Lucene search

[email protected]CVE-2015-3321

HistoryOct 03, 2017 - 1:29 a.m.

CVE-2015-3321

2017-10-0301:29:00

CWE-264

[email protected]

web.nvd.nist.gov

lenovo

fingerprint manager

acl

local privilege escalation

vulnerability

cve-2015-3321

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

Affected configurations

NVD

Node

lenovofingerprint_managerRange≤8.01.41

CPENameOperatorVersion
lenovo:fingerprint_managerlenovo fingerprint managerle8.01.41

CPE	Name	Operator	Version
lenovo:fingerprint_manager	lenovo fingerprint manager	le	8.01.41

References

support.lenovo.com/us/en/product_security/lenovo_fpr

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3321

lenovo2 prion1 cvelist1 nvd1