 00410041 00410041 00410041 00410041 0x410041 0031fcec 00410041 00410041 00410041 00410041 0x410041 0031fcf0 00410041 00410041 00410041 00410041 0x410041 0031fcf4 00410041 00410041 00410041 00410041 0x410041 0031fcf8 00410041 00410041 00410041 00410041 0x410041 0031fcfc 00410041 00410041 00410041 00410041 0x410041 0031fd00 00410041 00410041 00410041 00410041 0x410041 0031fd04 00410041 00410041 00410041 00410041 0x410041 0031fd08 00410041 00410041 00410041 00410041 0x410041 0031fd0c 00410041 00410041 00410041 00410041 0x410041 0031fd10 00410041 00410041 00410041 00410041 0x410041 0031fd14 00410041 00410041 00410041 00410041 0x410041 0031fd18 00410041 00410041 00410041 00410041 0x410041 0031fd1c 00410041 00410041 00410041 00410041 0x410041 0031fd20 00410041 00410041 00410041 00410041 0x410041 0031fd24 00410041 00410041 00410041 00410041 0x410041 0031fd28 00410041 00410041 00410041 00410041 0x410041 0031fd2c 00410041 00410041 00410041 00410041 0x410041 0031fd30 00410041 00410041 00410041 00410041 0x410041 0031fd34 00410041 00410041 00410041 00410041 0x410041 0031fd38 00410041 00410041 00410041 00410041 0x410041 0031fd3c 00410041 00410041 00410041 00410041 0x410041 0031fd40 00410041 00410041 00410041 00410041 0x410041 0031fd44 00410041 00410041 00410041 00410041 0x410041 0031fd48 00410041 00410041 00410041 00410041 0x410041 0031fd4c 00410041 00410041 00410041 00410041 0x410041 0031fd50 00410041 00410041 00410041 00410041 0x410041 0031fd54 00410041 00410041 00410041 00410041 0x410041 0031fd58 00410041 00410041 00410041 00410041 0x410041 0031fd5c 00410041 00410041 00410041 00410041 0x410041 0031fd60 00410041 00410041 00410041 00410041 0x410041 0031fd64 00410041 00410041 00410041 00410041 0x410041 0031fd68 00410041 00410041 00410041 00410041 0x410041 0031fd6c 00410041 00410041 00410041 00410041 0x410041 0031fd70 00410041 00410041 00410041 00410041 0x410041 0031fd74 00410041 00410041 00410041 00410041 0x410041 0031fd78 00410041 00410041 00410041 00410041 0x410041 0031fd7c 00410041 00410041 00410041 00410041 0x410041 0031fd80 00410041 00410041 00410041 00410041 0x410041 0031fd84 00410041 00410041 00410041 00410041 0x410041 0031fd88 00410041 00410041 00410041 00410041 0x410041 0031fd8c 00410041 00410041 00410041 00410041 0x410041 0031fd90 00410041 00410041 00410041 00410041 0x410041 0031fd94 00410041 00410041 00410041 00410041 0x410041 0031fd98 00410041 00410041 00410041 00410041 0x410041
PRIMARY_PROBLEM_CLASS: STACK_CORRUPTION
FOLLOWUP_IP: image00a20000+56b3 00a256b3 66890c02 mov word ptr [edx+eax],cx
SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner MODULE_NAME: image00a20000 IMAGE_NAME: image00a20000 SYMBOL_NAME: image00a20000+56b3 STACK_COMMAND: ~0s ; kb BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
0:000> lmvm image00a20000 start end module name 00a20000 00bd2000 image00a20000 (no symbols) Loaded symbol image file: C:Program FilesLenovoSystem Updatemapdrv.exe Image path: image00a20000 Image name: image00a20000 Timestamp: Wed Jun 21 23:36:40 2017 (594B6578) CheckSum: 001BA113 ImageSize: 001B2000 File version: 1.0.0.1 Product version: 1.0.0.1 File flags: 0 (Mask 3F) File OS: 4 Unknown Win32 File type: 1.0 App File date: 00000000.00000000 Translations: 0409.04b0 ProductName: Map Network Drive InternalName: mapdrv OriginalFilename: mapdrv.exe ProductVersion: 1, 0, 0, 1 FileVersion: 1, 0, 0, 1 FileDescription: Map Network Drive Application LegalCopyright: Copyright Lenovo 2005, 2006, all rights reserved. Copyright IBM Corporation 1996-2005, all rights reserved.
