CVE-2020-8357 - OpenCVE

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Pcmanager

Configuration 1 [-]

cpe:2.3:a:lenovo:pcmanager:*:*:*:*:*:*:*:*

References

Link	Resource
https://iknow.lenovo.com.cn/detail/dc_195029.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2021-03-09T16:15:20

Updated: 2021-03-09T16:15:20

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8357

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-09T17:15:12.827

Modified: 2021-03-12T20:12:56.480

Link: CVE-2020-8357

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"containers": {"cna": {"affected": [{"product": "PCManager", "vendor": "Lenovo", "versions": [{"lessThan": "3.0.200.2042", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks She ZhenHua for reporting this issue."}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-09T16:15:20", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"}], "solutions": [{"lang": "en", "value": "Update to Lenovo PCManager version 3.0.200.2042 (or later)."}], "source": {"advisory": "LEN-51601", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2020-8357", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PCManager", "version": {"version_data": [{"version_affected": "<", "version_value": "3.0.200.2042"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks She ZhenHua for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276 Incorrect Default Permissions"}]}]}, "references": {"reference_data": [{"name": "https://iknow.lenovo.com.cn/detail/dc_195029.html", "refsource": "MISC", "url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"}]}, "solution": [{"lang": "en", "value": "Update to Lenovo PCManager version 3.0.200.2042 (or later)."}], "source": {"advisory": "LEN-51601", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2020-8357", "datePublished": "2021-03-09T16:15:20", "dateReserved": "2020-01-28T00:00:00", "dateUpdated": "2021-03-09T16:15:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:pcmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB66BAA7-8663-4047-B835-73DEADAD86C6", "versionEndExcluding": "3.0.200.2042", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations."}, {"lang": "es", "value": "Se report\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en Lenovo PCManager, versiones anteriores a 3.0.200.2042, que podr\u00eda permitir que los archivos de configuraci\u00f3n se escribieran en ubicaciones no est\u00e1ndar"}], "id": "CVE-2020-8357", "lastModified": "2021-03-12T20:12:56.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2021-03-09T17:15:12.827", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_195029.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}