Lenovo Help Android App Access Control - US

Lenovo Security Advisory: LEN-21561

Potential Impact: Exposure and modification of private app data

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2018-9067

Summary Description:

The Lenovo Help Android app had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update to version 6.1.2.0327 or later available in the Google Play app store.

Acknowledgements:

Lenovo thanks Erez Rokah from Noless Serverless Security for reporting this issue.

References:

Lenovo Help in the Google Play app store: <https://play.google.com/store/apps/details?id=com.lenovo.serviceit&gt;

For a complete list of all Lenovo Product Security Advisories, click here.

Revision History:

Revision

|

Date

|

Description

—|—|—

1

|

2018-07-12

|

Initial release.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.