Solution - Fix & Patch:
Update Lenovo System Update to version 5.07.0072 or later. You can determine the currently installed version by opening Lenovo System Update, clicking on the green question mark in the top right corner and then selecting aAbout.a
Lenovo System Update can be updated by choosing either of the following methods:
Lenovo System Update automatically checks for a later version whenever the application is run. Click OK when prompted that a new version is available.
Credits & Authors:
S.AbenMassaoud - https://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud
Disclaimer & Information:
The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.
Domains: www.vulnerability-lab.com www.vuln-lab.com
www.vulnerability-db.com
Services: magazine.vulnerability-lab.com paste.vulnerability-db.com
infosec.vulnerability-db.com
Social: twitter.com/vuln_lab facebook.com/VulnerabilityLab
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php
vulnerability-lab.com/rss/rss_upcoming.php
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php
vulnerability-lab.com/register.php
vulnerability-lab.com/list-of-bug-bounty-programs.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@ or research@) to get a ask permission.
Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution
Security GmbH]aC/
VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0936",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "5.07.0072"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.7.19"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.34"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.28"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.27"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.7.72"
}
],
"sources": [
{
"db": "BID",
"id": "104125"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SaifAllah benMassaoud @benmassaou.",
"sources": [
{
"db": "BID",
"id": "104125"
}
],
"trust": 0.3
},
"cve": "CVE-2018-9063",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-9063",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-139095",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-9063",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-9063",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-9063",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-174",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-139095",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MapDrv (C:\\Program Files\\Lenovo\\System Update\\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program\u0027s buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. Lenovo System Update Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Update is prone to a local buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nSuccessful exploits may allow attackers to execute arbitrary code with elevated privileges. Failed exploits may result in denial-of-service conditions. Lenovo System Update is a set of system automatic update tools from Lenovo in China, which includes device driver updates, Windows system patch updates, etc. Document Title:\n===============\nLenovo SU v5.07 - Buffer Overflow \u0026 Code Execution Vulnerability\n\n\nReferences (Source):\n====================\nhttps://www.vulnerability-lab.com/get_content.php?id=2131\n\nLenovo Security ID: LEN-19625\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9063\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9063\n\nAcknowledgements: https://support.lenovo.com/us/fr/solutions/len-19625\n\nNews \u0026 Press References:\nhttps://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers\nhttps://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html\n\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9063\n\nCVE-ID:\n=======\nCVE-2018-9063\n\n\nRelease Date:\n=============\n2018-07-12\n\n\nVulnerability Laboratory ID (VL-ID):\n====================================\n2131\n\n\nCommon Vulnerability Scoring System:\n====================================\n7.8\n\n\nVulnerability Class:\n====================\nBuffer Overflow\n\n\nCurrent Estimated Price:\n========================\n4.000a! - 5.000a!\n\n\nAbstract Advisory Information:\n==============================\nThe vulnerability laboratory core research team discovered a local\nbuffer overflow vulnerability in the official Lenovo SU v5.7.x \u0026 v5.6.x. \nsoftware. \n\n\nVulnerability Disclosure Timeline:\n==================================\n2018-05-03: Release Date (Lenovo)\n2018-07-12: Public Disclosure (Vulnerability Laboratory)\n\n\nDiscovery Status:\n=================\nPublished\n\n\nAffected Product(s):\n====================\nLenovo\nProduct: SU (MapDrv - mapdrv.exe) 5.7.19, 5.6.34, 5.6.0.28 \u0026 5.6.0.27\n\n\nExploitation Technique:\n=======================\nLocal\n\n\nSeverity Level:\n===============\nHigh\n\n\nAuthentication Type:\n====================\nRestricted authentication (user/moderator) - User privileges\n\n\nUser Interaction:\n=================\nNo User Interaction\n\n\nDisclosure Type:\n================\nResponsible Disclosure Program\n\n\nTechnical Details \u0026 Description:\n================================\nA local buffer overflow and arbitrary code exeuction has been discovered\nin the official Lenovo SU v5.7.x \u0026 v5.6.x. software. \nThe vulnerability allows to overwrite the active registers of the\nprocess to compromise the affected software by gaining\nhigher system access privileges. \n\nExploitation of the local buffer overflow vulnerability requires no user\ninteraction and system user process privileges of the driver. \nSuccessful exploitation of the buffer overflow vulnerability results in\na compromise of the local system process or affected computer system. \n\nVulnerable Driver:\n[+] MapDrv\n\nAffected Process:\n[+] mapdrv.exe\n\n\nProof of Concept (PoC):\n=======================\nThe vulnerability can be exploited by local attackers with system\nprocess privileges and without user interaction. \nFor