Details of VAR-201504-0448

ID

VAR-201504-0448

CVE

CVE-2015-3320

TITLE

Lenovo USB Enhanced Performance Keyboard Vulnerability in obtaining key input information in software

Trust: 0.8

sources: JVNDB: JVNDB-2015-002386

DESCRIPTION

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. Lenovo USB Enhanced Performance Keyboard is an enhanced USB keyboard from Lenovo. Information obtained may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2015-3320 // JVNDB: JVNDB-2015-002386 // CNVD: CNVD-2015-02533 // BID: 74196 // VULHUB: VHN-81281 // VULMON: CVE-2015-3320

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-02533

AFFECTED PRODUCTS

vendor:	lenovo	model:	usb enhanced performance keyboard	scope:	lte	version:	2.0.2.1	Trust: 1.0
vendor:	lenovo	model:	usb enhanced performance keyboard	scope:	eq	version:	2.0.2.1	Trust: 0.9
vendor:	lenovo	model:	usb enhanced performance keyboard	scope:	lt	version:	2.0.2.2	Trust: 0.8
vendor:	lenovo	model:	usb enhanced performance keyboard software	scope:	lt	version:	2.0.2.2	Trust: 0.6
vendor:	lenovo	model:	usb enhanced performance keyboard	scope:	eq	version:	2.0.2.0	Trust: 0.3
vendor:	lenovo	model:	usb enhanced performance keyboard	scope:	ne	version:	2.0.2.2	Trust: 0.3

sources: CNVD: CNVD-2015-02533 // BID: 74196 // JVNDB: JVNDB-2015-002386 // CNNVD: CNNVD-201504-370 // NVD: CVE-2015-3320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3320
value:	LOW
Trust: 1.0
NVD:	CVE-2015-3320
value:	LOW
Trust: 0.8
CNVD:	CNVD-2015-02533
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201504-370
value:	LOW
Trust: 0.6
VULHUB:	VHN-81281
value:	LOW
Trust: 0.1
VULMON:	CVE-2015-3320
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2015-3320
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2015-02533
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-81281
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-02533 // VULHUB: VHN-81281 // VULMON: CVE-2015-3320 // JVNDB: JVNDB-2015-002386 // CNNVD: CNNVD-201504-370 // NVD: CVE-2015-3320

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81281 // JVNDB: JVNDB-2015-002386 // NVD: CVE-2015-3320

THREAT TYPE

local

Trust: 0.9

sources: BID: 74196 // CNNVD: CNNVD-201504-370

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201504-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002386

PATCH

title:	LEN-2015-015	url:	http://support.lenovo.com/us/en/product_security/usbenhancedkeyboard	Trust: 0.8
title:	Lenovo USB Enhanced Performance Keyboard Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/57492	Trust: 0.6
title:	lenovo_enhanced_performance_usb_keyboard	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55058	Trust: 0.6

sources: CNVD: CNVD-2015-02533 // JVNDB: JVNDB-2015-002386 // CNNVD: CNNVD-201504-370

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3320	Trust: 3.5
db:	BID	id:	74196	Trust: 1.5
db:	JVNDB	id:	JVNDB-2015-002386	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-370	Trust: 0.7
db:	CNVD	id:	CNVD-2015-02533	Trust: 0.6
db:	VULHUB	id:	VHN-81281	Trust: 0.1
db:	VULMON	id:	CVE-2015-3320	Trust: 0.1

sources: CNVD: CNVD-2015-02533 // VULHUB: VHN-81281 // VULMON: CVE-2015-3320 // BID: 74196 // JVNDB: JVNDB-2015-002386 // CNNVD: CNNVD-201504-370 // NVD: CVE-2015-3320

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/usbenhancedkeyboard	Trust: 2.7
url:	http://www.securityfocus.com/bid/74196	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3320	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3320	Trust: 0.8
url:	http://support.lenovo.com/en/documents/pd010250	Trust: 0.3
url:	http://www.lenovo.com/ca/en/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2015-02533 // VULHUB: VHN-81281 // VULMON: CVE-2015-3320 // BID: 74196 // JVNDB: JVNDB-2015-002386 // CNNVD: CNNVD-201504-370 // NVD: CVE-2015-3320

CREDITS

Lenovo

Trust: 0.3

sources: BID: 74196

SOURCES

db:	CNVD	id:	CNVD-2015-02533
db:	VULHUB	id:	VHN-81281
db:	VULMON	id:	CVE-2015-3320
db:	BID	id:	74196
db:	JVNDB	id:	JVNDB-2015-002386
db:	CNNVD	id:	CNNVD-201504-370
db:	NVD	id:	CVE-2015-3320

LAST UPDATE DATE

2025-04-13T23:31:34.818000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-02533	date:	2015-04-20T00:00:00
db:	VULHUB	id:	VHN-81281	date:	2017-01-18T00:00:00
db:	VULMON	id:	CVE-2015-3320	date:	2017-01-18T00:00:00
db:	BID	id:	74196	date:	2015-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-002386	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-370	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-3320	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-02533	date:	2015-04-20T00:00:00
db:	VULHUB	id:	VHN-81281	date:	2015-04-16T00:00:00
db:	VULMON	id:	CVE-2015-3320	date:	2015-04-16T00:00:00
db:	BID	id:	74196	date:	2015-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-002386	date:	2015-04-21T00:00:00
db:	CNNVD	id:	CNNVD-201504-370	date:	2015-04-17T00:00:00
db:	NVD	id:	CVE-2015-3320	date:	2015-04-16T23:59:02.323