CVE-2020-8346 - OpenCVE

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	System Interface Foundation

Configuration 1 [-]

cpe:2.3:a:lenovo:system_interface_foundation:*:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-38717	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2020-09-15T00:00:00

Updated: 2020-09-15T14:20:18

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8346

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-15T15:15:14.370

Modified: 2020-09-21T15:26:24.560

Link: CVE-2020-8346

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "System Interface Foundation", "vendor": "Lenovo", "versions": [{"lessThan": "1.1.19.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Samet Bekmezci for reporting this issue."}], "datePublic": "2020-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-15T14:20:18", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-38717"}], "solutions": [{"lang": "en", "value": "To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps: Update Lenovo Vantage to the latest version from the Microsoft Store. Re-launch Lenovo Vantage to complete the update."}], "source": {"advisory": "LEN-38717", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "DATE_PUBLIC": "2020-09-15T16:00:00.000Z", "ID": "CVE-2020-8346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "System Interface Foundation", "version": {"version_data": [{"version_affected": "<", "version_value": "1.1.19.5"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Samet Bekmezci for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276 Incorrect Default Permissions"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-38717", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-38717"}]}, "solution": [{"lang": "en", "value": "To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps: Update Lenovo Vantage to the latest version from the Microsoft Store. Re-launch Lenovo Vantage to complete the update."}], "source": {"advisory": "LEN-38717", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8346", "datePublished": "2020-09-15T00:00:00", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2020-09-15T14:20:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:system_interface_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CAE06D9-6347-4AC7-94E3-1DF10564C33D", "versionEndExcluding": "1.1.19.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations."}, {"lang": "es", "value": "Se report\u00f3 de una vulnerabilidad de denegaci\u00f3n de servicio en el componente Lenovo Vantage llamado Lenovo System Interface Foundation versiones anteriores a 1.1.19.5, que podr\u00eda permitir que los archivos de configuraci\u00f3n se escribieran en ubicaciones no est\u00e1ndar"}], "id": "CVE-2020-8346", "lastModified": "2020-09-21T15:26:24.560", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2020-09-15T15:15:14.370", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-38717"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}