security demonstration or to reproduce the vulnerability follow the\nprovided information and steps below. \n\n\n--- Debug Error Exception Session Log (Exception) ---\n(d8c.1988): Access violation - code c0000005 (first chance)\nFirst chance exceptions are reported before any exception handling. \nThis exception may be expected and handled. \neax=029ab7a0 ebx=0031fe05 ecx=00000041 edx=fd974860 esi=029a9d70\nedi=0031fd04\neip=00a256b3 esp=0031e54c ebp=0031fc70 iopl=0 nv up ei pl nz na\npe nc\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000\nefl=00210206\n*** ERROR: Module load completed but symbols could not be loaded for\nimage00a20000\nimage00a20000+0x56b3:\n00a256b3 66890c02 mov word ptr [edx+eax],cx\nds:0023:00320000=0000\n\n--- Debug Session Log [Exception Analysis] ---\nFAULTING_IP:\nimage00a20000+56b3\n00a256b3 66890c02 mov word ptr [edx+eax],cx\n\nEXCEPTION_RECORD: ffffffff -- (.exr ffffffffffffffff)\nExceptionAddress: 00a256b3 (image00a20000+0x000056b3)\n ExceptionCode: c0000005 (Access violation)\n ExceptionFlags: 00000000\nNumberParameters: 2\n Parameter[0]: 00000001\n Parameter[1]: 00320000\nAttempt to write to address 00320000\n\nFAULTING_THREAD: 00001988\nPROCESS_NAME: image00a20000\nFAULTING_MODULE: 77ab0000 ntdll\nDEBUG_FLR_IMAGE_TIMESTAMP: 594b6578\nERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx\nreferenced memory at 0x%08lx. The memory could not be %s. \nWRITE_ADDRESS: 00320000\nBUGCHECK_STR: ACCESS_VIOLATION\n\nIP_ON_HEAP: 00410041\nThe fault address in not in any loaded module, please check your build\u0027s\nrebase\nlog at \u003creleasedir\u003ebinbuild_logstimebuildntrebase.log for module which may\ncontain the address if it were loaded. \n\nDEFAULT_BUCKET_ID: WRONG_SYMBOLS\nFRAME ONE INVALID: 1800200000000a\nLAST_CONTROL_TRANSFER: from 00410041 to 00a256b3\n\nSTACK_TEXT:\nWARNING: Stack unwind information not available. Following frames may be\nwrong. \n0031fc70 00410041 00410041 00410041 00410041 image00a20000+0x56b3\n0031fc74 00410041 00410041 00410041 00410041 0x410041\n0031fc78 00410041 00410041 00410041 00410041 0x410041\n0031fc7c 00410041 00410041 00410041 00410041 0x410041\n0031fc80 00410041 00410041 00410041 00410041 0x410041\n0031fc84 00410041 00410041 00410041 00410041 0x410041\n0031fc88 00410041 00410041 00410041 00410041 0x410041\n0031fc8c 00410041 00410041 00410041 00410041 0x410041\n0031fc90 00410041 00410041 00410041 00410041 0x410041\n0031fc94 00410041 00410041 00410041 00410041 0x410041\n0031fc98 00410041 00410041 00410041 00410041 0x410041\n0031fc9c 00410041 00410041 00410041 00410041 0x410041\n0031fca0 00410041 00410041 00410041 00410041 0x410041\n0031fca4 00410041 00410041 00410041 00410041 0x410041\n0031fca8 00410041 00410041 00410041 00410041 0x410041\n0031fcac 00410041 00410041 00410041 00410041 0x410041\n0031fcb0 00410041 00410041 00410041 00410041 0x410041\n0031fcb4 00410041 00410041 00410041 00410041 0x410041\n0031fcb8 00410041 00410041 00410041 00410041 0x410041\n0031fcbc 00410041 00410041 00410041 00410041 0x410041\n0031fcc0 00410041 00410041 00410041 00410041 0x410041\n0031fcc4 00410041 00410041 00410041 00410041 0x410041\n0031fcc8 00410041 00410041 00410041 00410041 0x410041\n0031fccc 00410041 00410041 00410041 00410041 0x410041\n0031fcd0 00410041 00410041 00410041 00410041 0x410041\n0031fcd4 00410041 00410041 00410041 00410041 0x410041\n0031fcd8 00410041 00410041 00410041 00410041 0x410041\n0031fcdc 00410041 00410041 00410041 00410041 0x410041\n0031fce0 00410041 00410041 00410041 00410041 0x410041\n0031fce4 00410041 00410041 00410041 00410041 0x410041\n0031fce8 00410041 00410041 00410041 00410041 0x410041\n0031fcec 00410041 00410041 00410041 00410041 0x410041\n0031fcf0 00410041 00410041 00410041 00410041 0x410041\n0031fcf4 00410041 00410041 00410041 00410041 0x410041\n0031fcf8 00410041 00410041 00410041 00410041 0x410041\n0031fcfc 00410041 00410041 00410041 00410041 0x410041\n0031fd00 00410041 00410041 00410041 00410041 0x410041\n0031fd04 00410041 00410041 00410041 00410041 0x410041\n0031fd08 00410041 00410041 00410041 00410041 0x410041\n0031fd0c 00410041 00410041 00410041 00410041 0x410041\n0031fd10 00410041 00410041 00410041 00410041 0x410041\n0031fd14 00410041 00410041 00410041 00410041 0x410041\n0031fd18 00410041 00410041 00410041 00410041 0x410041\n0031fd1c 00410041 00410041 00410041 00410041 0x410041\n0031fd20 00410041 00410041 00410041 00410041 0x410041\n0031fd24 00410041 00410041 00410041 00410041 0x410041\n0031fd28 00410041 00410041 00410041 00410041 0x410041\n0031fd2c 00410041 00410041 00410041 00410041 0x410041\n0031fd30 00410041 00410041 00410041 00410041 0x410041\n0031fd34 00410041 00410041 00410041 00410041 0x410041\n0031fd38 00410041 00410041 00410041 00410041 0x410041\n0031fd3c 00410041 00410041 00410041 00410041 0x410041\n0031fd40 00410041 00410041 00410041 00410041 0x410041\n0031fd44 00410041 00410041 00410041 00410041 0x410041\n0031fd48 00410041 00410041 00410041 00410041 0x410041\n0031fd4c 00410041 00410041 00410041 00410041 0x410041\n0031fd50 00410041 00410041 00410041 00410041 0x410041\n0031fd54 00410041 00410041 00410041 00410041 0x410041\n0031fd58 00410041 00410041 00410041 00410041 0x410041\n0031fd5c 00410041 00410041 00410041 00410041 0x410041\n0031fd60 00410041 00410041 00410041 00410041 0x410041\n0031fd64 00410041 00410041 00410041 00410041 0x410041\n0031fd68 00410041 00410041 00410041 00410041 0x410041\n0031fd6c 00410041 00410041 00410041 00410041 0x410041\n0031fd70 00410041 00410041 00410041 00410041 0x410041\n0031fd74 00410041 00410041 00410041 00410041 0x410041\n0031fd78 00410041 00410041 00410041 00410041 0x410041\n0031fd7c 00410041 00410041 00410041 00410041 0x410041\n0031fd80 00410041 00410041 00410041 00410041 0x410041\n0031fd84 00410041 00410041 00410041 00410041 0x410041\n0031fd88 00410041 00410041 00410041 00410041 0x410041\n0031fd8c 00410041 00410041 00410041 00410041 0x410041\n0031fd90 00410041 00410041 00410041 00410041 