All the vulnerabilites related to Lenovo - ThinkPad
var-201611-0264
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geforce experience",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": null
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": null
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "-",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5852"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.",
"sources": [
{
"db": "BID",
"id": "93251"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5852",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5852",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5852",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-123",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-5852 ID is for the NVTray Plugin unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. \nLocal attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "BID",
"id": "93251"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5852",
"trust": 2.7
},
{
"db": "BID",
"id": "93251",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"id": "VAR-201611-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T12:05:17.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce GFE GameStream and NVTray Fixes for plugin denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65441"
},
{
"title": "NVIDIA Quadro , NVS and GeForce GFE GameStream and NVTray Fixes for plugin denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65292"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.3,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93251"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5852"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5852"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/ps500070"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"date": "2016-11-08T20:59:05.787000",
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005840"
},
{
"date": "2016-12-15T02:59:51.870000",
"db": "NVD",
"id": "CVE-2016-5852"
},
{
"date": "2016-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Product GFE GameStream and NVTray Plug-in malicious code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-123"
}
],
"trust": 0.6
}
}
var-201705-3474
Vulnerability from variot
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). These functions use multiple ports to listen for administrative commands. Intel According to the document AMT Port as web interface for 16992 and 16993 Is used. Also other ports 16994 When 16995 Or 623 When 664 May be used. Intel Documents https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf port 16994 When 16995 https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required Supporting these remote management functions Intel Management Engine In the remote ( Not authenticated ) There is a vulnerability that allows remote management functions to be accessed by a third party. Intel Is a security advisory for this vulnerability (INTEL-SA-00075) And guide for mitigation (INTEL-SA-00075 Mitigation Guide) Offers. Security advisory (INTEL-SA-00075) https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Mitigation guide (INTEL-SA-00075 Mitigation Guide) https://downloadcenter.intel.com/download/26754 Also, OEM This product may have this remote management function enabled.A remote attacker may gain access to the remote management functions of the system. Intel AMT has a remote authentication bypass vulnerability. Unauthorized users only need to send an empty user_response value to bypass the Intel AMT Web authentication system and use the Keyboard Video Mouse (KVM) feature to remotely control the system for malicious operations. Multiple Intel products are prone to a privilege-escalation vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03754en_us Version: 1
HPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor, Remote Access Restriction Bypass
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-05-26 Last Updated: 2017-05-26
Potential Security Impact: Remote: Access Restriction Bypass
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5 Processor. The vulnerability could be remotely exploited to allow access restriction bypass. Do not attempt to upgrade the ME FW without following the instructions detailed in the Resolution section. Refer to the "Platform Specific Information" section in the Resolution for more specific information on upgrades for specific ProLiant servers.
References:
- CVE-2017-5689
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO Gen9
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV Gen9
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5689
8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following resolution for this issue:
Note: Only the ProLiant Gen9 server detailed in the impacted product information above can be upgraded using the procedure described in this document. Before beginning the upgrade process, the server must have Intel Xeon E3-1200 v5 processors installed. See below for further instructions.
Upgrade to the latest System ROM available for the platform prior to upgrading the ME is required. System ROM will need 1.06 version or later to support this ME firmware.
The system ROM toolkit and firmware image can be found at:
-
BIOS 1.06 (Windows) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_0a1076f4bf0444a090b09eeb62&swEnvOid=4168#tab1
-
BIOS 1.06 (Linux 6) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_14bacf35f0844bb696ef65799b&swEnvOid=4103
-
BIOS 1.06 (Linux 7) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_14bacf35f0844bb696ef65799b&swEnvOid=4176
The ME toolkit and firmware image can be found at:
-
ME 11.6.27.3264 (Windows) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_359491d72fe04c0f9461fd657d&swEnvOid=4168
-
ME 11.6.27.3264 (UEFI) http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176&swIte Id=MTX_67a275408a9b45aba72ad7cbc1&swEnvOid=4168
HISTORY Version:1 (rev.1) - 26 May 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZKGjXAAoJELXhAxt7SZaiu3AH/2a97Qx1mBghXloDAR4pCdWE qiQUvMYft5zk2UmRgQpg5jOjDMSBQFTPtPvV9vBYxhj0Or49wAyTDcw1JeG8I8hI Bs9XDJXOQXvhTjdJakpG/+PIPsoMwJhNoH9H4/rWn0iUJb3wjTDEoHboNfSRZh0j mRlEpDmc12sDSlalJ3LymcXt/Zn/62t1VErmQp3QSdlCjsSxttoUvVzz6u2plKQ0 tJqa8m76wP2fzmIcEpr4DqHkSmAqAyAQEPiVjmdDYYaIN1pi1GKkcIu4WbI7x2xY Tjy4CXRHSy357ePv3zqwMYfl4nbQe+1Fk4zSNf1i18LQ9kLWp6mSPqLMV7kOnko= =DPhQ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-3474",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "9.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "8.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "8.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "7.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "7.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.2"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.1"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.9,
