Vulnerability-Lookup

CVE-2019-6189 (GCVE-0-2019-6189)

Vulnerability from cvelistv5 – Published: 2019-11-20 01:31 – Updated: 2024-09-16 20:16

Summary

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Severity ?

No CVSS data available.

CWE

local privilege escalation

Assigner

lenovo

References

URL

	Vendor	Product	Version
	Lenovo	Lenovo System Interface Foundation	Unknown: unspecified , ≤ 1.1.18.3 (custom)

VAR-201911-0278

Vulnerability from variot - Updated: 2024-11-23 22:51

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Lenovo System Interface Foundation Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0278",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "system interface foundation",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "lenovo",
        "version": "1.1.18.3"
      },
      {
        "model": "system interface foundation",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "lenovo",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:lenovo:system_interface_foundation",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      }
    ]
  },
  "cve": "CVE-2019-6189",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2019-6189",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-157624",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-6189",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6189",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6189",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6189",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-1141",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-157624",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Lenovo System Interface Foundation Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6189",
        "trust": 2.5
      },
      {
        "db": "LENOVO",
        "id": "LEN-29198",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-157624",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "id": "VAR-201911-0278",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:51:37.593000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-29198",
        "trust": 0.8,
        "url": "https://support.lenovo.com/solutions/LEN-29198"
      },
      {
        "title": "Lenovo System Interface Foundation Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103492"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-426",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://support.lenovo.com/solutions/len-29198"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6189"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6189"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/product_security/len-29198"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "date": "2019-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "date": "2019-11-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "date": "2019-11-20T02:15:10.867000",
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-11-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-157624"
      },
      {
        "date": "2019-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      },
      {
        "date": "2019-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      },
      {
        "date": "2024-11-21T04:46:08.257000",
        "db": "NVD",
        "id": "CVE-2019-6189"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo System Interface Foundation Vulnerabilities related to untrusted search paths",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012220"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-1141"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7M4G-94QC-3PRX

Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01

Details

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6189"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-20T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.",
  "id": "GHSA-7m4g-94qc-3prx",
  "modified": "2022-05-24T17:01:38Z",
  "published": "2022-05-24T17:01:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6189"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.com/solutions/LEN-29198"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2019-6189

Vulnerability from fkie_nvd - Published: 2019-11-20 02:15 - Updated: 2024-11-21 04:46

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

References

	URL	Tags
	psirt@lenovo.com	https://support.lenovo.com/solutions/LEN-29198	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.lenovo.com/solutions/LEN-29198	Vendor Advisory

Impacted products

	Vendor	Product	Version
	lenovo	system_interface_foundation	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lenovo:system_interface_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1550BBB-9257-4706-98E8-1771B2468D9C",
              "versionEndExcluding": "1.1.18.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL."
    },
    {
      "lang": "es",
      "value": "Se report\u00f3 una vulnerabilidad potencial en Lenovo System Interface Foundation versiones anteriores a la versi\u00f3n v1.1.18.3 lo que podr\u00eda permitir a un usuario administrativo cargar una DLL sin firmar."
    }
  ],
  "id": "CVE-2019-6189",
  "lastModified": "2024-11-21T04:46:08.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-20T02:15:10.867",
  "references": [
    {
      "source": "psirt@lenovo.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/solutions/LEN-29198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.lenovo.com/solutions/LEN-29198"
    }
  ],
  "sourceIdentifier": "psirt@lenovo.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2020-09987

Vulnerability from cnvd - Published: 2020-02-17

Title

Lenovo System Interface Foundation未签名DLL加载漏洞

Description

Lenovo System Interface Foundation是一系列支持Lenovo Vantage应用程序的系统服务、驱动程序和插件。 Lenovo System Interface Foundation 1.1.18.3之前版本存在未签名DLL加载漏洞。攻击者可利用该漏洞加载未签名的DLL。

Severity

高

Patch Name

Lenovo System Interface Foundation未签名DLL加载漏洞的补丁

Patch Description

Lenovo System Interface Foundation是一系列支持Lenovo Vantage应用程序的系统服务、驱动程序和插件。 Lenovo System Interface Foundation 1.1.18.3之前版本存在未签名DLL加载漏洞。攻击者可利用该漏洞加载未签名的DLL。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.lenovo.com/us/en/downloads/ds105970

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-6189

Impacted products

Name
Lenovo Lenovo System Interface Foundation <1.1.18.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6189",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-6189"
    }
  },
  "description": "Lenovo System Interface Foundation\u662f\u4e00\u7cfb\u5217\u652f\u6301Lenovo Vantage\u5e94\u7528\u7a0b\u5e8f\u7684\u7cfb\u7edf\u670d\u52a1\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u63d2\u4ef6\u3002\n\nLenovo System Interface Foundation 1.1.18.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u672a\u7b7e\u540dDLL\u52a0\u8f7d\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52a0\u8f7d\u672a\u7b7e\u540d\u7684DLL\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.lenovo.com/us/en/downloads/ds105970",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-09987",
  "openTime": "2020-02-17",
  "patchDescription": "Lenovo System Interface Foundation\u662f\u4e00\u7cfb\u5217\u652f\u6301Lenovo Vantage\u5e94\u7528\u7a0b\u5e8f\u7684\u7cfb\u7edf\u670d\u52a1\u3001\u9a71\u52a8\u7a0b\u5e8f\u548c\u63d2\u4ef6\u3002\r\n\r\nLenovo System Interface Foundation 1.1.18.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u672a\u7b7e\u540dDLL\u52a0\u8f7d\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52a0\u8f7d\u672a\u7b7e\u540d\u7684DLL\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Lenovo System Interface Foundation\u672a\u7b7e\u540dDLL\u52a0\u8f7d\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Lenovo Lenovo System Interface Foundation \u003c1.1.18.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-6189",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-20",
  "title": "Lenovo System Interface Foundation\u672a\u7b7e\u540dDLL\u52a0\u8f7d\u6f0f\u6d1e"
}

GSD-2019-6189

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

Aliases

CVE-2019-6189

Aliases

CVE-2019-6189

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6189",
    "description": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.",
    "id": "GSD-2019-6189"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6189"
      ],
      "details": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.",
      "id": "GSD-2019-6189",
      "modified": "2023-12-13T01:23:49.175812Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "DATE_PUBLIC": "2019-11-19T17:00:00.000Z",
        "ID": "CVE-2019-6189",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Lenovo System Interface Foundation",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_affected": "?\u003c=",
                          "version_value": "1.1.18.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Lenovo"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "local privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.lenovo.com/solutions/LEN-29198",
            "refsource": "MISC",
            "url": "https://support.lenovo.com/solutions/LEN-29198"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Update Lenovo System Interface Foundation to version 1.1.18.3 (or higher)"
        }
      ],
      "source": {
        "advisory": "LEN-29198",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:lenovo:system_interface_foundation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.18.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2019-6189"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-426"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/solutions/LEN-29198",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.lenovo.com/solutions/LEN-29198"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-11-22T00:58Z",
      "publishedDate": "2019-11-20T02:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-6189 (GCVE-0-2019-6189)

VAR-201911-0278

GHSA-7M4G-94QC-3PRX

FKIE_CVE-2019-6189

CNVD-2020-09987

GSD-2019-6189

Tags

Sightings

Nomenclature