Details of VAR-201612-0151

ID

VAR-201612-0151

CVE

CVE-2016-8102

TITLE

Intel Wireless Bluetooth Unquoted service path vulnerability in drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006130

DESCRIPTION

Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. Local attackers can exploit this issue to gain elevated privileges. Intel Wireless Bluetooth Drivers 16.x, 17.x, and prior to 18.1.1607.3129 are vulnerable

Trust: 1.98

sources: NVD: CVE-2016-8102 // JVNDB: JVNDB-2016-006130 // BID: 95010 // VULHUB: VHN-96922

AFFECTED PRODUCTS

vendor:	intel	model:	wireless bluetooth drivers	scope:	eq	version:	18.1	Trust: 1.6
vendor:	intel	model:	wireless bluetooth drivers	scope:	eq	version:	17.0	Trust: 1.6
vendor:	intel	model:	wireless bluetooth drivers	scope:	eq	version:	18.0	Trust: 1.6
vendor:	intel	model:	wireless bluetooth drivers	scope:	eq	version:	16.0	Trust: 1.6
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	16.x	Trust: 0.8
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	17.x	Trust: 0.8
vendor:	intel	model:	wireless bluetooth driver	scope:	lt	version:	18.1.1607.3129	Trust: 0.8
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	18.1	Trust: 0.3
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	18.0	Trust: 0.3
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	17.0	Trust: 0.3
vendor:	intel	model:	wireless bluetooth driver	scope:	eq	version:	16.0	Trust: 0.3
vendor:	intel	model:	wireless bluetooth driver	scope:	ne	version:	18.1.1607.3129	Trust: 0.3

sources: BID: 95010 // JVNDB: JVNDB-2016-006130 // CNNVD: CNNVD-201612-196 // NVD: CVE-2016-8102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8102
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8102
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-196
value:	HIGH
Trust: 0.6
VULHUB:	VHN-96922
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8102
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-96922
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8102
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-96922 // JVNDB: JVNDB-2016-006130 // CNNVD: CNNVD-201612-196 // NVD: CVE-2016-8102

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-96922 // JVNDB: JVNDB-2016-006130 // NVD: CVE-2016-8102

THREAT TYPE

local

Trust: 0.9

sources: BID: 95010 // CNNVD: CNNVD-201612-196

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201612-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006130

PATCH

title:	INTEL-SA-00059	url:	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00059&languageid=en-fr	Trust: 0.8
title:	Intel Wireless Bluetooth Fixes for driver non-reference service path vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66237	Trust: 0.6

sources: JVNDB: JVNDB-2016-006130 // CNNVD: CNNVD-201612-196

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8102	Trust: 2.8
db:	BID	id:	95010	Trust: 1.4
db:	LENOVO	id:	LEN-11158	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-006130	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-196	Trust: 0.7
db:	VULHUB	id:	VHN-96922	Trust: 0.1

sources: VULHUB: VHN-96922 // BID: 95010 // JVNDB: JVNDB-2016-006130 // CNNVD: CNNVD-201612-196 // NVD: CVE-2016-8102

REFERENCES

url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00059&languageid=en-fr	Trust: 1.9
url:	http://www.securityfocus.com/bid/95010	Trust: 1.1
url:	https://support.lenovo.com/us/en/solutions/len-11158	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8102	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8102	Trust: 0.8
url:	http://www.intel.com/	Trust: 0.3
url:	https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00059&languageid=en-fr	Trust: 0.1

sources: VULHUB: VHN-96922 // BID: 95010 // JVNDB: JVNDB-2016-006130 // CNNVD: CNNVD-201612-196 // NVD: CVE-2016-8102

CREDITS

Jose Carlos Exposito Bueno from Internet Security Auditors.

Trust: 0.3

sources: BID: 95010

SOURCES

db:	VULHUB	id:	VHN-96922
db:	BID	id:	95010
db:	JVNDB	id:	JVNDB-2016-006130
db:	CNNVD	id:	CNNVD-201612-196
db:	NVD	id:	CVE-2016-8102

LAST UPDATE DATE

2025-04-13T23:17:50.153000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-96922	date:	2016-12-23T00:00:00
db:	BID	id:	95010	date:	2017-01-12T04:04:00
db:	JVNDB	id:	JVNDB-2016-006130	date:	2016-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201612-196	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-8102	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-96922	date:	2016-12-08T00:00:00
db:	BID	id:	95010	date:	2016-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-006130	date:	2016-12-12T00:00:00
db:	CNNVD	id:	CNNVD-201612-196	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-8102	date:	2016-12-08T17:59:00.160