"vendor": "intel",
"version": "6.0"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "7.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "8.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "9.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "10.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 1.4,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "active management technology",
"scope": "eq",
"trust": 1.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "version 6.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "11.5 and 11.6 using hardware"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "6.x"
},
{
"model": "manageability",
"scope": "eq",
"trust": 0.6,
"vendor": "intel",
"version": "11.5"
},
{
"model": "thinkcentre m83",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "0"
},
{
"model": "sinumerik panel control unit",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simotion p320",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic industrial pc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "micros workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6500"
},
{
"model": "micros pc workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "20150"
},
{
"model": "thinkstation s30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p910",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p710",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p700",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p510",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p500",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p410",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p310",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p300",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e32",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e31",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e20",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation d30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation c30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts250",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts240",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts200v",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts150",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver ts140",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3700"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w530",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w520",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t470p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t431s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s1 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "120"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p51",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l570",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l470",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre merton m81",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m93z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m92z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910x",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910t",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m910q",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m90z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m900z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m800",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m710q",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m700 tiny",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre edge92",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre e63z fqkt33a",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.5"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.2"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.1"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "standard manageability",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.5"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "9.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "8.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "7.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.2"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.1"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "6.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.6"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.5"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "11.0"
},
{
"model": "small business technology",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "10.0"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "standard manageability",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "small business technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.5.61.3012"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "9.1.41.3024"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "8.1.71.3608"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "7.1.91.3272"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "6.2.61.3535"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.6.27.3264"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "11.0.25.3001"
},
{
"model": "active management technology",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "10.0.55.3000"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "6.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "7.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "active management",
"version": "11.6"
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:11.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:intel:active_management_technology_firmware:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Laxita Jain",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
},