0x410041\n0031fd94 00410041 00410041 00410041 00410041 0x410041\n0031fd98 00410041 00410041 00410041 00410041 0x410041\n\nPRIMARY_PROBLEM_CLASS: STACK_CORRUPTION\n\nFOLLOWUP_IP:\nimage00a20000+56b3\n00a256b3 66890c02 mov word ptr [edx+eax],cx\n\nSYMBOL_STACK_INDEX: 0\nFOLLOWUP_NAME: MachineOwner\nMODULE_NAME: image00a20000\nIMAGE_NAME: image00a20000\nSYMBOL_NAME: image00a20000+56b3\nSTACK_COMMAND: ~0s ; kb\nBUCKET_ID: WRONG_SYMBOLS\n\nFollowup: MachineOwner\n---------\n0:000\u003e lmvm image00a20000\nstart end module name\n00a20000 00bd2000 image00a20000 (no symbols)\n Loaded symbol image file: C:Program FilesLenovoSystem Updatemapdrv.exe\n Image path: image00a20000\n Image name: image00a20000\n Timestamp: Wed Jun 21 23:36:40 2017 (594B6578)\n CheckSum: 001BA113\n ImageSize: 001B2000\n File version: 1.0.0.1\n Product version: 1.0.0.1\n File flags: 0 (Mask 3F)\n File OS: 4 Unknown Win32\n File type: 1.0 App\n File date: 00000000.00000000\n Translations: 0409.04b0\n ProductName: Map Network Drive\n InternalName: mapdrv\n OriginalFilename: mapdrv.exe\n ProductVersion: 1, 0, 0, 1\n FileVersion: 1, 0, 0, 1\n FileDescription: Map Network Drive Application\n LegalCopyright: Copyright Lenovo 2005, 2006, all rights reserved. \nCopyright IBM Corporation 1996-2005, all rights reserved. \n\n\nSolution - Fix \u0026 Patch:\n=======================\nUpdate Lenovo System Update to version 5.07.0072 or later. You can\ndetermine the currently installed version by\nopening Lenovo System Update, clicking on the green question mark in the\ntop right corner and then selecting aAbout.a\n\nLenovo System Update can be updated by choosing either of the following\nmethods:\n\nLenovo System Update automatically checks for a later version whenever\nthe application is run. \nClick OK when prompted that a new version is available. \n\n\nCredits \u0026 Authors:\n==================\nS.AbenMassaoud -\nhttps://www.vulnerability-lab.com/show.php?user=S.AbenMassaoud\n\n\nDisclaimer \u0026 Information:\n=========================\nThe information provided in this advisory is provided as it is without\nany warranty. Vulnerability Lab disclaims all warranties,\neither expressed or implied, including the warranties of merchantability\nand capability for a particular purpose. Vulnerability-Lab\nor its suppliers are not liable in any case of damage, including direct,\nindirect, incidental, consequential loss of business profits\nor special damages, even if Vulnerability-Lab or its suppliers have been\nadvised of the possibility of such damages. Some states do\nnot allow the exclusion or limitation of liability for consequential or\nincidental damages so the foregoing limitation may not apply. \nWe do not approve or encourage anybody to break any licenses, policies,\ndeface websites, hack into databases or trade with stolen data. \n\nDomains: www.vulnerability-lab.com\t\twww.vuln-lab.com\t\t\t\nwww.vulnerability-db.com\nServices: magazine.vulnerability-lab.com\tpaste.vulnerability-db.com \t\t\ninfosec.vulnerability-db.com\nSocial:\t twitter.com/vuln_lab\t\tfacebook.com/VulnerabilityLab \t\t\nyoutube.com/user/vulnerability0lab\nFeeds:\t vulnerability-lab.com/rss/rss.php\nvulnerability-lab.com/rss/rss_upcoming.php\nvulnerability-lab.com/rss/rss_news.php\nPrograms: vulnerability-lab.com/submit.php\nvulnerability-lab.com/register.php\nvulnerability-lab.com/list-of-bug-bounty-programs.php\n\nAny modified copy or reproduction, including partially usages, of this\nfile requires authorization from Vulnerability Laboratory. \nPermission to electronically redistribute this alert in its unmodified\nform is granted. All other rights, including the use of other\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. \nAll pictures, texts, advisories, source code, videos and other\ninformation on this website is trademark of vulnerability-lab team \u0026 the\nspecific authors or managers. To record, list, modify, use or\nedit our material contact (admin@ or research@) to get a ask permission. \n\n\t\t\t\t Copyright A(c) 2018 | Vulnerability Laboratory - [Evolution\nSecurity GmbH]aC/\n-- \nVULNERABILITY LABORATORY - RESEARCH TEAM\nSERVICE: www.vulnerability-lab.com\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9063"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "BID",
"id": "104125"
},
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "PACKETSTORM",
"id": "148533"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-139095",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-9063",
"trust": 2.9
},
{
"db": "LENOVO",
"id": "LEN-19625",
"trust": 2.1
},
{
"db": "BID",
"id": "104125",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "148533",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-139095",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "BID",
"id": "104125"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "PACKETSTORM",
"id": "148533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"id": "VAR-201805-0936",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:05:06.690000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-19625",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-19625"
},
{
"title": "Lenovo System Update Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79879"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/solutions/len-19625"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/104125"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9063"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9063"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/ie/en/solutions/len-19625"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-lab.com/get_content.php?id=2131"
},
{
"trust": 0.1,
"url": "https://www.securityweek.com/lenovo-patches-secure-boot-vulnerability-servers"
},
{
"trust": 0.1,
"url": "https://securityaffairs.co/wordpress/72335/security/lenovo-security-updates.html"
},
{
"trust": 0.1,
"url": "https://support.lenovo.com/en/documents/ht080136"
