VAR-202009-1528
Vulnerability from variot - Updated: 2024-11-23 23:11A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Lenovo System Interface Foundation Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Both Lenovo System Interface Foundation and Lenovo Vantage are products of Lenovo, a Chinese company. Lenovo System Interface Foundation is a set of software for communicating with hardware devices. Lenovo Vantage is a computer management application. The program supports features such as driver updates, device status diagnostics, and computer configuration
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-1528",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system interface foundation",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "1.1.19.5"
},
{
"model": "system interface foundation",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "system interface foundation",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "1.1.19.5 less than"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"cve": "CVE-2020-8346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8346",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-186471",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2020-8346",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-011307",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8346",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2020-8346",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-8346",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-651",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-186471",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Lenovo System Interface Foundation Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Both Lenovo System Interface Foundation and Lenovo Vantage are products of Lenovo, a Chinese company. Lenovo System Interface Foundation is a set of software for communicating with hardware devices. Lenovo Vantage is a computer management application. The program supports features such as driver updates, device status diagnostics, and computer configuration",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8346"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "VULHUB",
"id": "VHN-186471"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8346",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-38717",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "50092",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-186471",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"id": "VAR-202009-1528",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-186471"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:17.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-38717",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/LEN-38717"
},
{
"title": "Lenovo System Interface Foundation and Lenovo Vantage Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128097"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.1
},
{
"problemtype": "Inappropriate default permissions (CWE-276) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.lenovo.com/us/en/product_security/len-38717"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8346"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/50092"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-186471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-186471"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-186471"
},
{
"date": "2021-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"date": "2020-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"date": "2020-09-15T15:15:14.370000",
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-186471"
},
{
"date": "2021-03-26T07:02:00",
"db": "JVNDB",
"id": "JVNDB-2020-011307"
},
{
"date": "2021-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-651"
},
{
"date": "2024-11-21T05:38:45.050000",
"db": "NVD",
"id": "CVE-2020-8346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo\u00a0System\u00a0Interface\u00a0Foundation\u00a0 Inappropriate Default Permission Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011307"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-651"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…