CVE-2020-8326 - OpenCVE

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Drivers Management

Configuration 1 [-]

cpe:2.3:a:lenovo:drivers_management:*:*:*:*:*:*:*:*

References

Link	Resource
https://iknow.lenovo.com.cn/detail/dc_190088.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-07-24T00:00:00

Updated: 2020-07-24T16:10:25

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8326

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-24T16:15:12.193

Modified: 2020-07-29T16:07:53.583

Link: CVE-2020-8326

JSON object: View

Redhat Information

No data.

CWE

CWE-428

{"containers": {"cna": {"affected": [{"product": "Drivers Management", "vendor": "Lenovo", "versions": [{"lessThan": "2.7.1128.1046", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Jinwei Chen of Bangcle Security for reporting this issue. "}], "datePublic": "2020-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-24T16:10:25", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://iknow.lenovo.com.cn/detail/dc_190088.html"}], "solutions": [{"lang": "en", "value": "Update to Lenovo Drivers Management version 2.7.1128.1046 (or newer)."}], "source": {"advisory": "LEN-38381", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-07-24T16:00:00.000Z", "ID": "CVE-2020-8326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Drivers Management", "version": {"version_data": [{"version_affected": "<", "version_value": "2.7.1128.1046"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Jinwei Chen of Bangcle Security for reporting this issue. "}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-428 Unquoted Search Path or Element"}]}]}, "references": {"reference_data": [{"name": "https://iknow.lenovo.com.cn/detail/dc_190088.html", "refsource": "MISC", "url": "https://iknow.lenovo.com.cn/detail/dc_190088.html"}]}, "solution": [{"lang": "en", "value": "Update to Lenovo Drivers Management version 2.7.1128.1046 (or newer)."}], "source": {"advisory": "LEN-38381", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8326", "datePublished": "2020-07-24T00:00:00", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-07-24T16:10:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:drivers_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0B01C5D-E437-4C3D-A131-33EA06121C70", "versionEndExcluding": "2.7.1128.1046", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges."}, {"lang": "es", "value": "Se report\u00f3 una vulnerabilidad de ruta de servicio sin comillas en Lenovo Drivers Management versiones anteriores a 2.7.1128.1046, que podr\u00eda permitir a un usuario autenticado ejecutar c\u00f3digo con privilegios elevados"}], "id": "CVE-2020-8326", "lastModified": "2020-07-29T16:07:53.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-07-24T16:15:12.193", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_190088.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-428"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-428"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}