Details of VAR-202004-1812

ID

VAR-202004-1812

CVE

CVE-2020-8318

TITLE

Lenovo System Interface Foundation for LenovoSystemUpdatePlugin Vulnerability related to authority management in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004039

DESCRIPTION

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges. Lenovo System Interface Foundation for LenovoSystemUpdatePlugin Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices. A security vulnerability exists in the LenovoSystemUpdatePlugin in the Lenovo System Interface Foundation

Trust: 1.71

sources: NVD: CVE-2020-8318 // JVNDB: JVNDB-2020-004039 // VULHUB: VHN-186443

AFFECTED PRODUCTS

vendor:	lenovo	model:	system interface foundation	scope:	lt	version:	2.0.0.92	Trust: 1.0
vendor:	lenovo	model:	system interface foundation	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-004039 // NVD: CVE-2020-8318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8318
value:	HIGH
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8318
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-004039
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202004-935
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186443
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-8318
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004039
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-186443
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8318
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8318
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004039
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186443 // JVNDB: JVNDB-2020-004039 // CNNVD: CNNVD-202004-935 // NVD: CVE-2020-8318 // NVD: CVE-2020-8318

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-269	Trust: 0.9

sources: VULHUB: VHN-186443 // JVNDB: JVNDB-2020-004039 // NVD: CVE-2020-8318

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-935

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-935

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004039

PATCH

title:	LEN-30401	url:	https://support.lenovo.com/us/en/product_security/LEN-30401	Trust: 0.8
title:	Lenovo System Interface Foundation Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115964	Trust: 0.6

sources: JVNDB: JVNDB-2020-004039 // CNNVD: CNNVD-202004-935

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8318	Trust: 2.5
db:	LENOVO	id:	LEN-30401	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004039	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-935	Trust: 0.7
db:	CNVD	id:	CNVD-2020-27278	Trust: 0.1
db:	VULHUB	id:	VHN-186443	Trust: 0.1

sources: VULHUB: VHN-186443 // JVNDB: JVNDB-2020-004039 // CNNVD: CNNVD-202004-935 // NVD: CVE-2020-8318

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-30401	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8318	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8318	Trust: 0.8

sources: VULHUB: VHN-186443 // JVNDB: JVNDB-2020-004039 // CNNVD: CNNVD-202004-935 // NVD: CVE-2020-8318

SOURCES

db:	VULHUB	id:	VHN-186443
db:	JVNDB	id:	JVNDB-2020-004039
db:	CNNVD	id:	CNNVD-202004-935
db:	NVD	id:	CVE-2020-8318

LAST UPDATE DATE

2024-11-23T22:05:39.284000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186443	date:	2021-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-004039	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-935	date:	2020-04-17T00:00:00
db:	NVD	id:	CVE-2020-8318	date:	2024-11-21T05:38:41.807

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186443	date:	2020-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004039	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-935	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-8318	date:	2020-04-14T21:15:15.887