Details of VAR-201705-2454

ID

VAR-201705-2454

CVE

CVE-2016-1876

TITLE

Lenovo Solution Center LSCTaskService privilege escalation, directory traversal, and CSRF

Trust: 0.8

sources: CERT/CC: VU#294607

DESCRIPTION

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. Lenovo Solution Center There are multiple vulnerabilities in the attacker SYSTEM Arbitrary code execution with privileges is possible. This process 55555 Using the number port HTTP daemon By running GET Request or POST By request LSCController.dll The execution of the method in the module is realized. LSCController.dll Contains a number of unsafe methods. That 1 One RunInstaller Is %APPDATA%\LSC\Local Store Designed to carry arbitrary code placed in a directory. This directory is created for all users who can log in to the system, so users can write to this directory without having system administrator privileges. By exploiting this vulnerability, ordinary users can SYSTEM Arbitrary code can be executed with authority. CWE-732: Incorrect Permission Assignment for Critical Resource http://cwe.mitre.org/data/definitions/732.html Directory traversal (CWE-22) By exploiting a directory traversal vulnerability, an attacker can execute code that resides anywhere on the drive where the user profile resides. If an attacker can place arbitrary code in a predictable location on a vulnerable system, the attacker SYSTEM Arbitrary code can be executed with authority. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') http://cwe.mitre.org/data/definitions/22.html Cross-site request forgery (CWE-352) Lenovo Solution Center of LSCTaskService There is a cross-site request forgery (CSRF) Vulnerabilities exist. CSRF The attacker can use a malicious or specially crafted website. SYSTEM You can execute code with authorization. CWE-352: Cross-Site Request Forgery (CSRF) http://cwe.mitre.org/data/definitions/352.html All of these vulnerabilities are Lenovo Solution Center It is considered that the condition of establishment is that it is activated once. Also Lenovo Solution Center By ending LSCTaskService The process is likely to stop. Lenovo Expresses the following views: "Lenovo was recently alerted by a cyber-security threat intelligence partner and The CERT/CC to a vulnerability report concerning its Lenovo Solution Center (LSC) application. We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this Lenovo security advisory page (https://support.lenovo.com/us/en/product_security/len_4326) as they become available." Lenovo Recently partnered with cyber security partners CERT/CC From Lenovo Solution Center (LSC) I was informed about the vulnerabilities. We are reviewing the vulnerabilities report as a top priority and are willing to provide updates and necessary fixes as soon as possible. For further information and updates Lenovo Will be posted on the Security Advisory page. Lenovo Security Advisory page https://support.lenovo.com/us/en/product_security/len_4326Lenovo Solution Center Crafted by the user who started HTML document ( website, HTML Email, attached file, etc. ) By browsing the attacker, SYSTEM It is possible to execute arbitrary code with authority. Users who can log into the system themselves SYSTEM It is also possible to execute arbitrary code with privileges. Lenovo Solution Center (LSC) is a set of software used by China's Lenovo to help users quickly identify the health status of the system, network connection, and security status of the entire system. Attackers can use these vulnerabilities to perform unauthorized operations and obtain sensitive information. A local attacker can exploit this vulnerability to gain elevated privileges. Other attacks are also possible

Trust: 4.23

sources: NVD: CVE-2016-1876 // CERT/CC: VU#294607 // JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112 // CNNVD: CNNVD-201512-292 // BID: 78555 // BID: 78556 // VULHUB: VHN-90695

AFFECTED PRODUCTS

vendor:	lenovo	model:	solution center	scope:	-	version:	-	Trust: 1.6
vendor:	lenovo	model:	solution center	scope:	lte	version:	3.3.0001	Trust: 1.0
vendor:	lenovo	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	solution center	scope:	eq	version:	3.3.0001	Trust: 0.6
vendor:	lenovo	model:	solution center	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#294607 // BID: 78556 // JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112 // CNNVD: CNNVD-201512-293 // NVD: CVE-2016-1876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1876
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1876
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2015-006112
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201512-293
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90695
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1876
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IPA:	JVNDB-2015-006112
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-90695
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1876
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90695 // JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112 // CNNVD: CNNVD-201512-293 // NVD: CVE-2016-1876

