Sign-up

ID

VAR-202010-1493


CVE

CVE-2020-8345


TITLE

Lenovo Vantage  for  Lenovo HardwareScan  Vulnerability in uncontrolled search path elements in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2020-012529

DESCRIPTION

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. Lenovo Vantage for Lenovo HardwareScan The plugin contains a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo Vantage is a computer management application program of Lenovo Corporation in China. The program supports features such as driver updates, device status diagnostics, and computer configuration. There is a security vulnerability in the Lenovo hardware scanning plug-in. Attackers can use this vulnerability to escalate their privileges

Trust: 1.8

sources: NVD: CVE-2020-8345 // JVNDB: JVNDB-2020-012529 // VULHUB: VHN-186470 // VULMON: CVE-2020-8345

AFFECTED PRODUCTS

vendor:lenovomodel:hardware scanscope:ltversion:1.0.46.11

Trust: 1.0

vendor:lenovomodel:hardwarescanscope:eqversion: -

Trust: 0.8

vendor:lenovomodel:hardwarescanscope:ltversion:1.0.46.11 less than

Trust: 0.8

sources: JVNDB: JVNDB-2020-012529 // NVD: CVE-2020-8345

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8345
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2020-8345
value: HIGH

Trust: 1.0

NVD: CVE-2020-8345
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-569
value: HIGH

Trust: 0.6

VULHUB: VHN-186470
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-8345
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8345
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-186470
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8345
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2020-8345
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-8345
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186470 // VULMON: CVE-2020-8345 // JVNDB: JVNDB-2020-012529 // CNNVD: CNNVD-202010-569 // NVD: CVE-2020-8345 // NVD: CVE-2020-8345

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.1

problemtype:Uncontrolled search path elements (CWE-427) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186470 // JVNDB: JVNDB-2020-012529 // NVD: CVE-2020-8345

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-569

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-569

PATCH

title:LEN-44421url:https://support.lenovo.com/us/en/product_security/LEN-44421

Trust: 0.8

title:Lenovo Vantage Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131247

Trust: 0.6

sources: JVNDB: JVNDB-2020-012529 // CNNVD: CNNVD-202010-569

EXTERNAL IDS

db:NVDid:CVE-2020-8345

Trust: 2.6

db:LENOVOid:LEN-44421

Trust: 1.8

db:JVNDBid:JVNDB-2020-012529

Trust: 0.8

db:CNNVDid:CNNVD-202010-569

Trust: 0.6

db:VULHUBid:VHN-186470

Trust: 0.1

db:VULMONid:CVE-2020-8345

Trust: 0.1

sources: VULHUB: VHN-186470 // VULMON: CVE-2020-8345 // JVNDB: JVNDB-2020-012529 // CNNVD: CNNVD-202010-569 // NVD: CVE-2020-8345

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-44421

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-8345

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/427.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/189754

Trust: 0.1

sources: VULHUB: VHN-186470 // VULMON: CVE-2020-8345 // JVNDB: JVNDB-2020-012529 // CNNVD: CNNVD-202010-569 // NVD: CVE-2020-8345

SOURCES

db:VULHUBid:VHN-186470
db:VULMONid:CVE-2020-8345
db:JVNDBid:JVNDB-2020-012529
db:CNNVDid:CNNVD-202010-569
db:NVDid:CVE-2020-8345

LAST UPDATE DATE

2024-11-23T21:35:09.056000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186470date:2020-10-26T00:00:00
db:VULMONid:CVE-2020-8345date:2020-10-26T00:00:00
db:JVNDBid:JVNDB-2020-012529date:2021-05-12T03:29:00
db:CNNVDid:CNNVD-202010-569date:2020-10-27T00:00:00
db:NVDid:CVE-2020-8345date:2024-11-21T05:38:44.940

SOURCES RELEASE DATE

db:VULHUBid:VHN-186470date:2020-10-14T00:00:00
db:VULMONid:CVE-2020-8345date:2020-10-14T00:00:00
db:JVNDBid:JVNDB-2020-012529date:2021-05-12T00:00:00
db:CNNVDid:CNNVD-202010-569date:2020-10-13T00:00:00
db:NVDid:CVE-2020-8345date:2020-10-14T22:15:13.577