Details of VAR-201701-0356

ID

VAR-201701-0356

CVE

CVE-2016-8227

TITLE

Windows Multiple running Lenovo Used in the system Lenovo Transition Vulnerability in which privileges are elevated

Trust: 0.8

sources: JVNDB: JVNDB-2016-007081

DESCRIPTION

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. Lenovo Transition is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Lenovo Transition is a set of programs developed by China Lenovo (Lenovo) to set whether the video, picture, etc. are automatically full-screen in different modes. There are security vulnerabilities in the Transition program of several Lenovo products. An attacker could exploit this vulnerability to execute arbitrary code with administrator or system privileges. The following products and versions are affected: Lenovo Edge 15 based on Windows 8.1 and earlier; Flex2 14 version, Flex2 15 version; Flex2 14D version, Flex2 15D version; Flex2 Pro15 version; Miix 2-10 version, Miix 2-11 version; Miix 3-1030 version; Yoga 11S version, Yoga 13 version; Yoga 2-11 version, Yoga 2-13 version, Yoga 2 Pro version

Trust: 1.98

sources: NVD: CVE-2016-8227 // JVNDB: JVNDB-2016-007081 // BID: 95159 // VULHUB: VHN-97047

AFFECTED PRODUCTS

vendor:	lenovo	model:	transition	scope:	eq	version:	-	Trust: 1.6
vendor:	lenovo	model:	transition	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	yoga systems	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	transition	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 95159 // JVNDB: JVNDB-2016-007081 // CNNVD: CNNVD-201612-825 // NVD: CVE-2016-8227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-8227
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-8227
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-825
value:	HIGH
Trust: 0.6
VULHUB:	VHN-97047
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-8227
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-97047
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-8227
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-97047 // JVNDB: JVNDB-2016-007081 // CNNVD: CNNVD-201612-825 // NVD: CVE-2016-8227

PROBLEMTYPE DATA

problemtype:

CWE-284

Trust: 1.9

sources: VULHUB: VHN-97047 // JVNDB: JVNDB-2016-007081 // NVD: CVE-2016-8227

THREAT TYPE

local

Trust: 0.9

sources: BID: 95159 // CNNVD: CNNVD-201612-825

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-825

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007081

PATCH

title:	LEN-12508	url:	https://support.lenovo.com/jp/ja/product_security/LEN-12508	Trust: 0.8
title:	A variety of Lenovo products Transition Fixes for program security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66731	Trust: 0.6

sources: JVNDB: JVNDB-2016-007081 // CNNVD: CNNVD-201612-825

EXTERNAL IDS

db:	NVD	id:	CVE-2016-8227	Trust: 2.8
db:	BID	id:	95159	Trust: 2.0
db:	LENOVO	id:	LEN-12508	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-007081	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-825	Trust: 0.7
db:	VULHUB	id:	VHN-97047	Trust: 0.1

sources: VULHUB: VHN-97047 // BID: 95159 // JVNDB: JVNDB-2016-007081 // CNNVD: CNNVD-201612-825 // NVD: CVE-2016-8227

REFERENCES

url:	http://www.securityfocus.com/bid/95159	Trust: 1.7
url:	https://support.lenovo.com/us/en/product_security/len-12508	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8227	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8227	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.3
url:	https://support.lenovo.com/us/en/product_security/len-12508	Trust: 0.3

sources: VULHUB: VHN-97047 // BID: 95159 // JVNDB: JVNDB-2016-007081 // CNNVD: CNNVD-201612-825 // NVD: CVE-2016-8227

CREDITS

Viktor Minin

Trust: 0.9

sources: BID: 95159 // CNNVD: CNNVD-201612-825

SOURCES

db:	VULHUB	id:	VHN-97047
db:	BID	id:	95159
db:	JVNDB	id:	JVNDB-2016-007081
db:	CNNVD	id:	CNNVD-201612-825
db:	NVD	id:	CVE-2016-8227

LAST UPDATE DATE

2025-04-20T23:32:21.079000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-97047	date:	2017-01-28T00:00:00
db:	BID	id:	95159	date:	2017-01-12T01:07:00
db:	JVNDB	id:	JVNDB-2016-007081	date:	2017-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201612-825	date:	2017-01-19T00:00:00
db:	NVD	id:	CVE-2016-8227	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-97047	date:	2017-01-26T00:00:00
db:	BID	id:	95159	date:	2016-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2016-007081	date:	2017-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201612-825	date:	2016-12-29T00:00:00
db:	NVD	id:	CVE-2016-8227	date:	2017-01-26T17:59:00.210