},
{
"trust": 0.1,
"url": "https://support.lenovo.com/us/fr/solutions/len-19625"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-db.com"
},
{
"trust": 0.1,
"url": "https://www.vulnerability-lab.com/show.php?user=s.abenmassaoud"
},
{
"trust": 0.1,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2018-9063"
},
{
"trust": 0.1,
"url": "https://www.vuln-lab.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "BID",
"id": "104125"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "PACKETSTORM",
"id": "148533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-139095"
},
{
"db": "BID",
"id": "104125"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "PACKETSTORM",
"id": "148533"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-139095"
},
{
"date": "2018-05-05T00:00:00",
"db": "BID",
"id": "104125"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"date": "2018-07-12T14:44:44",
"db": "PACKETSTORM",
"id": "148533"
},
{
"date": "2018-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"date": "2018-05-04T17:29:00.770000",
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-139095"
},
{
"date": "2018-05-05T00:00:00",
"db": "BID",
"id": "104125"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"date": "2018-05-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-174"
},
{
"date": "2024-11-21T04:14:53.817000",
"db": "NVD",
"id": "CVE-2018-9063"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104125"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004915"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-174"
}
],
"trust": 0.6
}
}
var-202003-1197
Vulnerability from variot
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202003-1197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0008"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0008"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
}
]
},
"cve": "CVE-2015-7335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-7335",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-008629",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-85296",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2015-7335",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2015-008629",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7335",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2015-008629",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202003-1668",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85296",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges. Lenovo System Update Exists in a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7335"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "VULHUB",
"id": "VHN-85296"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7335",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85296",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"id": "VAR-202003-1197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85296"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:51:37.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"title": "Lenovo System Update Repair measures for the competition condition problem loophole",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113067"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7335"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7335"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85296"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-85296"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"date": "2020-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"date": "2020-03-27T15:15:11.663000",
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85296"
},
{
"date": "2020-04-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008629"
},
{
"date": "2020-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202003-1668"
},
{
"date": "2024-11-21T02:36:36.613000",
"db": "NVD",
"id": "CVE-2015-7335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Race condition vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008629"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202003-1668"
}
],
"trust": 0.6
}
}
var-201704-0226
Vulnerability from variot
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability.". Lenovo System Update ( Old ThinkVantage System Update) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Lenovo System Update is prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to gain Administrator or SYSTEM level privileges. Versions prior to Lenovo System Update 5.07.0019 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0013"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0019"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.07.0013"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.34"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.14"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.7.19"
}
],
"sources": [
{
"db": "BID",
"id": "98039"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sofiane Talmat of IOActive",
"sources": [
{
"db": "BID",
"id": "98039"
}
],
"trust": 0.3
},
"cve": "CVE-2015-8109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-8109",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-86070",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2015-8109",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8109",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-8109",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86070",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86070"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a \"temporary administrator account vulnerability.\". Lenovo System Update ( Old ThinkVantage System Update) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Lenovo System Update is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this vulnerability to gain Administrator or SYSTEM level privileges. \nVersions prior to Lenovo System Update 5.07.0019 are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "BID",
