Sign-up

ID

VAR-201908-0044


CVE

CVE-2019-6165


TITLE

PaperDisplay Hotkey Service Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-008419

DESCRIPTION

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features. PaperDisplay Hotkey Service Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Yoga 700-11ISK and Yoga 700-14ISK are both laptops from Lenovo of China. Microsoft Windows 10 is a set of operating systems used by Microsoft Corporation in the United States for personal computers

Trust: 2.25

sources: NVD: CVE-2019-6165 // JVNDB: JVNDB-2019-008419 // CNVD: CNVD-2019-44749 // VULHUB: VHN-157600

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44749

AFFECTED PRODUCTS

vendor:lenovomodel:yoga 700-11iskscope: - version: -

Trust: 1.4

vendor:lenovomodel:yoga 700-14iskscope: - version: -

Trust: 1.4

vendor:lenovomodel:yoga 700-14iskscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:yoga 700-11iskscope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2019-44749 // JVNDB: JVNDB-2019-008419 // NVD: CVE-2019-6165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6165
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2019-6165
value: HIGH

Trust: 1.0

NVD: CVE-2019-6165
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-44749
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-605
value: HIGH

Trust: 0.6

VULHUB: VHN-157600
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6165
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2019-6165
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-44749
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-157600
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6165
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2019-6165
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-6165
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44749 // VULHUB: VHN-157600 // JVNDB: JVNDB-2019-008419 // CNNVD: CNNVD-201908-605 // NVD: CVE-2019-6165 // NVD: CVE-2019-6165

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-157600 // JVNDB: JVNDB-2019-008419 // NVD: CVE-2019-6165

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-605

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-605

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008419

PATCH
title:LEN-27569url:https://support.lenovo.com/solutions/LEN-27569
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-008419

EXTERNAL IDS
db:NVDid:CVE-2019-6165
Trust: 3.1
db:LENOVOid:LEN-27569
Trust: 2.3
db:JVNDBid:JVNDB-2019-008419
Trust: 0.8
db:CNNVDid:CNNVD-201908-605
Trust: 0.7
db:CNVDid:CNVD-2019-44749
Trust: 0.6
db:VULHUBid:VHN-157600
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44749 // 
            
            
            
            VULHUB: VHN-157600 // 
            
            
            
            JVNDB: JVNDB-2019-008419 // 
            
            
            
            CNNVD: CNNVD-201908-605 // 
            
            
            
            NVD: CVE-2019-6165

REFERENCES
url:https://support.lenovo.com/solutions/len-27569
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6165
Trust: 1.4
url:https://support.lenovo.com/us/en/product_security/len-27569
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6165
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-44749 // 
            
            
            
            VULHUB: VHN-157600 // 
            
            
            
            JVNDB: JVNDB-2019-008419 // 
            
            
            
            CNNVD: CNNVD-201908-605 // 
            
            
            
            NVD: CVE-2019-6165

SOURCES
db:CNVDid:CNVD-2019-44749
db:VULHUBid:VHN-157600
db:JVNDBid:JVNDB-2019-008419
db:CNNVDid:CNNVD-201908-605
db:NVDid:CVE-2019-6165

LAST UPDATE DATE
2024-11-23T23:08:18.137000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44749date:2019-12-11T00:00:00
db:VULHUBid:VHN-157600date:2023-02-02T00:00:00
db:JVNDBid:JVNDB-2019-008419date:2019-08-30T00:00:00
db:CNNVDid:CNNVD-201908-605date:2023-02-03T00:00:00
db:NVDid:CVE-2019-6165date:2024-11-21T04:46:03.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44749date:2019-12-11T00:00:00
db:VULHUBid:VHN-157600date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-008419date:2019-08-30T00:00:00
db:CNNVDid:CNNVD-201908-605date:2019-08-08T00:00:00
db:NVDid:CVE-2019-6165date:2019-08-19T15:15:11.577