VAR-201701-0354
Vulnerability from variot - Updated: 2025-04-20 23:40Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Lenovo63 and so on are all computers of China Lenovo. The LenovoEdgeUSBKeyboardDriver (aka LenovoSlimUSBKeyboard or LenovoLowProfileKeyboard) is one of the keyboard input drivers. The following products are affected: Lenovo Edge Keyboard Driver 1.20 and prior. Lenovo Slim USB Keyboard Driver 1.20 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0354",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "edge keyboard driver",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.20"
},
{
"model": "slim usb keyboard driver",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.20"
},
{
"model": "slim usb keyboard driver",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "1.20"
},
{
"model": "edge keyboard driver",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "1.20"
},
{
"model": "edge usb keyboard",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.21"
},
{
"model": "slim usb keyboard driver",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.21"
},
{
"model": "edge keyboard driver",
"scope": "lte",
"trust": 0.6,
"vendor": "lenovo",
"version": "\u003c=1.20"
},
{
"model": "slim usb keyboard driver",
"scope": "lte",
"trust": 0.6,
"vendor": "lenovo",
"version": "\u003c=1.20"
},
{
"model": "slim usb keyboard driver",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.21"
},
{
"model": "edge keyboard driver",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.21"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "BID",
"id": "95842"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:edge_keyboard_driver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:lenovo:slim_usb_keyboard_driver",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95842"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-02476",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-97045",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8225",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8225",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8225",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02476",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97045",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "VULHUB",
"id": "VHN-97045"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Lenovo63 and so on are all computers of China Lenovo. The LenovoEdgeUSBKeyboardDriver (aka LenovoSlimUSBKeyboard or LenovoLowProfileKeyboard) is one of the keyboard input drivers. \nThe following products are affected:\nLenovo Edge Keyboard Driver 1.20 and prior. \nLenovo Slim USB Keyboard Driver 1.20 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8225"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "BID",
"id": "95842"
},
{
"db": "VULHUB",
"id": "VHN-97045"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8225",
"trust": 3.4
},
{
"db": "BID",
"id": "95842",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-11588",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02476",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97045",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "VULHUB",
"id": "VHN-97045"
},
{
"db": "BID",
"id": "95842"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"id": "VAR-201701-0354",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "VULHUB",
"id": "VHN-97045"
}
],
"trust": 1.3125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
}
]
},
"last_update_date": "2025-04-20T23:40:12.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-11588",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/solutions/LEN-11588"
},
{
"title": "LenovoEdgeUSBKeyboardDriver Local Privilege Escalation Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/90008"
},
{
"title": "A variety of Lenovo products Lenovo Edge USB Keyboard Driver security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68244"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-428",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97045"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95842"
},
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/solutions/len-11588"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8225"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8225"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "VULHUB",
"id": "VHN-97045"
},
{
"db": "BID",
"id": "95842"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"db": "VULHUB",
"id": "VHN-97045"
},
{
"db": "BID",
"id": "95842"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"date": "2017-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-97045"
},
{
"date": "2017-01-26T00:00:00",
"db": "BID",
"id": "95842"
},
{
"date": "2017-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"date": "2017-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"date": "2017-01-26T17:59:00.133000",
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02476"
},
{
"date": "2017-02-01T00:00:00",
"db": "VULHUB",
"id": "VHN-97045"
},
{
"date": "2017-02-02T06:03:00",
"db": "BID",
"id": "95842"
},
{
"date": "2017-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007079"
},
{
"date": "2017-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-170"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95842"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo Edge and Lenovo Slim USB keyboard Driver vulnerable to code execution with elevated privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007079"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-170"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…