Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for installation_package by lenovo

    CVE-2019-6196 (GCVE-0-2019-6196)

    Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-17 00:25
    VLAI
    Summary
    A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Installation Packages Affected: unspecified , < 1.2.9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-27431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installation Packages",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.2.9.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-27431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
            }
          ],
          "source": {
            "advisory": "LEN-27431",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2019-6196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installation Packages",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-27431",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-27431"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
              }
            ],
            "source": {
              "advisory": "LEN-27431",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6196",
        "datePublished": "2020-06-09T19:50:34.538Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:55.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6173 (GCVE-0-2019-6173)

    Vulnerability from nvd – Published: 2020-06-09 19:50 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Installation Packages Affected: unspecified , < 1.2.9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-27431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installation Packages",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.2.9.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:33.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-27431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
            }
          ],
          "source": {
            "advisory": "LEN-27431",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2019-6173",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installation Packages",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-27431",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-27431"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
              }
            ],
            "source": {
              "advisory": "LEN-27431",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6173",
        "datePublished": "2020-06-09T19:50:34.062Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:54.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6196 (GCVE-0-2019-6196)

    Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-17 00:25
    VLAI
    Summary
    A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Installation Packages Affected: unspecified , < 1.2.9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-27431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installation Packages",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.2.9.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:34.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-27431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
            }
          ],
          "source": {
            "advisory": "LEN-27431",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2019-6196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installation Packages",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-27431",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-27431"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
              }
            ],
            "source": {
              "advisory": "LEN-27431",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6196",
        "datePublished": "2020-06-09T19:50:34.538Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:25:55.970Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6173 (GCVE-0-2019-6173)

    Vulnerability from cvelistv5 – Published: 2020-06-09 19:50 – Updated: 2024-09-16 17:54
    VLAI
    Summary
    A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Lenovo Installation Packages Affected: unspecified , < 1.2.9.3 (custom)
    Create a notification for this product.
    Date Public
    2020-06-09 00:00
    Credits
    Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:16:24.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/len-27431"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Installation Packages",
              "vendor": "Lenovo",
              "versions": [
                {
                  "lessThan": "1.2.9.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
            }
          ],
          "datePublic": "2020-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426 Untrusted Search Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-09T19:50:33.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/len-27431"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
            }
          ],
          "source": {
            "advisory": "LEN-27431",
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "DATE_PUBLIC": "2020-06-09T18:00:00.000Z",
              "ID": "CVE-2019-6173",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Installation Packages",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "1.2.9.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Lenovo thanks Eran Shimony at CyberArk Labs for reporting this issue"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426 Untrusted Search Path"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.lenovo.com/us/en/product_security/len-27431",
                  "refsource": "MISC",
                  "url": "https://support.lenovo.com/us/en/product_security/len-27431"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected.  Lenovo installation packages version 1.2.9.3 or later are not affected."
              }
            ],
            "source": {
              "advisory": "LEN-27431",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2019-6173",
        "datePublished": "2020-06-09T19:50:34.062Z",
        "dateReserved": "2019-01-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:54:54.225Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }