Vulnerability-Lookup

VAR-202010-1493

Vulnerability from variot - Updated: 2024-11-23 21:35

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Lenovo Vantage for Lenovo HardwareScan The plugin contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Vantage is a computer management application program of Lenovo Corporation in China. The program supports features such as driver updates, device status diagnostics, and computer configuration. There is a security vulnerability in the Lenovo hardware scanning plug-in. Attackers can use this vulnerability to escalate their privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1493",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hardware scan",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "lenovo",
        "version": "1.0.46.11"
      },
      {
        "model": "hardwarescan",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": null
      },
      {
        "model": "hardwarescan",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "lenovo",
        "version": "1.0.46.11  less than"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "cve": "CVE-2020-8345",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2020-8345",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-186470",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2020-8345",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@lenovo.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.3,
            "id": "CVE-2020-8345",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2020-8345",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-8345",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@lenovo.com",
            "id": "CVE-2020-8345",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2020-8345",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202010-569",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-186470",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-8345",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Lenovo Vantage for Lenovo HardwareScan The plugin contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Vantage is a computer management application program of Lenovo Corporation in China. The program supports features such as driver updates, device status diagnostics, and computer configuration. There is a security vulnerability in the Lenovo hardware scanning plug-in. Attackers can use this vulnerability to escalate their privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-8345",
        "trust": 2.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-44421",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-186470",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "id": "VAR-202010-1493",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:35:09.056000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "LEN-44421",
        "trust": 0.8,
        "url": "https://support.lenovo.com/us/en/product_security/LEN-44421"
      },
      {
        "title": "Lenovo Vantage Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131247"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-427",
        "trust": 1.1
      },
      {
        "problemtype": "Uncontrolled search path elements (CWE-427) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://support.lenovo.com/us/en/product_security/len-44421"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8345"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/427.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189754"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "date": "2020-10-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "date": "2021-05-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "date": "2020-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "date": "2020-10-14T22:15:13.577000",
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-186470"
      },
      {
        "date": "2020-10-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-8345"
      },
      {
        "date": "2021-05-12T03:29:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      },
      {
        "date": "2020-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      },
      {
        "date": "2024-11-21T05:38:44.940000",
        "db": "NVD",
        "id": "CVE-2020-8345"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lenovo\u00a0Vantage\u00a0 for \u00a0Lenovo\u00a0HardwareScan\u00a0 Vulnerability in uncontrolled search path elements in plugins",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-012529"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202010-569"
      }
    ],
    "trust": 0.6
  }
}

CVE-2020-8345 (GCVE-0-2020-8345)

Vulnerability from cvelistv5 – Published: 2020-10-14 21:25 – Updated: 2024-08-04 09:56

Summary

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

lenovo

References

1 reference

URL	Tags
https://support.lenovo.com/us/en/product_security…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Lenovo	Vantage HardwareScan Plugin	Affected: unspecified , < 1.0.46.11 (custom)

Credits

Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-44421"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Vantage HardwareScan Plugin",
          "vendor": "Lenovo",
          "versions": [
            {
              "lessThan": "1.0.46.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-14T21:25:20.000Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/LEN-44421"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update the Lenovo HardwareScan Plugin to version 1.0.46.11.\n\nThe Lenovo HardwareScan Plugin is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the \"System Interface Foundation Service\" service.\n\nTo verify the Lenovo HardwareScan Plugin version:\nOpen File Explorer and navigate to C:\\ProgramData\\Lenovo\\ImController\\Plugins\\LenovoHardwareScanPlugin\\x64\nRight click on LenovoHardwareScanPlugin.dll and select Properties.\nClick on the Details tab.\nRead the File version."
        }
      ],
      "source": {
        "advisory": "LEN-44421",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@lenovo.com",
          "ID": "CVE-2020-8345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Vantage HardwareScan Plugin",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.0.46.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Lenovo"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-427 Uncontrolled Search Path Element"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.lenovo.com/us/en/product_security/LEN-44421",
              "refsource": "MISC",
              "url": "https://support.lenovo.com/us/en/product_security/LEN-44421"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update the Lenovo HardwareScan Plugin to version 1.0.46.11.\n\nThe Lenovo HardwareScan Plugin is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the \"System Interface Foundation Service\" service.\n\nTo verify the Lenovo HardwareScan Plugin version:\nOpen File Explorer and navigate to C:\\ProgramData\\Lenovo\\ImController\\Plugins\\LenovoHardwareScanPlugin\\x64\nRight click on LenovoHardwareScanPlugin.dll and select Properties.\nClick on the Details tab.\nRead the File version."
          }
        ],
        "source": {
          "advisory": "LEN-44421",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2020-8345",
    "datePublished": "2020-10-14T21:25:20.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:56:28.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202010-1493

CVE-2020-8345 (GCVE-0-2020-8345)

Tags

Sightings

Nomenclature