"cve": "CVE-2017-5689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5689",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05856",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "408ebf9c-6ba3-4489-b364-1b4677311268",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-113892",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5689",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5689",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-05856",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-136",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113892",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-5689",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). These functions use multiple ports to listen for administrative commands. Intel According to the document AMT Port as web interface for 16992 and 16993 Is used. Also other ports 16994 When 16995 Or 623 When 664 May be used. Intel Documents https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf port 16994 When 16995 https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required Supporting these remote management functions Intel Management Engine In the remote ( Not authenticated ) There is a vulnerability that allows remote management functions to be accessed by a third party. Intel Is a security advisory for this vulnerability (INTEL-SA-00075) And guide for mitigation (INTEL-SA-00075 Mitigation Guide) Offers. Security advisory (INTEL-SA-00075) https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075\u0026languageid=en-fr Mitigation guide (INTEL-SA-00075 Mitigation Guide) https://downloadcenter.intel.com/download/26754 Also, OEM This product may have this remote management function enabled.A remote attacker may gain access to the remote management functions of the system. Intel AMT has a remote authentication bypass vulnerability. Unauthorized users only need to send an empty user_response value to bypass the Intel AMT Web authentication system and use the Keyboard Video Mouse (KVM) feature to remotely control the system for malicious operations. Multiple Intel products are prone to a privilege-escalation vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03754en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03754en_us\nVersion: 1\n\nHPESBHF03754 rev.1 - HPE ML10 Gen 9 Server using Intel Xeon E3-1200 v5\nProcessor, Remote Access Restriction Bypass\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-05-26\nLast Updated: 2017-05-26\n\nPotential Security Impact: Remote: Access Restriction Bypass\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE ML10 Gen 9\nServer using Intel Xeon E3-1200 v5 Processor. The vulnerability could be\nremotely exploited to allow access restriction bypass. Do not attempt to upgrade the ME\nFW without following the instructions detailed in the Resolution section. \nRefer to the \"Platform Specific Information\" section in the Resolution for\nmore specific information on upgrades for specific ProLiant servers. \n\nReferences:\n\n - CVE-2017-5689\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO Gen9\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV Gen9\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5689\n 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\n 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following resolution for this issue: \n\n**Note:** Only the ProLiant Gen9 server detailed in the impacted product\ninformation above can be upgraded using the procedure described in this\ndocument. Before beginning the upgrade process, the server must have Intel\nXeon E3-1200 v5 processors installed. See below for further instructions. \n\nUpgrade to the latest System ROM available for the platform prior to\nupgrading the ME is required. System ROM will need 1.06 version or later to\nsupport this ME firmware. \n\nThe system ROM toolkit and firmware image can be found at:\n\n * BIOS 1.06 (Windows)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_0a1076f4bf0444a090b09eeb62\u0026swEnvOid=4168#tab1\u003e \n\n* BIOS 1.06 (Linux 6)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_14bacf35f0844bb696ef65799b\u0026swEnvOid=4103\u003e \n\n * BIOS 1.06 (Linux 7)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_14bacf35f0844bb696ef65799b\u0026swEnvOid=4176\u003e\n\nThe ME toolkit and firmware image can be found at:\n\n * ME 11.6.27.3264 (Windows)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_359491d72fe04c0f9461fd657d\u0026swEnvOid=4168\u003e\n\n* ME 11.6.27.3264 (UEFI)\n\u003chttp://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swIte\nId=MTX_67a275408a9b45aba72ad7cbc1\u0026swEnvOid=4168\u003e\n\nHISTORY\nVersion:1 (rev.1) - 26 May 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZKGjXAAoJELXhAxt7SZaiu3AH/2a97Qx1mBghXloDAR4pCdWE\nqiQUvMYft5zk2UmRgQpg5jOjDMSBQFTPtPvV9vBYxhj0Or49wAyTDcw1JeG8I8hI\nBs9XDJXOQXvhTjdJakpG/+PIPsoMwJhNoH9H4/rWn0iUJb3wjTDEoHboNfSRZh0j\nmRlEpDmc12sDSlalJ3LymcXt/Zn/62t1VErmQp3QSdlCjsSxttoUvVzz6u2plKQ0\ntJqa8m76wP2fzmIcEpr4DqHkSmAqAyAQEPiVjmdDYYaIN1pi1GKkcIu4WbI7x2xY\nTjy4CXRHSy357ePv3zqwMYfl4nbQe+1Fk4zSNf1i18LQ9kLWp6mSPqLMV7kOnko=\n=DPhQ\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "PACKETSTORM",
"id": "142693"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-113892",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43385",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5689",
"trust": 3.8
},
{
"db": "BID",
"id": "98269",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-874235",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038385",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#491375",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05856",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-01A",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92793783",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156782",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-180-01",
"trust": 0.3
},
{
"db": "LENOVO",
"id": "LEN-14963",
"trust": 0.3
},
{
"db": "IVD",
"id": "408EBF9C-6BA3-4489-B364-1B4677311268",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "142693",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-93070",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "43385",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-113892",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5689",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"id": "VAR-201705-3474",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
}
],
"trust": 1.3552910066666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
}
]
},
"last_update_date": "2024-04-19T22:55:05.789000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00075 Mitigation Guide",
"trust": 0.8,
"url": "https://downloadcenter.intel.com/download/26754"
},
{
"title": "INTEL ACTIVE MANAGEMENT TECHNOLOGY (INTEL AMT) Start Here Guide (Intel AMT 9.0)",
"trust": 0.8,
"url": "https://software.intel.com/sites/default/files/article/393789/amt-9-start-here-guide.pdf"
},
{
"title": "INTEL-SA-00075",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026languageid=en-fr"
},
{
"title": "NV17-021",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-021.html"
},
{
"title": "Why Must Intel AMT Be Configured, and What is Required?",
"trust": 0.8,
"url": "https://www.symantec.com/connect/articles/why-must-intel-amt-be-configured-and-what-required"
},
{
"title": "Rediscovering the Intel AMT Vulnerability",
"trust": 0.8,
"url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability"
},
{
"title": "\u30a4\u30f3\u30c6\u30eb\u793e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a8\u30a2\u306e\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
"trust": 0.8,
"url": "http://dynabook.com/assistpc/info/2017/201705icpu.htm"
},
{
"title": "\u30a4\u30f3\u30c6\u30eb\u793e\u306e\u30d5\u30a1\u30fc\u30e0\u30a6\u30a7\u30a2\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\u306e\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/intel/20170510/"
},
{
"title": "Intel AMT Remote Authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/93339"
},
{
"title": "Multiple Intel Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69788"
},
{
"title": "Cisco: Intel Active Management Technology Privilege Escalation Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20170512-intelamt"
},
{
"title": "HP: HPSBHF03557 rev. 1 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03557"
},
{
"title": "Brocade Security Advisories: BSA-2017-320",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2cf6af0133ca060b98e91dd3a5ab51e8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
},
{
"title": "Intel_IME_WebUI_bypass",
"trust": 0.1,
"url": "https://github.com/flyingfishfuse/intel_ime_webui_bypass "
},
{
"title": "Disable-Intel-AMT",
"trust": 0.1,
"url": "https://github.com/bartblaze/disable-intel-amt "
},
{
"title": "cve2017-5689",
"trust": 0.1,
"url": "https://github.com/baonq-me/cve2017-5689 "
},
{
"title": "intel_amt_bypass",
"trust": 0.1,
"url": "https://github.com/bijaye/intel_amt_bypass "
},
{
"title": "amt_auth_bypass",
"trust": 0.1,
"url": "https://github.com/chokyuwon/amt_auth_bypass "
},
{
"title": "amt_auth_bypass_poc",
"trust": 0.1,
"url": "https://github.com/embedi/amt_auth_bypass_poc "
},
{
"title": "INTEL-SA-00075-Linux-Detection-And-Mitigation-Tools",
"trust": 0.1,
"url": "https://github.com/intel/intel-sa-00075-linux-detection-and-mitigation-tools "
},
{
"title": "amthoneypot",
"trust": 0.1,
"url": "https://github.com/packetflare/amthoneypot "
},
{
"title": "HUANANZHI-X99-F8",
"trust": 0.1,
"url": "https://github.com/bios-iengineer/huananzhi-x99-f8 "
},
{
"title": "awesome-shodan-queries",
"trust": 0.1,
"url": "https://github.com/blackunixteam/awesome-shodan-queries "
},
{
"title": "-jakejarvis-awesome-shodan-queries-",
"trust": 0.1,
"url": "https://github.com/soumyajas2324/-jakejarvis-awesome-shodan-queries- "
},
{
"title": "HUANANZHI-X99-TF",
"trust": 0.1,
"url": "https://github.com/bios-iengineer/huananzhi-x99-tf "
},
{
"title": "awesome-shodan-queries",
"trust": 0.1,
"url": "https://github.com/jakejarvis/awesome-shodan-queries "
},
{
"title": "shodan_queries",
"trust": 0.1,
"url": "https://github.com/tristisranae/shodan_queries "
},
{
"title": "AutoSploit",
"trust": 0.1,
"url": "https://github.com/rootup/autosploit "
},
{
"title": "Awesome-Honeypots",
"trust": 0.1,
"url": "https://github.com/aidowedo/awesome-honeypots "
},
{
"title": "-awesome-honeypots-",
"trust": 0.1,
"url": "https://github.com/nieuport/-awesome-honeypots- "
},
{
"title": "awesome-honeypot",
"trust": 0.1,
"url": "https://github.com/alphaseclab/awesome-honeypot "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026languageid=en-fr"
},
{
"trust": 2.0,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/98269"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-874235.pdf"
},
{
"trust": 1.7,
"url": "https://downloadmirror.intel.com/26754/eng/intel-sa-00075%20mitigation%20guide-rev%201.1.pdf"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20170509-0001/"
},
{
"trust": 1.7,
"url": "https://www.embedi.com/files/white-papers/silent-bob-is-silent.pdf"
},
{
"trust": 1.7,
"url": "https://www.embedi.com/news/mythbusters-cve-2017-5689"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1038385"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/491375"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5689"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5689"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-01a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92793783/index.html"
},
{
"trust": 0.8,
"url": "https://www.embedi.com/news/what-you-need-know-about-intel-amt-vulnerability"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ncas/current-activity/2017/05/01/intel-firmware-vulnerability"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156782/manually-exploiting-intel-amt.html"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-180-01"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len-14963"
},
{
"trust": 0.3,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00075\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772176\u0026swite"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03754en_us"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"db": "VULHUB",
"id": "VHN-113892"
},
{
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"db": "BID",
"id": "98269"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"db": "PACKETSTORM",
"id": "142693"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-03T00:00:00",
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"date": "2017-05-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"date": "2017-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-113892"
},
{
"date": "2017-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"date": "2017-05-01T00:00:00",
"db": "BID",
"id": "98269"
},
{
"date": "2017-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"date": "2017-05-27T02:57:43",
"db": "PACKETSTORM",
"id": "142693"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"date": "2017-05-02T14:59:00.520000",
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05856"
},
{
"date": "2020-02-18T00:00:00",
"db": "VULHUB",
"id": "VHN-113892"
},
{
"date": "2020-02-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5689"
},
{
"date": "2017-07-19T15:07:00",
"db": "BID",
"id": "98269"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002923"
},
{
"date": "2020-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-136"
},
{
"date": "2020-02-18T17:12:15.747000",
"db": "NVD",
"id": "CVE-2017-5689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel AMT Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "408ebf9c-6ba3-4489-b364-1b4677311268"
},
{
"db": "CNVD",
"id": "CNVD-2017-05856"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-136"
}
],
"trust": 0.6
}
}
var-201801-0502
Vulnerability from variot
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. A local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. Versions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fingerprint manager pro",
"scope": "lte",
"trust": 1.8,
"vendor": "lenovo",
"version": "8.01.86"
},
{
"model": "fingerprint manager pro",
"scope": "lte",
"trust": 0.6,
"vendor": "lenovo",
"version": "\u003c=8.01.86"
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "8.01.86"
},
{
