Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500008-NOSID
HistoryJun 20, 2016 - 12:00 a.m.

Lenovo Fingerprint Manager

2016-06-2000:00:00
support.lenovo.com
32

0.0004 Low

EPSS

Percentile

5.1%

JSON

Lenovo Security Advisory: LEN-2015-017 **Potential Impact: **Privilege Escalation Severity: Medium

Summary:

Lenovo Fingerprint Manger has a local privilege escalation vulnerability. This vulnerability cannot be remotely exploited. A local user logged in to the PC could escalate their privileges by running an executable with administrator rights.

Description:
Lenovo Fingerprint Manager software has a known issue where malicious users may invalidate local checks because of insecure and incorrect access control lists on services and files within the Lenovo Fingerprint Manager application.

Mitigation Strategy for Customers (what you should do to protect yourself):
There are several ways you can protect yourself. Lenovo recommends that you take one of the following steps:

  • Starting from April 15, 2015, run Lenovo System Update and install the recommended Fingerprint Manager software update

  • Make sure you have the latest version of the software installed on your computer. The minimum version of Fingerprint Manager that corrects the problem is version 8.01.42 or later. You can find the latest version of the software at http://support.lenovo.com/downloads/ds034486.

  • Alternatively, if you are not using the Fingerprint Manager, you may uninstall this software using the following steps:

    1. Open Control Panel
    2. Click on “Programs”
    3. Click on “Uninstall a Program”
    4. In the list of installed programs, find “Fingerprint Manager” and then click on the “Uninstall” button

Product Impact:
The following products may be affected:

  • ThinkCentre E32
  • ThinkCentre E79
  • ThinkCentre M73, M73z
  • ThinkCentre M78
  • ThinkCentre M79
  • ThinkCentre M83
  • ThinkCentre M93, M93p, M93z
  • ThinkPad T440, T440p, T440s, T450, T450s
  • ThinkPad T540, T540p, T550
  • ThinkPad W540, W541, W550, W550s
  • ThinkPad X1 Carbon series
  • ThinkPad X240, X240s, X250
  • ThinkStation P300

To determine if you are affected, open Control Panel and go to add/remove programs. If you are running an earlier version than 8.01.42, please update to the latest version of Fingerprint Manager using the steps in the Mitigation Strategy section.

Acknowledgements:

Lenovo would like to thank Jon Coller of The University of Saskatchewan for reporting this issue.

Other information and references:

  • CVE ID: CVE-2015-3321
    Revision History:

Revision

|

Date

|

Description

—|—|—
1.1 | 05/27/2015 | Updated Summary description
1.0 | 05/08/2015 | Initial release

Related

cve 1
prion 1
cvelist 1
lenovo 1
nvd 1
cve
cve
CVE-2015-3321
2017-10-03 01:29:00
prion
prion
Code injection
2017-10-03 01:29:00
cvelist
cvelist
CVE-2015-3321
2017-10-02 18:00:00
lenovo
lenovo
Lenovo Fingerprint Manager - Lenovo Support US
2016-06-20 00:00:00
nvd
nvd
CVE-2015-3321
2017-10-03 01:29:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for LENOVO:PS500008-NOSID
cve1prion1cvelist1lenovo1nvd1