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-352	Trust: 0.8
problemtype:	CWE-22	Trust: 0.8

sources: VULHUB: VHN-90695 // JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112 // NVD: CVE-2016-1876

THREAT TYPE

local

Trust: 0.9

sources: BID: 78555 // CNNVD: CNNVD-201512-293

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008606

PATCH

title:

LEN-4326

url:

https://support.lenovo.com/jp/ja/product_security/len_4326

Trust: 1.6

sources: JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1876	Trust: 2.8
db:	CERT/CC	id:	VU#294607	Trust: 2.2
db:	BID	id:	78555	Trust: 1.0
db:	BID	id:	78556	Trust: 0.9
db:	JVNDB	id:	JVNDB-2016-008606	Trust: 0.8
db:	JVN	id:	JVNVU94912021	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006112	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-293	Trust: 0.7
db:	CNNVD	id:	CNNVD-201512-292	Trust: 0.6
db:	VULHUB	id:	VHN-90695	Trust: 0.1

sources: CERT/CC: VU#294607 // VULHUB: VHN-90695 // BID: 78555 // BID: 78556 // JVNDB: JVNDB-2016-008606 // JVNDB: JVNDB-2015-006112 // CNNVD: CNNVD-201512-292 // CNNVD: CNNVD-201512-293 // NVD: CVE-2016-1876

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len_4326	Trust: 3.3
url:	http://rol.im/oemdrop/	Trust: 1.6
url:	http://www.kb.cert.org/vuls/id/294607	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1876	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1876	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94912021/index.html	Trust: 0.8
url:	http://www.lenovo.com/ca/en/	Trust: 0.6
url:	http://www.securityfocus.com/bid/78556	Trust: 0.6
url:	http://www.securityfocus.com/bid/78555	Trust: 0.6
url:	https://www.trustwave.com/resources/security-advisories/advisories/twsl2016-009/?fid=7895	Trust: 0.3

CREDITS

TheWack0lian

Trust: 1.5

sources: BID: 78556 // CNNVD: CNNVD-201512-292 // CNNVD: CNNVD-201512-293

SOURCES

db:	CERT/CC	id:	VU#294607
db:	VULHUB	id:	VHN-90695
db:	BID	id:	78555
db:	BID	id:	78556
db:	JVNDB	id:	JVNDB-2016-008606
db:	JVNDB	id:	JVNDB-2015-006112
db:	CNNVD	id:	CNNVD-201512-292
db:	CNNVD	id:	CNNVD-201512-293
db:	NVD	id:	CVE-2016-1876

LAST UPDATE DATE

2025-04-20T23:38:31.502000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#294607	date:	2017-03-22T00:00:00
db:	VULHUB	id:	VHN-90695	date:	2017-06-07T00:00:00
db:	BID	id:	78555	date:	2016-07-06T14:42:00
db:	BID	id:	78556	date:	2015-12-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-008606	date:	2017-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-006112	date:	2015-12-08T00:00:00
db:	CNNVD	id:	CNNVD-201512-292	date:	2015-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201512-293	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2016-1876	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#294607	date:	2015-12-04T00:00:00
db:	VULHUB	id:	VHN-90695	date:	2017-05-23T00:00:00
db:	BID	id:	78555	date:	2015-12-04T00:00:00
db:	BID	id:	78556	date:	2015-12-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-008606	date:	2017-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2015-006112	date:	2015-12-08T00:00:00
db:	CNNVD	id:	CNNVD-201512-292	date:	2015-12-11T00:00:00
db:	CNNVD	id:	CNNVD-201512-293	date:	2015-12-11T00:00:00
db:	NVD	id:	CVE-2016-1876	date:	2017-05-23T04:29:01.243