Sign-up

ID

VAR-201807-1682


CVE

CVE-2018-9067


TITLE

Lenovo Help Android Application access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007933

DESCRIPTION

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. Lenovo Help Android The application contains an access control vulnerability.Information may be obtained. Lenovo Help Android app is an application provided by China Lenovo (Lenovo) to provide online support for Lenovo computers, mobile phones and data centers and other products. This program is mainly used to view the device information and warranty status of Lenovo products, etc. Attackers can use this vulnerability to disclose about 400 email addresses and 8,500 mobile phone serial numbers (IMEI)

Trust: 1.71

sources: NVD: CVE-2018-9067 // JVNDB: JVNDB-2018-007933 // VULHUB: VHN-139099

AFFECTED PRODUCTS

vendor:lenovomodel:helpscope:ltversion:6.1.2.0327

Trust: 1.8

sources: JVNDB: JVNDB-2018-007933 // NVD: CVE-2018-9067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9067
value: HIGH

Trust: 1.0

NVD: CVE-2018-9067
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-1175
value: HIGH

Trust: 0.6

VULHUB: VHN-139099
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9067
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139099
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9067
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139099 // JVNDB: JVNDB-2018-007933 // CNNVD: CNNVD-201807-1175 // NVD: CVE-2018-9067

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-139099 // JVNDB: JVNDB-2018-007933 // NVD: CVE-2018-9067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1175

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007933

PATCH
title:LEN-21561url:https://support.lenovo.com/jp/ja/solutions/len-21561
Trust: 0.8
title:Lenovo Help Android app Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82138
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007933 // 
            
            
            
            CNNVD: CNNVD-201807-1175

EXTERNAL IDS
db:NVDid:CVE-2018-9067
Trust: 2.5
db:LENOVOid:LEN-21561
Trust: 1.7
db:JVNDBid:JVNDB-2018-007933
Trust: 0.8
db:CNNVDid:CNNVD-201807-1175
Trust: 0.6
db:VULHUBid:VHN-139099
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139099 // 
            
            
            
            JVNDB: JVNDB-2018-007933 // 
            
            
            
            CNNVD: CNNVD-201807-1175 // 
            
            
            
            NVD: CVE-2018-9067

REFERENCES
url:https://support.lenovo.com/us/en/solutions/len-21561
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9067
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9067
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139099 // 
            
            
            
            JVNDB: JVNDB-2018-007933 // 
            
            
            
            CNNVD: CNNVD-201807-1175 // 
            
            
            
            NVD: CVE-2018-9067

SOURCES
db:VULHUBid:VHN-139099
db:JVNDBid:JVNDB-2018-007933
db:CNNVDid:CNNVD-201807-1175
db:NVDid:CVE-2018-9067

LAST UPDATE DATE
2024-11-23T22:22:01.903000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139099date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007933date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-1175date:2019-10-23T00:00:00
db:NVDid:CVE-2018-9067date:2024-11-21T04:14:54.290

SOURCES RELEASE DATE
db:VULHUBid:VHN-139099date:2018-07-13T00:00:00
db:JVNDBid:JVNDB-2018-007933date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-1175date:2018-07-16T00:00:00
db:NVDid:CVE-2018-9067date:2018-07-13T16:29:00.613