Details of VAR-202009-1528

ID

VAR-202009-1528

CVE

CVE-2020-8346

TITLE

Lenovo System Interface Foundation Inappropriate Default Permission Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-011307

DESCRIPTION

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Lenovo System Interface Foundation Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Both Lenovo System Interface Foundation and Lenovo Vantage are products of Lenovo, a Chinese company. Lenovo System Interface Foundation is a set of software for communicating with hardware devices. Lenovo Vantage is a computer management application. The program supports features such as driver updates, device status diagnostics, and computer configuration

Trust: 1.71

sources: NVD: CVE-2020-8346 // JVNDB: JVNDB-2020-011307 // VULHUB: VHN-186471

AFFECTED PRODUCTS

vendor:	lenovo	model:	system interface foundation	scope:	lt	version:	1.1.19.5	Trust: 1.0
vendor:	lenovo	model:	system interface foundation	scope:	eq	version:	-	Trust: 0.8
vendor:	lenovo	model:	system interface foundation	scope:	lt	version:	1.1.19.5 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-011307 // NVD: CVE-2020-8346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8346
value:	MEDIUM
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8346
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-8346
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202009-651
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-186471
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2020-8346
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-186471
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8346
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-011307
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186471 // JVNDB: JVNDB-2020-011307 // CNNVD: CNNVD-202009-651 // NVD: CVE-2020-8346 // NVD: CVE-2020-8346

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186471 // JVNDB: JVNDB-2020-011307 // NVD: CVE-2020-8346

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-651

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202009-651

PATCH

title:	LEN-38717	url:	https://support.lenovo.com/us/en/product_security/LEN-38717	Trust: 0.8
title:	Lenovo System Interface Foundation and Lenovo Vantage Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128097	Trust: 0.6

sources: JVNDB: JVNDB-2020-011307 // CNNVD: CNNVD-202009-651

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8346	Trust: 2.5
db:	LENOVO	id:	LEN-38717	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-011307	Trust: 0.8
db:	CNNVD	id:	CNNVD-202009-651	Trust: 0.7
db:	NSFOCUS	id:	50092	Trust: 0.6
db:	VULHUB	id:	VHN-186471	Trust: 0.1

sources: VULHUB: VHN-186471 // JVNDB: JVNDB-2020-011307 // CNNVD: CNNVD-202009-651 // NVD: CVE-2020-8346

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-38717	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8346	Trust: 1.4
url:	http://www.nsfocus.net/vulndb/50092	Trust: 0.6

sources: VULHUB: VHN-186471 // JVNDB: JVNDB-2020-011307 // CNNVD: CNNVD-202009-651 // NVD: CVE-2020-8346

SOURCES

db:	VULHUB	id:	VHN-186471
db:	JVNDB	id:	JVNDB-2020-011307
db:	CNNVD	id:	CNNVD-202009-651
db:	NVD	id:	CVE-2020-8346

LAST UPDATE DATE

2024-11-23T23:11:17.050000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186471	date:	2020-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2020-011307	date:	2021-03-26T07:02:00
db:	CNNVD	id:	CNNVD-202009-651	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-8346	date:	2024-11-21T05:38:45.050

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186471	date:	2020-09-15T00:00:00
db:	JVNDB	id:	JVNDB-2020-011307	date:	2021-03-26T00:00:00
db:	CNNVD	id:	CNNVD-202009-651	date:	2020-09-08T00:00:00
db:	NVD	id:	CVE-2020-8346	date:	2020-09-15T15:15:14.370