VAR-201701-0356
Vulnerability from variot - Updated: 2025-04-20 23:32Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201701-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "transition",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "transition",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga systems",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "transition",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.0"
}
],
"sources": [
{
"db": "BID",
"id": "95159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:lenovo:transition",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Viktor Minin",
"sources": [
{
"db": "BID",
"id": "95159"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8227",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8227",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-97047",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8227",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8227",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8227",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-97047",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97047"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. \nA local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8227"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "BID",
"id": "95159"
},
{
"db": "VULHUB",
"id": "VHN-97047"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8227",
"trust": 2.8
},
{
"db": "BID",
"id": "95159",
"trust": 2.0
},
{
"db": "LENOVO",
"id": "LEN-12508",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-97047",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97047"
},
{
"db": "BID",
"id": "95159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"id": "VAR-201701-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-97047"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-20T23:32:21.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-12508",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/LEN-12508"
},
{
"title": "A variety of Lenovo products Transition Fixes for program security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66731"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97047"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/95159"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/us/en/product_security/len-12508"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8227"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8227"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len-12508 "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97047"
},
{
"db": "BID",
"id": "95159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-97047"
},
{
"db": "BID",
"id": "95159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-97047"
},
{
"date": "2016-12-29T00:00:00",
"db": "BID",
"id": "95159"
},
{
"date": "2017-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"date": "2016-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"date": "2017-01-26T17:59:00.210000",
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-97047"
},
{
"date": "2017-01-12T01:07:00",
"db": "BID",
"id": "95159"
},
{
"date": "2017-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007081"
},
{
"date": "2017-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-825"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95159"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows Multiple running Lenovo Used in the system Lenovo Transition Vulnerability in which privileges are elevated",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-825"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…