Sign-up

ID

VAR-201908-0041


CVE

CVE-2019-6177


TITLE

Lenovo Solution Center Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-008623

DESCRIPTION

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018. Lenovo Solution Center Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Solution Center is a set of computer system monitoring software developed by China Lenovo (Lenovo). The software is capable of identifying system health, the status of network connectivity and overall system security, and more. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-6177 // JVNDB: JVNDB-2019-008623 // VULHUB: VHN-157612

AFFECTED PRODUCTS

vendor:lenovomodel:solution centerscope:eqversion:03.12.003

Trust: 1.8

sources: JVNDB: JVNDB-2019-008623 // NVD: CVE-2019-6177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6177
value: CRITICAL

Trust: 1.0

psirt@lenovo.com: CVE-2019-6177
value: HIGH

Trust: 1.0

NVD: CVE-2019-6177
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201908-1373
value: CRITICAL

Trust: 0.6

VULHUB: VHN-157612
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6177
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157612
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6177
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2019-6177
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-6177
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157612 // JVNDB: JVNDB-2019-008623 // CNNVD: CNNVD-201908-1373 // NVD: CVE-2019-6177 // NVD: CVE-2019-6177

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-157612 // JVNDB: JVNDB-2019-008623 // NVD: CVE-2019-6177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1373

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-1373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008623

PATCH
title:LEN-27811url:https://support.lenovo.com/jp/ja/solutions/len-27811
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008623

EXTERNAL IDS
db:NVDid:CVE-2019-6177
Trust: 2.5
db:LENOVOid:LEN-27811
Trust: 1.7
db:JVNDBid:JVNDB-2019-008623
Trust: 0.8
db:CNNVDid:CNNVD-201908-1373
Trust: 0.7
db:VULHUBid:VHN-157612
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157612 // 
            
            
            
            JVNDB: JVNDB-2019-008623 // 
            
            
            
            CNNVD: CNNVD-201908-1373 // 
            
            
            
            NVD: CVE-2019-6177

REFERENCES
url:https://support.lenovo.com/solutions/len-27811
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6177
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6177
Trust: 0.8
url:https://support.lenovo.com/us/zh/product_security/len-27811
Trust: 0.6
sources:
            
            
            VULHUB: VHN-157612 // 
            
            
            
            JVNDB: JVNDB-2019-008623 // 
            
            
            
            CNNVD: CNNVD-201908-1373 // 
            
            
            
            NVD: CVE-2019-6177

CREDITS
Takeshi Shiomitsu at Pen Test Partners
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201908-1373

SOURCES
db:VULHUBid:VHN-157612
db:JVNDBid:JVNDB-2019-008623
db:CNNVDid:CNNVD-201908-1373
db:NVDid:CVE-2019-6177

LAST UPDATE DATE
2024-11-23T23:11:46.298000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157612date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-008623date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1373date:2019-09-03T00:00:00
db:NVDid:CVE-2019-6177date:2024-11-21T04:46:06.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-157612date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008623date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-1373date:2019-08-20T00:00:00
db:NVDid:CVE-2019-6177date:2019-08-21T20:15:13.057