Details of VAR-202006-0601

ID

VAR-202006-0601

CVE

CVE-2019-6173

TITLE

plural Lenovo installation Unreliable search path vulnerabilities in packages

Trust: 0.8

sources: JVNDB: JVNDB-2019-015675

DESCRIPTION

A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges. plural Lenovo installation The package contains a vulnerability in an unreliable search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a code problem vulnerability in the Lenovo installation package before 1.2.9.3. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-6173 // JVNDB: JVNDB-2019-015675 // VULHUB: VHN-157608

AFFECTED PRODUCTS

vendor:	lenovo	model:	installation package	scope:	lt	version:	1.2.9.3	Trust: 1.0
vendor:	lenovo	model:	installation package	scope:	eq	version:	1.2.9.3	Trust: 0.8

sources: JVNDB: JVNDB-2019-015675 // NVD: CVE-2019-6173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6173
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6173
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2019-015675
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202001-531
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-157608
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-6173
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-015675
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-157608
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6173
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.6
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@lenovo.com:	CVE-2019-6173
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015675
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-157608 // JVNDB: JVNDB-2019-015675 // CNNVD: CNNVD-202001-531 // NVD: CVE-2019-6173 // NVD: CVE-2019-6173

PROBLEMTYPE DATA

problemtype:

CWE-426

Trust: 1.9

sources: VULHUB: VHN-157608 // JVNDB: JVNDB-2019-015675 // NVD: CVE-2019-6173

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-531

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202001-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015675

PATCH

title:	LEN-27431	url:	https://support.lenovo.com/us/en/product_security/len-27431	Trust: 0.8
title:	Lenovo Installation package security vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=106866	Trust: 0.6

sources: JVNDB: JVNDB-2019-015675 // CNNVD: CNNVD-202001-531

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6173	Trust: 2.5
db:	LENOVO	id:	LEN-27431	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-015675	Trust: 0.8
db:	CNNVD	id:	CNNVD-202001-531	Trust: 0.7
db:	VULHUB	id:	VHN-157608	Trust: 0.1

sources: VULHUB: VHN-157608 // JVNDB: JVNDB-2019-015675 // CNNVD: CNNVD-202001-531 // NVD: CVE-2019-6173

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-27431	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6173	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6173	Trust: 0.8

sources: VULHUB: VHN-157608 // JVNDB: JVNDB-2019-015675 // CNNVD: CNNVD-202001-531 // NVD: CVE-2019-6173

SOURCES

db:	VULHUB	id:	VHN-157608
db:	JVNDB	id:	JVNDB-2019-015675
db:	CNNVD	id:	CNNVD-202001-531
db:	NVD	id:	CVE-2019-6173

LAST UPDATE DATE

2024-11-23T22:21:10.509000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-157608	date:	2020-06-22T00:00:00
db:	JVNDB	id:	JVNDB-2019-015675	date:	2020-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202001-531	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2019-6173	date:	2024-11-21T04:46:06.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-157608	date:	2020-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-015675	date:	2020-07-20T00:00:00
db:	CNNVD	id:	CNNVD-202001-531	date:	2020-01-14T00:00:00
db:	NVD	id:	CVE-2019-6173	date:	2020-06-09T20:15:11.710