"id": "98039"
},
{
"db": "VULHUB",
"id": "VHN-86070"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8109",
"trust": 2.8
},
{
"db": "BID",
"id": "98039",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-86070",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86070"
},
{
"db": "BID",
"id": "98039"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"id": "VAR-201704-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86070"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:41:31.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/lsu_privilege"
},
{
"title": "Lenovo System Update Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69731"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86070"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 2.0,
"url": "https://ioactive.com/pdfs/ioactive_advisory_lenovo_systemupdate-insecure-random-admin-password.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/98039"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8109"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8109"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86070"
},
{
"db": "BID",
"id": "98039"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-86070"
},
{
"db": "BID",
"id": "98039"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-86070"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "98039"
},
{
"date": "2017-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"date": "2017-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"date": "2017-04-24T06:59:00.507000",
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-86070"
},
{
"date": "2017-05-02T00:10:00",
"db": "BID",
"id": "98039"
},
{
"date": "2017-05-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007542"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1366"
},
{
"date": "2024-11-21T02:38:02.113000",
"db": "NVD",
"id": "CVE-2015-8109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "98039"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1366"
}
],
"trust": 0.6
}
}
var-201906-0118
Vulnerability from variot
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Lenovo System Update Contains vulnerabilities related to improper shutdown and release of resources.Service operation interruption (DoS) There is a possibility of being put into a state. Lenovo 3000 C100, etc. are all products of China Lenovo (Lenovo). The Lenovo 3000 C100 is a laptop. The Lenovo 3000 C200 is a laptop. Lenovo ThinkCentre is a desktop computer. Lenovo System Update is one of the system update tools. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Lenovo 3000 C100; Lenovo 3000 C200; Lenovo 3000 N100; Lenovo 3000 N200; Lenovo 3000 V100; Lenovo 3000 V200; Lenovo 3000 J100; Lenovo 3000 J105; Lenovo 3000 J15; Lenovo 300 J15; Lenovo 3000 J200p; Lenovo 3000 J205; Lenovo 3000 S200; Lenovo 3000 S200p; Lenovo 3000 S205; ThinkPad (all models); ThinkCentre (all models); ThinkStation; Lenovo V/B/K/E Series
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lt",
"trust": 1.8,
"vendor": "lenovo",
"version": "5.07.0084"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
}
]
},
"cve": "CVE-2019-6163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-6163",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-157598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-6163",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@lenovo.com",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2019-6163",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6163",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2019-6163",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6163",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-939",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-157598",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157598"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations. Lenovo System Update Contains vulnerabilities related to improper shutdown and release of resources.Service operation interruption (DoS) There is a possibility of being put into a state. Lenovo 3000 C100, etc. are all products of China Lenovo (Lenovo). The Lenovo 3000 C100 is a laptop. The Lenovo 3000 C200 is a laptop. Lenovo ThinkCentre is a desktop computer. Lenovo System Update is one of the system update tools. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Lenovo 3000 C100; Lenovo 3000 C200; Lenovo 3000 N100; Lenovo 3000 N200; Lenovo 3000 V100; Lenovo 3000 V200; Lenovo 3000 J100; Lenovo 3000 J105; Lenovo 3000 J15; Lenovo 300 J15; Lenovo 3000 J200p; Lenovo 3000 J205; Lenovo 3000 S200; Lenovo 3000 S200p; Lenovo 3000 S205; ThinkPad (all models); ThinkCentre (all models); ThinkStation; Lenovo V/B/K/E Series",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6163"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "VULHUB",
"id": "VHN-157598"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6163",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-27348",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-157598",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157598"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"id": "VAR-201906-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-157598"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:33:54.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-27348",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/len-27348"
},
{
"title": "Lenovo System Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-404",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157598"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6163"
},
{
"trust": 1.1,
"url": "https://support.lenovo.com/solutions/len-27348"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6163"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/solutions/len-27348"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157598"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-157598"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157598"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"date": "2019-06-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"date": "2019-06-26T14:15:10.107000",
