Sign-up

ID

VAR-201701-0354


CVE

CVE-2016-8225


TITLE

Lenovo Edge and Lenovo Slim USB keyboard Driver vulnerable to code execution with elevated privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-007079

DESCRIPTION

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. Lenovo63 and so on are all computers of China Lenovo. The LenovoEdgeUSBKeyboardDriver (aka LenovoSlimUSBKeyboard or LenovoLowProfileKeyboard) is one of the keyboard input drivers. The following products are affected: Lenovo Edge Keyboard Driver 1.20 and prior. Lenovo Slim USB Keyboard Driver 1.20 and prior

Trust: 2.52

sources: NVD: CVE-2016-8225 // JVNDB: JVNDB-2016-007079 // CNVD: CNVD-2017-02476 // BID: 95842 // VULHUB: VHN-97045

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02476

AFFECTED PRODUCTS

vendor:lenovomodel:edge keyboard driverscope:lteversion:1.20

Trust: 1.0

vendor:lenovomodel:slim usb keyboard driverscope:lteversion:1.20

Trust: 1.0

vendor:lenovomodel:slim usb keyboard driverscope:eqversion:1.20

Trust: 0.9

vendor:lenovomodel:edge keyboard driverscope:eqversion:1.20

Trust: 0.9

vendor:lenovomodel:edge usb keyboardscope:eqversion:1.21

Trust: 0.8

vendor:lenovomodel:slim usb keyboard driverscope:eqversion:1.21

Trust: 0.8

vendor:lenovomodel:edge keyboard driverscope:lteversion:<=1.20

Trust: 0.6

vendor:lenovomodel:slim usb keyboard driverscope:lteversion:<=1.20

Trust: 0.6

vendor:lenovomodel:slim usb keyboard driverscope:neversion:1.21

Trust: 0.3

vendor:lenovomodel:edge keyboard driverscope:neversion:1.21

Trust: 0.3

sources: CNVD: CNVD-2017-02476 // BID: 95842 // JVNDB: JVNDB-2016-007079 // CNNVD: CNNVD-201702-170 // NVD: CVE-2016-8225

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8225
value: HIGH

Trust: 1.0

NVD: CVE-2016-8225
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-02476
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-170
value: MEDIUM

Trust: 0.6

VULHUB: VHN-97045
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-8225
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-02476
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-97045
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8225
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-02476 // VULHUB: VHN-97045 // JVNDB: JVNDB-2016-007079 // CNNVD: CNNVD-201702-170 // NVD: CVE-2016-8225

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.9

sources: VULHUB: VHN-97045 // JVNDB: JVNDB-2016-007079 // NVD: CVE-2016-8225

THREAT TYPE

local

Trust: 0.9

sources: BID: 95842 // CNNVD: CNNVD-201702-170

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-170

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-007079

PATCH
title:LEN-11588url:https://support.lenovo.com/jp/ja/solutions/LEN-11588
Trust: 0.8
title:LenovoEdgeUSBKeyboardDriver Local Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/90008
Trust: 0.6
title:A variety of Lenovo products Lenovo Edge USB Keyboard Driver security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68244
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-02476 // 
            
            
            
            JVNDB: JVNDB-2016-007079 // 
            
            
            
            CNNVD: CNNVD-201702-170

EXTERNAL IDS
db:NVDid:CVE-2016-8225
Trust: 3.4
db:BIDid:95842
Trust: 2.6
db:LENOVOid:LEN-11588
Trust: 2.0
db:JVNDBid:JVNDB-2016-007079
Trust: 0.8
db:CNNVDid:CNNVD-201702-170
Trust: 0.7
db:CNVDid:CNVD-2017-02476
Trust: 0.6
db:VULHUBid:VHN-97045
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-02476 // 
            
            
            
            VULHUB: VHN-97045 // 
            
            
            
            BID: 95842 // 
            
            
            
            JVNDB: JVNDB-2016-007079 // 
            
            
            
            CNNVD: CNNVD-201702-170 // 
            
            
            
            NVD: CVE-2016-8225

REFERENCES
url:http://www.securityfocus.com/bid/95842
Trust: 2.3
url:https://support.lenovo.com/us/en/solutions/len-11588
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8225
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8225
Trust: 0.8
url:http://www.lenovo.com/ca/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-02476 // 
            
            
            
            VULHUB: VHN-97045 // 
            
            
            
            BID: 95842 // 
            
            
            
            JVNDB: JVNDB-2016-007079 // 
            
            
            
            CNNVD: CNNVD-201702-170 // 
            
            
            
            NVD: CVE-2016-8225

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 95842

SOURCES
db:CNVDid:CNVD-2017-02476
db:VULHUBid:VHN-97045
db:BIDid:95842
db:JVNDBid:JVNDB-2016-007079
db:CNNVDid:CNNVD-201702-170
db:NVDid:CVE-2016-8225

LAST UPDATE DATE
2025-04-20T23:40:12.518000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-02476date:2017-03-07T00:00:00
db:VULHUBid:VHN-97045date:2017-02-01T00:00:00
db:BIDid:95842date:2017-02-02T06:03:00
db:JVNDBid:JVNDB-2016-007079date:2017-02-10T00:00:00
db:CNNVDid:CNNVD-201702-170date:2017-02-21T00:00:00
db:NVDid:CVE-2016-8225date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-02476date:2017-03-07T00:00:00
db:VULHUBid:VHN-97045date:2017-01-26T00:00:00
db:BIDid:95842date:2017-01-26T00:00:00
db:JVNDBid:JVNDB-2016-007079date:2017-02-10T00:00:00
db:CNNVDid:CNNVD-201702-170date:2017-01-26T00:00:00
db:NVDid:CVE-2016-8225date:2017-01-26T17:59:00.133