Details of VAR-202004-2174

ID

VAR-202004-2174

CVE

CVE-2020-8324

TITLE

Lenovo System Interface Foundation for LenovoAppScenarioPluginSystem Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004038

DESCRIPTION

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. Lenovo System Interface Foundation for LenovoAppScenarioPluginSystem There is an input verification vulnerability in.Information may be tampered with. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices

Trust: 1.71

sources: NVD: CVE-2020-8324 // JVNDB: JVNDB-2020-004038 // VULHUB: VHN-186449

AFFECTED PRODUCTS

vendor:	lenovo	model:	system interface foundation	scope:	lt	version:	1.2.184.31	Trust: 1.0
vendor:	lenovo	model:	system interface foundation	scope:	eq	version:	1.2.184.31	Trust: 0.8

sources: JVNDB: JVNDB-2020-004038 // NVD: CVE-2020-8324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8324
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8324
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-004038
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202004-938
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186449
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8324
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004038
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-186449
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8324
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8324
baseSeverity:	MEDIUM
baseScore:	5.0
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.3
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004038
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186449 // JVNDB: JVNDB-2020-004038 // CNNVD: CNNVD-202004-938 // NVD: CVE-2020-8324 // NVD: CVE-2020-8324

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-347	Trust: 1.0

sources: VULHUB: VHN-186449 // JVNDB: JVNDB-2020-004038 // NVD: CVE-2020-8324

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-938

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-938

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004038

PATCH

title:	LEN-30401	url:	https://support.lenovo.com/us/en/product_security/LEN-30401	Trust: 0.8
title:	Lenovo System Interface Foundation Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115966	Trust: 0.6

sources: JVNDB: JVNDB-2020-004038 // CNNVD: CNNVD-202004-938

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8324	Trust: 2.5
db:	LENOVO	id:	LEN-30401	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-004038	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-938	Trust: 0.7
db:	CNVD	id:	CNVD-2020-27280	Trust: 0.1
db:	VULHUB	id:	VHN-186449	Trust: 0.1

sources: VULHUB: VHN-186449 // JVNDB: JVNDB-2020-004038 // CNNVD: CNNVD-202004-938 // NVD: CVE-2020-8324

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-30401	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8324	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8324	Trust: 0.8

sources: VULHUB: VHN-186449 // JVNDB: JVNDB-2020-004038 // CNNVD: CNNVD-202004-938 // NVD: CVE-2020-8324

SOURCES

db:	VULHUB	id:	VHN-186449
db:	JVNDB	id:	JVNDB-2020-004038
db:	CNNVD	id:	CNNVD-202004-938
db:	NVD	id:	CVE-2020-8324

LAST UPDATE DATE

2024-11-23T22:05:39.205000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186449	date:	2020-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-004038	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-938	date:	2020-04-21T00:00:00
db:	NVD	id:	CVE-2020-8324	date:	2024-11-21T05:38:42.937

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186449	date:	2020-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-004038	date:	2020-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202004-938	date:	2020-04-14T00:00:00
db:	NVD	id:	CVE-2020-8324	date:	2020-04-14T21:15:16.120