Details of VAR-201606-0144

ID

VAR-201606-0144

CVE

CVE-2016-5249

TITLE

Lenovo Solution Center In LocalSystem Vulnerability to execute arbitrary code with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-003376

DESCRIPTION

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. Lenovo Solution Center is prone to local privilege-escalation and arbitrary code-execution vulnerabilities. Lenovo Solution Center 3.3.002 and prior versions are vulnerable. Lenovo Solution Center (LSC) is a set of software developed by China Lenovo (Lenovo) to help users quickly identify system health status, network connection and overall system security status. Arbitrary code execution vulnerabilities exist in versions prior to LSC 3.3.003

Trust: 1.98

sources: NVD: CVE-2016-5249 // JVNDB: JVNDB-2016-003376 // BID: 91454 // VULHUB: VHN-94068

AFFECTED PRODUCTS

vendor:	lenovo	model:	solution center	scope:	lte	version:	3.3.002	Trust: 1.0
vendor:	lenovo	model:	solution center	scope:	lt	version:	3.3.003	Trust: 0.8
vendor:	lenovo	model:	solution center	scope:	eq	version:	3.3.002	Trust: 0.6

sources: JVNDB: JVNDB-2016-003376 // CNNVD: CNNVD-201606-663 // NVD: CVE-2016-5249

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5249
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-5249
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201606-663
value:	HIGH
Trust: 0.6
VULHUB:	VHN-94068
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-5249
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-94068
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5249
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-94068 // JVNDB: JVNDB-2016-003376 // CNNVD: CNNVD-201606-663 // NVD: CVE-2016-5249

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-94068 // JVNDB: JVNDB-2016-003376 // NVD: CVE-2016-5249

THREAT TYPE

local

Trust: 0.9

sources: BID: 91454 // CNNVD: CNNVD-201606-663

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-663

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003376

PATCH

title:	LEN-7814	url:	https://support.lenovo.com/jp/ja/product_security/len_7814	Trust: 0.8
title:	Lenovo Solution Center Fixes for arbitrary code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62572	Trust: 0.6

sources: JVNDB: JVNDB-2016-003376 // CNNVD: CNNVD-201606-663

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5249	Trust: 2.8
db:	JVNDB	id:	JVNDB-2016-003376	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-663	Trust: 0.7
db:	BID	id:	91454	Trust: 0.3
db:	VULHUB	id:	VHN-94068	Trust: 0.1

sources: VULHUB: VHN-94068 // BID: 91454 // JVNDB: JVNDB-2016-003376 // CNNVD: CNNVD-201606-663 // NVD: CVE-2016-5249

REFERENCES

url:	https://www.trustwave.com/resources/security-advisories/advisories/twsl2016-012/?fid=8073	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/len_7814	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5249	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5249	Trust: 0.8
url:	https://support.lenovo.com/us/zh/product_security/len_7814	Trust: 0.6
url:	http://www.lenovo.com/ca/en/	Trust: 0.3

sources: VULHUB: VHN-94068 // BID: 91454 // JVNDB: JVNDB-2016-003376 // CNNVD: CNNVD-201606-663 // NVD: CVE-2016-5249

CREDITS

Martin Rakhmanov of Trustwave

Trust: 0.3

sources: BID: 91454

SOURCES

db:	VULHUB	id:	VHN-94068
db:	BID	id:	91454
db:	JVNDB	id:	JVNDB-2016-003376
db:	CNNVD	id:	CNNVD-201606-663
db:	NVD	id:	CVE-2016-5249

LAST UPDATE DATE

2025-04-12T23:04:18.797000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94068	date:	2016-07-01T00:00:00
db:	BID	id:	91454	date:	2016-07-06T15:06:00
db:	JVNDB	id:	JVNDB-2016-003376	date:	2016-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201606-663	date:	2016-07-01T00:00:00
db:	NVD	id:	CVE-2016-5249	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94068	date:	2016-06-30T00:00:00
db:	BID	id:	91454	date:	2016-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-003376	date:	2016-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201606-663	date:	2016-06-30T00:00:00
db:	NVD	id:	CVE-2016-5249	date:	2016-06-30T16:59:08.117