Lucene search

LenovoCVELIST:CVE-2020-8326

HistoryJul 24, 2020 - 4:10 p.m.

CVE-2020-8326

2020-07-2416:10:25

CWE-428

lenovo

www.cve.org

lenovo drivers management

unquoted service path

authenticated user

code execution

elevated privileges

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

CNA Affected

[
  {
    "product": "Drivers Management",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "2.7.1128.1046",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

iknow.lenovo.com.cn/detail/dc_190088.html

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for CVELIST:CVE-2020-8326