Lucene search

LenovoCVELIST:CVE-2020-8317

HistoryJul 24, 2020 - 4:10 p.m.

CVE-2020-8317

2020-07-2416:10:25

CWE-426

lenovo

www.cve.org

lenovo

drivers management

vulnerability

authenticated user

execute code

elevated privileges

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

CNA Affected

[
  {
    "product": "Drivers Management",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "2.7.1128.1046",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

iknow.lenovo.com.cn/detail/dc_190088.html

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.4%

JSON

Related for CVELIST:CVE-2020-8317