Sign-up

ID

VAR-201710-0169


CVE

CVE-2015-3321


TITLE

Lenovo Fingerprint Manager Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2015-008001

DESCRIPTION

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. Lenovo Fingerprint Manager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Fingerprint Manager is a set of fingerprint identification sensor drivers developed by Lenovo in China for the Thinkpad series. There is a privilege escalation vulnerability in Lenovo Fingerprint Manager versions earlier than 8.01.42. The vulnerability is caused by incorrect access control lists (ACLs) in Services and files. A local attacker can exploit this vulnerability by running an executable file with administrator privileges to disable local detection and elevate privileges

Trust: 1.71

sources: NVD: CVE-2015-3321 // JVNDB: JVNDB-2015-008001 // VULHUB: VHN-81282

AFFECTED PRODUCTS

vendor:lenovomodel:fingerprint managerscope:lteversion:8.01.41

Trust: 1.0

vendor:lenovomodel:fingerprint managerscope:ltversion:8.01.42

Trust: 0.8

vendor:lenovomodel:fingerprint managerscope:eqversion:8.01.41

Trust: 0.6

sources: JVNDB: JVNDB-2015-008001 // CNNVD: CNNVD-201710-448 // NVD: CVE-2015-3321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3321
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3321
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201710-448
value: HIGH

Trust: 0.6

VULHUB: VHN-81282
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3321
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81282
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-3321
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-81282 // JVNDB: JVNDB-2015-008001 // CNNVD: CNNVD-201710-448 // NVD: CVE-2015-3321

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-81282 // JVNDB: JVNDB-2015-008001 // NVD: CVE-2015-3321

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201710-448

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201710-448

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008001

PATCH
title:LEN-2015-017url:https://support.lenovo.com/jp/en/product_security/lenovo_fpr
Trust: 0.8
title:Lenovo Fingerprint Manager Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75627
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008001 // 
            
            
            
            CNNVD: CNNVD-201710-448

EXTERNAL IDS
db:NVDid:CVE-2015-3321
Trust: 2.5
db:JVNDBid:JVNDB-2015-008001
Trust: 0.8
db:CNNVDid:CNNVD-201710-448
Trust: 0.7
db:VULHUBid:VHN-81282
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81282 // 
            
            
            
            JVNDB: JVNDB-2015-008001 // 
            
            
            
            CNNVD: CNNVD-201710-448 // 
            
            
            
            NVD: CVE-2015-3321

REFERENCES
url:https://support.lenovo.com/us/en/product_security/lenovo_fpr
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3321
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-3321
Trust: 0.8
sources:
            
            
            VULHUB: VHN-81282 // 
            
            
            
            JVNDB: JVNDB-2015-008001 // 
            
            
            
            CNNVD: CNNVD-201710-448 // 
            
            
            
            NVD: CVE-2015-3321

SOURCES
db:VULHUBid:VHN-81282
db:JVNDBid:JVNDB-2015-008001
db:CNNVDid:CNNVD-201710-448
db:NVDid:CVE-2015-3321

LAST UPDATE DATE
2025-04-20T23:32:04.509000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81282date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2015-008001date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-448date:2017-10-30T00:00:00
db:NVDid:CVE-2015-3321date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-81282date:2017-10-03T00:00:00
db:JVNDBid:JVNDB-2015-008001date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-448date:2017-10-30T00:00:00
db:NVDid:CVE-2015-3321date:2017-10-03T01:29:00.483