Vulnerability-Lookup

CVE-2016-8227 (GCVE-0-2016-8227)

Vulnerability from cvelistv5 – Published: 2017-01-26 17:00 – Updated: 2024-08-06 02:13

Summary

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

Severity ?

No CVSS data available.

CWE

Privilege escalation

Assigner

lenovo

References

URL

	Vendor	Product	Version
	Lenovo Group Ltd.	Transition application	Affected: all versions

CNVD-2017-00111

Vulnerability from cnvd - Published: 2017-01-05

Title

Lenovo Transition本地权限提升漏洞

Description

联想Transition是中国联想（Lenovo）公司的一套用来设定视频图片等在不同模式下是否自动全屏的程序。 Lenovo Transition存在本地权限提升漏洞。攻击者可利用该漏洞以管理权限或系统权限执行任意代码。

Severity

高

Patch Name

Lenovo Transition本地权限提升漏洞的补丁

Patch Description

联想Transition是中国联想（Lenovo）公司的一套用来设定视频图片等在不同模式下是否自动全屏的程序。 Lenovo Transition存在本地权限提升漏洞。攻击者可利用该漏洞以管理权限或系统权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/zh/product_security/LEN-12508

Reference

http://www.securityfocus.com/bid/95159

Impacted products

Name
Lenovo Transition 2.0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95159"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8227"
    }
  },
  "description": "\u8054\u60f3Transition\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8bbe\u5b9a\u89c6\u9891\u56fe\u7247\u7b49\u5728\u4e0d\u540c\u6a21\u5f0f\u4e0b\u662f\u5426\u81ea\u52a8\u5168\u5c4f\u7684\u7a0b\u5e8f\u3002\r\n\r\nLenovo Transition\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6216\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Viktor Minin",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/zh/product_security/LEN-12508",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00111",
  "openTime": "2017-01-05",
  "patchDescription": "\u8054\u60f3Transition\u662f\u4e2d\u56fd\u8054\u60f3\uff08Lenovo\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u6765\u8bbe\u5b9a\u89c6\u9891\u56fe\u7247\u7b49\u5728\u4e0d\u540c\u6a21\u5f0f\u4e0b\u662f\u5426\u81ea\u52a8\u5168\u5c4f\u7684\u7a0b\u5e8f\u3002\r\n\r\nLenovo Transition\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7ba1\u7406\u6743\u9650\u6216\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo Transition\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Lenovo Transition 2.0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/95159",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-04",
  "title": "Lenovo Transition\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

FKIE_CVE-2016-8227

Vulnerability from fkie_nvd - Published: 2017-01-26 17:59 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

References

URL	Tags
psirt@lenovo.com	http://www.securityfocus.com/bid/95159
psirt@lenovo.com	https://support.lenovo.com/us/en/product_security/LEN-12508	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95159
af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/us/en/product_security/LEN-12508	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	transition	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:transition:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF3BD30C-B53A-44A7-9E63-3A7B5F5ED6D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escalada de privilegios en la aplicaci\u00f3n Lenovo Transition utilizada en sistemas Lenovo Yoga, Flex y Miix que ejecutan Windows permite a usuarios locales ejecutar c\u00f3digo con privilegios elevados."
    }
  ],
  "id": "CVE-2016-8227",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-26T17:59:00.210",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "url": "http://www.securityfocus.com/bid/95159"
    },
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-12508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/LEN-12508"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201701-0356

Vulnerability from variot - Updated: 2025-04-20 23:32

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201701-0356",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "transition",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "transition",
        "scope": null,
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "yoga systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "0"
      },
      {
        "model": "transition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "lenovo",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:lenovo:transition",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Viktor Minin",
    "sources": [
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-8227",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-8227",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-97047",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2016-8227",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-8227",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-8227",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201612-825",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97047",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. \nA local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8227",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "95159",
        "trust": 2.0
      },
      {
        "db": "LENOVO",
        "id": "LEN-12508",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-97047",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "id": "VAR-201701-0356",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:32:21.079000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-12508",
        "trust": 0.8,
        "url": "https://support.lenovo.com/jp/ja/product_security/LEN-12508"
      },
      {
        "title": "A variety of Lenovo products Transition Fixes for program security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66731"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/95159"
      },
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/us/en/product_security/len-12508"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8227"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8227"
      },
      {
        "trust": 0.3,
        "url": "http://www.lenovo.com/ca/en/"
      },
      {
        "trust": 0.3,
        "url": "https://support.lenovo.com/us/en/product_security/len-12508 "
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "date": "2016-12-29T00:00:00",
        "db": "BID",
        "id": "95159"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "date": "2016-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "date": "2017-01-26T17:59:00.210000",
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-01-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97047"
      },
      {
        "date": "2017-01-12T01:07:00",
        "db": "BID",
        "id": "95159"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      },
      {
        "date": "2017-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2016-8227"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "95159"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Multiple running  Lenovo Used in the system  Lenovo Transition Vulnerability in which privileges are elevated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007081"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-825"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-8227

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

Aliases

CVE-2016-8227

Aliases

CVE-2016-8227

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8227",
    "description": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.",
    "id": "GSD-2016-8227"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8227"
      ],
      "details": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.",
      "id": "GSD-2016-8227",
      "modified": "2023-12-13T01:21:22.066307Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "ID": "CVE-2016-8227",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Transition application",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo Group Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "95159",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95159"
          },
          {
            "name": "https://support.lenovo.com/us/en/product_security/LEN-12508",
            "refsource": "CONFIRM",
            "url": "https://support.lenovo.com/us/en/product_security/LEN-12508"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:transition:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2016-8227"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-12508",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/us/en/product_security/LEN-12508"
            },
            {
              "name": "95159",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95159"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-01-28T02:59Z",
      "publishedDate": "2017-01-26T17:59Z"
    }
  }
}

GHSA-JF5R-5M2H-P5MC

Vulnerability from github – Published: 2022-05-17 03:02 – Updated: 2022-05-17 03:02

Details

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8227"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-26T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.",
  "id": "GHSA-jf5r-5m2h-p5mc",
  "modified": "2022-05-17T03:02:35Z",
  "published": "2022-05-17T03:02:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8227"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/us/en/product_security/LEN-12508"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95159"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8227 (GCVE-0-2016-8227)

CNVD-2017-00111

FKIE_CVE-2016-8227

VAR-201701-0356

GSD-2016-8227

GHSA-JF5R-5M2H-P5MC

Tags

Sightings

Nomenclature