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-13T00:00:00",
"db": "VULHUB",
"id": "VHN-157598"
},
{
"date": "2019-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005773"
},
{
"date": "2019-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-939"
},
{
"date": "2024-11-21T04:46:03.560000",
"db": "NVD",
"id": "CVE-2019-6163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerable to improper resource shutdown and release",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005773"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-939"
}
],
"trust": 0.6
}
}
var-202009-1525
Vulnerability from variot
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Lenovo System Update Has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to escalate privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.07.0106"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.07.0106 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"cve": "CVE-2020-8342",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2020-8342",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-186467",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2020-8342",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "psirt@lenovo.com",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2020-8342",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-011306",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8342",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2020-8342",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-8342",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-653",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-186467",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186467"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Lenovo System Update Has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to escalate privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8342"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "VULHUB",
"id": "VHN-186467"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8342",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-42150",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50095",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186467",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186467"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"id": "VAR-202009-1525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186467"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:29:28.604000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-42150",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/LEN-42150"
},
{
"title": "Lenovo System Update Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128099"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "CWE-367",
"trust": 1.1
},
{
"problemtype": "Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186467"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.lenovo.com/us/en/product_security/len-42150"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8342"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50095"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186467"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186467"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-186467"
},
{
"date": "2021-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"date": "2020-09-15T15:15:14.293000",
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-186467"
},
{
"date": "2021-03-26T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2020-011306"
},
{
"date": "2022-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-653"
},
{
"date": "2024-11-21T05:38:44.797000",
"db": "NVD",
"id": "CVE-2020-8342"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo\u00a0System\u00a0Update\u00a0 In \u00a0Time-of-check\u00a0Time-of-use\u00a0(TOCTOU)\u00a0 Race condition vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011306"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competition condition problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-653"
}
],
"trust": 0.6
}
}
var-201505-0141
Vulnerability from variot
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Lenovo System Update is prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to gain elevated privileges. Lenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0141",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.06.0034"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3.14"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
}
],
"sources": [
{
"db": "BID",
"id": "74634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Milvich and Sofiane Talmat of IOActive",
"sources": [
{
"db": "BID",
"id": "74634"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2234",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2015-2234",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-80195",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2234",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-2234",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-103",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80195",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. Lenovo System Update is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this vulnerability to gain elevated privileges. \nLenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "BID",
"id": "74634"
},
{
"db": "VULHUB",
"id": "VHN-80195"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2234",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032268",
"trust": 1.7
},
{
"db": "BID",
"id": "74634",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80195",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80195"
},
{
"db": "BID",
"id": "74634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"id": "VAR-201505-0141",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80195"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:44:18.016000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80195"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 1.7,
"url": "http://www.ioactive.com/pdfs/lenovo_system_update_multiple_privilege_escalations.pdf"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id/1032268"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74634"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2234"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2234"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80195"
},
{
"db": "BID",
"id": "74634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80195"
},
{
"db": "BID",
"id": "74634"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-80195"
},
{
"date": "2015-05-12T00:00:00",
"db": "BID",
"id": "74634"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"date": "2015-05-12T19:59:15.027000",
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80195"
},
{
"date": "2015-05-15T00:12:00",
"db": "BID",
"id": "74634"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002674"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-103"
},
{
"date": "2024-11-21T02:27:02.807000",
"db": "NVD",
"id": "CVE-2015-2234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "74634"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerable to gaining privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002674"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-103"
}
],
"trust": 0.6
}
}
var-201505-0137
Vulnerability from variot
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update is prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to execute arbitrary commands with SYSTEM privileges. Lenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0137",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system update",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "5.06.0034"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "5.06.0027"
},
{
"model": "system update",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.0.27"
},
{
"model": "system update",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "5.6.34"
}
],
"sources": [
{
"db": "BID",
"id": "74649"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:system_update",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Milvich and Sofiane Talmat of IOActive",
"sources": [
{
"db": "BID",
"id": "74649"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2219",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-2219",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-80180",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-2219",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-2219",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-099",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80180",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. Lenovo System Update is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this vulnerability to execute arbitrary commands with SYSTEM privileges. \nLenovo System Update 5.6.0.27 and prior versions are vulnerable. Lenovo System Update (formerly known as ThinkVantage System Update) is a set of system automatic update tools provided by China Lenovo (Lenovo), which includes device driver updates, Windows system patch updates, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2219"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "BID",
"id": "74649"
},
{
"db": "VULHUB",
"id": "VHN-80180"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-80180",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2219",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1032268",
"trust": 1.7
},
{
"db": "BID",
"id": "74649",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "41708",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "132019",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-80180",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
},
{
"db": "BID",
"id": "74649"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"id": "VAR-201505-0137",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:44:17.986000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-2015-011",
"trust": 0.8,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"title": "systemupdate506-05-15-2015",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://support.lenovo.com/us/en/product_security/lsu_privilege"
},
{
"trust": 2.0,
"url": "http://www.ioactive.com/pdfs/lenovo_system_update_multiple_privilege_escalations.pdf"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id/1032268"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/74649"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2219"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2219"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80180"
},
{
"db": "BID",
"id": "74649"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80180"
},
{
"db": "BID",
"id": "74649"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-80180"
},
{
"date": "2015-04-14T00:00:00",
"db": "BID",
"id": "74649"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"date": "2015-05-12T19:59:10.587000",
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80180"
},
{
"date": "2015-04-14T00:00:00",
"db": "BID",
"id": "74649"
},
{
"date": "2015-05-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002672"
},
{
"date": "2015-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-099"
},
{
"date": "2024-11-21T02:27:01.687000",
"db": "NVD",
"id": "CVE-2015-2219"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "74649"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo System Update Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002672"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-099"
}
],
"trust": 0.6
}
}