Sign-up

ID

VAR-201911-0278


CVE

CVE-2019-6189


TITLE

Lenovo System Interface Foundation Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2019-012220

DESCRIPTION

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Lenovo System Interface Foundation Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices

Trust: 1.71

sources: NVD: CVE-2019-6189 // JVNDB: JVNDB-2019-012220 // VULHUB: VHN-157624

AFFECTED PRODUCTS

vendor:lenovomodel:system interface foundationscope:ltversion:1.1.18.3

Trust: 1.8

vendor:lenovomodel:system interface foundationscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-012220 // CNNVD: CNNVD-201911-1141 // NVD: CVE-2019-6189

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6189
value: HIGH

Trust: 1.0

NVD: CVE-2019-6189
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-1141
value: HIGH

Trust: 0.6

VULHUB: VHN-157624
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-6189
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-157624
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6189
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-6189
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-157624 // JVNDB: JVNDB-2019-012220 // CNNVD: CNNVD-201911-1141 // NVD: CVE-2019-6189

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-157624 // JVNDB: JVNDB-2019-012220 // NVD: CVE-2019-6189

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-1141

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012220

PATCH
title:LEN-29198url:https://support.lenovo.com/solutions/LEN-29198
Trust: 0.8
title:Lenovo System Interface Foundation Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103492
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-012220 // 
            
            
            
            CNNVD: CNNVD-201911-1141

EXTERNAL IDS
db:NVDid:CVE-2019-6189
Trust: 2.5
db:LENOVOid:LEN-29198
Trust: 1.7
db:JVNDBid:JVNDB-2019-012220
Trust: 0.8
db:CNNVDid:CNNVD-201911-1141
Trust: 0.7
db:VULHUBid:VHN-157624
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157624 // 
            
            
            
            JVNDB: JVNDB-2019-012220 // 
            
            
            
            CNNVD: CNNVD-201911-1141 // 
            
            
            
            NVD: CVE-2019-6189

REFERENCES
url:https://support.lenovo.com/solutions/len-29198
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-6189
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6189
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-29198
Trust: 0.6
sources:
            
            
            VULHUB: VHN-157624 // 
            
            
            
            JVNDB: JVNDB-2019-012220 // 
            
            
            
            CNNVD: CNNVD-201911-1141 // 
            
            
            
            NVD: CVE-2019-6189

SOURCES
db:VULHUBid:VHN-157624
db:JVNDBid:JVNDB-2019-012220
db:CNNVDid:CNNVD-201911-1141
db:NVDid:CVE-2019-6189

LAST UPDATE DATE
2024-11-23T22:51:37.593000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157624date:2019-11-22T00:00:00
db:JVNDBid:JVNDB-2019-012220date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1141date:2019-11-25T00:00:00
db:NVDid:CVE-2019-6189date:2024-11-21T04:46:08.257

SOURCES RELEASE DATE
db:VULHUBid:VHN-157624date:2019-11-20T00:00:00
db:JVNDBid:JVNDB-2019-012220date:2019-11-27T00:00:00
db:CNNVDid:CNNVD-201911-1141date:2019-11-19T00:00:00
db:NVDid:CVE-2019-6189date:2019-11-20T02:15:10.867