Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
lenovoLenovoLENOVO:PS500322-LENOVO-VANTAGE-VULNERABILITIES-NOSID
HistoryApr 13, 2020 - 10:56 p.m.

Lenovo Vantage Vulnerabilities - Lenovo Support NL

2020-04-1322:56:13
support.lenovo.com
6

0.0004 Low

EPSS

Percentile

12.7%

JSON

Lenovo Security Advisory: LEN-30401

Potential Impact: Escalation of Privilege, Improper Verification of Cryptographic Signature,

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2020-8316, CVE-2020-8318, CVE-2020-8319, CVE-2020-8324, CVE-2020-8327

Summary Description:

The following vulnerabilities found in Lenovo Vantage or the Lenovo Vantage component called Lenovo System Interface Foundation were reported to Lenovo.

CVE-2020-8316: A vulnerability was reported in Lenovo Vantage that could allow an authenticated user to read files on the system with elevated privileges.

CVE-2020-8318: A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation that could allow an authenticated user to execute code with elevated privileges.

CVE-2020-8319: A privilege escalation vulnerability was reported in Lenovo System Interface Foundation that could allow an authenticated user to execute code with elevated privileges.

CVE-2020-8324: A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation that could allow unsigned DLL files to be executed.

CVE-2020-8327: A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation that could allow an authenticated user to execute code with elevated privileges.

Mitigation Strategy for Customers (what you should do to protect yourself):

To update Vantage and its Lenovo System Interface Foundation component, follow these steps:

  1. Update Lenovo Vantage to version 10.2003.10.0 from the Microsoft Store.

  2. Re-launch Lenovo Vantage to complete the update.

Acknowledgement:

CVE-2020-8318, CVE-2020-8319, CVE-2020-8324: Lenovo thanks Ceri Coburn at Pen Test Partners for reporting these issues.

CVE-2020-8316: Lenovo thanks T Shiomitsu for reporting this issue.

CVE-2020-8327: Lenovo thanks Jonas LykkegΓ₯rd for reporting this issue.

Revision History:

Revision Date Description
1 2020-04-14 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an β€œas is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Related

lenovo 1
pentestpartners 1
nvd 5
cve 5
prion 5
cvelist 5
lenovo
lenovo
Lenovo Vantage Vulnerabilities - Lenovo Support US
2020-04-13 22:56:13
pentestpartners
pentestpartners
PrivEsc in Lenovo Vantage. Two minutes later
2020-03-20 08:59:39
nvd
nvd
CVE-2020-8319
2020-04-14 21:15:15
CVE-2020-8318
2020-04-14 21:15:15
CVE-2020-8316
2020-04-14 21:15:15
cve
cve
CVE-2020-8319
2020-04-14 21:15:15
CVE-2020-8318
2020-04-14 21:15:15
CVE-2020-8316
2020-05-14 00:00:00
prion
prion
Privilege escalation
2020-04-14 21:15:00
Privilege escalation
2020-04-14 21:15:00
Security feature bypass
2020-04-14 21:15:00
cvelist
cvelist
CVE-2020-8319
2020-04-14 00:00:00
CVE-2020-8316
2020-05-14 00:00:00
CVE-2020-8318
2020-04-14 00:00:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for LENOVO:PS500322-LENOVO-VANTAGE-VULNERABILITIES-NOSID
lenovo1pentestpartners1nvd5cve5prion5cvelist5