Lucene search

LenovoCVELIST:CVE-2021-3720

HistoryNov 12, 2021 - 10:05 p.m.

CVE-2021-3720

2021-11-1222:05:38

CWE-276

lenovo

www.cve.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.

CNA Affected

[
  {
    "product": "Legion Phone Pro (L79031)",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "12.5.231",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Legion Phone2 Pro (L70081)",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "12.5.632",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

iknow.lenovo.com.cn/detail/dc_199217.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2021-3720