Details of VAR-202010-1492

ID

VAR-202010-1492

CVE

CVE-2020-8338

TITLE

Lenovo Diagnostics Untrusted search path vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-012168

DESCRIPTION

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. Lenovo Diagnostics Exists in an untrusted search path vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Diagnostics is a tool for scanning and diagnosing hardware failures of Lenovo computers. This tool can help users scan, check, and repair computer driver problems. Lenovo Diagnostics can also help users easily solve some blue screen and crash problems on the computer and repair them. It can scan and diagnose faults with one click

Trust: 1.8

sources: NVD: CVE-2020-8338 // JVNDB: JVNDB-2020-012168 // VULHUB: VHN-186463 // VULMON: CVE-2020-8338

AFFECTED PRODUCTS

vendor:	lenovo	model:	diagnostics	scope:	lt	version:	4.35.4	Trust: 1.0
vendor:	lenovo	model:	diagnostics	scope:	eq	version:	-	Trust: 0.8
vendor:	lenovo	model:	diagnostics	scope:	lt	version:	4.35.4 less than	Trust: 0.8

sources: JVNDB: JVNDB-2020-012168 // NVD: CVE-2020-8338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8338
value:	HIGH
Trust: 1.0
psirt@lenovo.com:	CVE-2020-8338
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-8338
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-577
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186463
value:	HIGH
Trust: 0.1
VULMON:	CVE-2020-8338
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-8338
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-186463
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8338
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2020-012168
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186463 // VULMON: CVE-2020-8338 // JVNDB: JVNDB-2020-012168 // CNNVD: CNNVD-202010-577 // NVD: CVE-2020-8338 // NVD: CVE-2020-8338

PROBLEMTYPE DATA

problemtype:	CWE-426	Trust: 1.1
problemtype:	Untrusted search path (CWE-426) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-186463 // JVNDB: JVNDB-2020-012168 // NVD: CVE-2020-8338

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-577

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-577

PATCH

title:	LEN-32702	url:	https://support.lenovo.com/us/en/product_security/LEN-32702	Trust: 0.8
title:	Lenovo Diagnostics Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131251	Trust: 0.6

sources: JVNDB: JVNDB-2020-012168 // CNNVD: CNNVD-202010-577

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8338	Trust: 2.6
db:	LENOVO	id:	LEN-32702	Trust: 1.8
db:	JVNDB	id:	JVNDB-2020-012168	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-577	Trust: 0.6
db:	CNVD	id:	CNVD-2020-57816	Trust: 0.1
db:	VULHUB	id:	VHN-186463	Trust: 0.1
db:	VULMON	id:	CVE-2020-8338	Trust: 0.1

sources: VULHUB: VHN-186463 // VULMON: CVE-2020-8338 // JVNDB: JVNDB-2020-012168 // CNNVD: CNNVD-202010-577 // NVD: CVE-2020-8338

REFERENCES

url:	https://support.lenovo.com/us/en/product_security/len-32702	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8338	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/426.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/189757	Trust: 0.1

sources: VULHUB: VHN-186463 // VULMON: CVE-2020-8338 // JVNDB: JVNDB-2020-012168 // CNNVD: CNNVD-202010-577 // NVD: CVE-2020-8338

SOURCES

db:	VULHUB	id:	VHN-186463
db:	VULMON	id:	CVE-2020-8338
db:	JVNDB	id:	JVNDB-2020-012168
db:	CNNVD	id:	CNNVD-202010-577
db:	NVD	id:	CVE-2020-8338

LAST UPDATE DATE

2024-11-23T22:44:24.604000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186463	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2020-8338	date:	2020-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-012168	date:	2021-04-26T08:50:00
db:	CNNVD	id:	CNNVD-202010-577	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2020-8338	date:	2024-11-21T05:38:44.340

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186463	date:	2020-10-14T00:00:00
db:	VULMON	id:	CVE-2020-8338	date:	2020-10-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-012168	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-577	date:	2020-10-13T00:00:00
db:	NVD	id:	CVE-2020-8338	date:	2020-10-14T22:15:13.513