Sign-up

ID

VAR-201604-0275


CVE

CVE-2016-2393


TITLE

Lenovo Fingerprint Manager and Touch Fingerprint Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-002054

DESCRIPTION

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. Multiple Lenovo Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to execute arbitrary code with SYSTEM privileges. Both Lenovo Fingerprint Manager and Touch Fingerprint are products of China Lenovo (Lenovo). The former is a set of fingerprint identification sensor drivers developed for Thinkpad series; the latter is a set of driver programs for acquiring fingerprints

Trust: 1.98

sources: NVD: CVE-2016-2393 // JVNDB: JVNDB-2016-002054 // BID: 85986 // VULHUB: VHN-91212

AFFECTED PRODUCTS

vendor:lenovomodel:fingerprint managerscope:lteversion:8.01.56

Trust: 1.0

vendor:lenovomodel:touch fingerprintscope:lteversion:1.00.07

Trust: 1.0

vendor:lenovomodel:fingerprint managerscope:ltversion:8.01.57

Trust: 0.8

vendor:lenovomodel:touch fingerprintscope:ltversion:1.00.08

Trust: 0.8

vendor:lenovomodel:fingerprint managerscope:eqversion:8.01.56

Trust: 0.6

vendor:lenovomodel:touch fingerprintscope:eqversion:1.00.07

Trust: 0.6

sources: JVNDB: JVNDB-2016-002054 // CNNVD: CNNVD-201604-173 // NVD: CVE-2016-2393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-2393
value: HIGH

Trust: 1.0

NVD: CVE-2016-2393
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201604-173
value: HIGH

Trust: 0.6

VULHUB: VHN-91212
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-2393
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-91212
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-2393
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-91212 // JVNDB: JVNDB-2016-002054 // CNNVD: CNNVD-201604-173 // NVD: CVE-2016-2393

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-91212 // JVNDB: JVNDB-2016-002054 // NVD: CVE-2016-2393

THREAT TYPE

local

Trust: 0.9

sources: BID: 85986 // CNNVD: CNNVD-201604-173

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201604-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002054

PATCH
title:LEN-4282url:https://support.lenovo.com/jp/ja/product_security/len_4282
Trust: 0.8
title:Lenovo Fingerprint Manager  and Touch Fingerprint Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60874
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002054 // 
            
            
            
            CNNVD: CNNVD-201604-173

EXTERNAL IDS
db:NVDid:CVE-2016-2393
Trust: 2.8
db:JVNDBid:JVNDB-2016-002054
Trust: 0.8
db:CNNVDid:CNNVD-201604-173
Trust: 0.7
db:BIDid:85986
Trust: 0.4
db:VULHUBid:VHN-91212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-91212 // 
            
            
            
            BID: 85986 // 
            
            
            
            JVNDB: JVNDB-2016-002054 // 
            
            
            
            CNNVD: CNNVD-201604-173 // 
            
            
            
            NVD: CVE-2016-2393

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len_4282
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2393
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2393
Trust: 0.8
url:http://www.lenovo.com/ca/en/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-91212 // 
            
            
            
            BID: 85986 // 
            
            
            
            JVNDB: JVNDB-2016-002054 // 
            
            
            
            CNNVD: CNNVD-201604-173 // 
            
            
            
            NVD: CVE-2016-2393

CREDITS
The vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 85986

SOURCES
db:VULHUBid:VHN-91212
db:BIDid:85986
db:JVNDBid:JVNDB-2016-002054
db:CNNVDid:CNNVD-201604-173
db:NVDid:CVE-2016-2393

LAST UPDATE DATE
2025-04-12T23:32:43.784000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-91212date:2016-04-14T00:00:00
db:BIDid:85986date:2016-04-11T00:00:00
db:JVNDBid:JVNDB-2016-002054date:2016-04-15T00:00:00
db:CNNVDid:CNNVD-201604-173date:2016-04-12T00:00:00
db:NVDid:CVE-2016-2393date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-91212date:2016-04-11T00:00:00
db:BIDid:85986date:2016-04-11T00:00:00
db:JVNDBid:JVNDB-2016-002054date:2016-04-15T00:00:00
db:CNNVDid:CNNVD-201604-173date:2016-04-12T00:00:00
db:NVDid:CVE-2016-2393date:2016-04-11T14:59:11.333