Details of VAR-202004-1811

ID

VAR-202004-1811

CVE

CVE-2020-8316

TITLE

Lenovo Vantage Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004037

DESCRIPTION

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges. Lenovo Vantage There is an information leakage vulnerability in.Information may be obtained. Lenovo Vantage is a computer management application program of Lenovo Corporation in China. The program supports features such as driver updates, device status diagnostics, and computer configuration

Trust: 1.71

sources: NVD: CVE-2020-8316 // JVNDB: JVNDB-2020-004037 // VULHUB: VHN-186441

AFFECTED PRODUCTS

vendor:	lenovo	model:	vantage	scope:	lt	version:	10.2003.10.0	Trust: 1.0
vendor:	lenovo	model:	vantage	scope:	eq	version:	10.2003.10.0	Trust: 0.8

sources: JVNDB: JVNDB-2020-004037 // NVD: CVE-2020-8316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8316
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8316
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004037
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-934
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186441
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8316
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004037
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-186441
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8316
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8316
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004037
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186441 // JVNDB: JVNDB-2020-004037 // CNNVD: CNNVD-202004-934 // NVD: CVE-2020-8316 // NVD: CVE-2020-8316

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-186441 // JVNDB: JVNDB-2020-004037 // NVD: CVE-2020-8316

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-934

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202004-934

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004037

PATCH

title:	LEN-30401	url:	https://support.lenovo.com/us/en/product_security/LEN-30401	Trust: 0.8
title:	Lenovo Vantage Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117118	Trust: 0.6

sources: JVNDB: JVNDB-2020-004037 // CNNVD: CNNVD-202004-934

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8316	Trust: 2.5
db:	LENOVO	id:	LEN-30401	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004037	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-934	Trust: 0.7
db:	CNVD	id:	CNVD-2020-27277	Trust: 0.1
db:	VULHUB	id:	VHN-186441	Trust: 0.1

sources: VULHUB: VHN-186441 // JVNDB: JVNDB-2020-004037 // CNNVD: CNNVD-202004-934 // NVD: CVE-2020-8316

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-30401	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8316	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8316	Trust: 0.8

sources: VULHUB: VHN-186441 // JVNDB: JVNDB-2020-004037 // CNNVD: CNNVD-202004-934 // NVD: CVE-2020-8316

SOURCES

db:	VULHUB	id:	VHN-186441
db:	JVNDB	id:	JVNDB-2020-004037
db:	CNNVD	id:	CNNVD-202004-934
db:	NVD	id:	CVE-2020-8316

LAST UPDATE DATE

2024-11-23T22:05:39.309000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186441	date:	2021-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004037	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-934	date:	2021-09-15T00:00:00
db:	NVD	id:	CVE-2020-8316	date:	2024-11-21T05:38:41.573

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186441	date:	2020-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004037	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-934	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-8316	date:	2020-04-14T21:15:15.730