VAR-201804-0472
Vulnerability from variot - Updated: 2024-11-23 22:41Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. Invincea Dell Protected Workspace Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. There are protection bypass bugs in several Dell products. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain unauthorized access. A privilege escalation vulnerability. 2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0472",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "invincea dell protected workspace",
"scope": "eq",
"trust": 1.6,
"vendor": "sophos",
"version": "5.1.1-22303"
},
{
"model": "precision tower",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "5810"
},
{
"model": "invincea-x",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "6.1.3-24058"
},
{
"model": "invincea dell protected workspace",
"scope": "eq",
"trust": 0.9,
"vendor": "dell",
"version": "5.1.1-22303"
},
{
"model": "dell protected workspace",
"scope": "eq",
"trust": 0.8,
"vendor": "sophos",
"version": "5.1.1-22303"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sophos:invincea_dell_protected_workspace",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin ???Icewall??? Noga of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
}
],
"trust": 0.6
},
"cve": "CVE-2016-8732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8732",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-21751",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8732",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2016-8732",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8732",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2016-8732",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8732",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-21751",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-080",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. Invincea Dell Protected Workspace Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. There are protection bypass bugs in several Dell products. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain unauthorized access. A privilege escalation vulnerability. \n2",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8732"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "BID",
"id": "99360"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8732",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2016-0246",
"trust": 2.7
},
{
"db": "BID",
"id": "99360",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-21751",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080",
"trust": 0.6
},
{
"db": "TALOS",
"id": "TALOS-2016-0256",
"trust": 0.3
},
{
"db": "TALOS",
"id": "TALOS-2016-0247",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"id": "VAR-201804-0472",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
}
],
"trust": 1.475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
}
]
},
"last_update_date": "2024-11-23T22:41:53.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell Data Protection | Protected Workspace - Support",
"trust": 0.8,
"url": "https://dellprotectedworkspace.com/support/index.html"
},
{
"title": "Patches for many Dell product protection bypassing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/100437"
},
{
"title": "Dell Invincea Dell Protected Workspace Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71417"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-275",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/99360"
},
{
"trust": 1.8,
"url": "https://www.talosintelligence.com/vulnerability_reports/talos-2016-0246"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8732"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8732"
},
{
"trust": 0.6,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2016-0246"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0247"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0246"
},
{
"trust": 0.3,
"url": "https://www.talosintelligence.com/reports/talos-2016-0256"
},
{
"trust": 0.3,
"url": "http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"db": "BID",
"id": "99360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"date": "2017-06-30T00:00:00",
"db": "BID",
"id": "99360"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"date": "2017-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"date": "2018-04-24T19:29:00.610000",
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-21751"
},
{
"date": "2017-06-30T00:00:00",
"db": "BID",
"id": "99360"
},
{
"date": "2018-07-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009036"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-080"
},
{
"date": "2024-11-21T02:59:56.797000",
"db": "NVD",
"id": "CVE-2016-8732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "99360"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Invincea Dell Protected Workspace Permissions vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-080"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…