"model": "thinkstation p900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p700",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p500",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p300",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e32",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "4600"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "140"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2500"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w541",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t540p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p40 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m93p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m9350z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m93",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m83",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m79",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m78",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m73z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m73",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.57"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.42"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.41"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.35"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.26"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.18"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.11"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.7"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.5"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1"
},
{
"model": "fingerprint manager pro",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.0.47"
},
{
"model": "fingerprint manager pro",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "8.1.87"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "BID",
"id": "102837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:fingerprint_manager_pro:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.01.86",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3762"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jackson Thuraisamy from Security Compass",
"sources": [
{
"db": "BID",
"id": "102837"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3762",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-3762",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-04363",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-111965",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3762",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3762",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04363",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-1044",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-111965",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "VULHUB",
"id": "VHN-111965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users\u0027 Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed. Lenovo Fingerprint Manager Pro Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad L560 and other computer products of China Lenovo (Lenovo). FingerprintManagerPro is one of the fingerprint recognition sensor drivers. An attacker could exploit the vulnerability to access the system. Lenovo Fingerprint Manager Pro is prone to multiple local security weaknesses. \nA local attacker can exploit these issues to perform certain unauthorized actions or gain potentially sensitive information. \nVersions prior to Fingerprint Manager Pro 8.01.87 are vulnerable. The following products are affected: Lenovo ThinkPad L560; ThinkPad P40 Yoga, P50s; ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560; ThinkPad W540, W541, W550s; ThinkPad X1 Carbon (Type 20A87, 20A) , X1 Carbon (Type 20BS, 20BT); ThinkPad X240, X240s, X250, X260; ThinkPad Yoga 14 (20FY), Yoga 460; ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z; ThinkStation E32, P300 , P500, P700, P900",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "BID",
"id": "102837"
},
{
"db": "VULHUB",
"id": "VHN-111965"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3762",
"trust": 3.4
},
{
"db": "BID",
"id": "102837",
"trust": 2.6
},
{
"db": "LENOVO",
"id": "LEN-15999",
"trust": 2.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/05/08/3",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/05/08/5",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2019/05/08/4",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-04363",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-111965",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "VULHUB",
"id": "VHN-111965"
},
{
"db": "BID",
"id": "102837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"id": "VAR-201801-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "VULHUB",
"id": "VHN-111965"
}
],
"trust": 1.11111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
}
]
},
"last_update_date": "2023-12-18T12:19:15.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-15999",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len-15999"
},
{
"title": "Patches for hardcoded passwords for several Lenovo products FingerprintManagerPro",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/120257"
},
{
"title": "Multiple Lenovo product Fingerprint Manager Pro Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78140"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/102837"
},
{
"trust": 1.7,
"url": "https://support.lenovo.com/product_security/len-15999"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/05/08/3"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/05/08/4"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2019/05/08/5"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3762"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3762"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/len-15999"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len-15999"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "VULHUB",
"id": "VHN-111965"
},
{
"db": "BID",
"id": "102837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"db": "VULHUB",
"id": "VHN-111965"
},
{
"db": "BID",
"id": "102837"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"date": "2018-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-111965"
},
{
"date": "2018-01-25T00:00:00",
"db": "BID",
"id": "102837"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"date": "2018-01-26T01:29:00.203000",
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"date": "2018-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04363"
},
{
"date": "2019-05-08T00:00:00",
"db": "VULHUB",
"id": "VHN-111965"
},
{
"date": "2018-01-25T00:00:00",
"db": "BID",
"id": "102837"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001588"
},
{
"date": "2019-05-08T15:29:00.327000",
"db": "NVD",
"id": "CVE-2017-3762"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "102837"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo Fingerprint Manager Pro Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-1044"
}
],
"trust": 0.6
}
}
var-201611-0006
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geforce experience",
"scope": "eq",
"trust": 1.6,
"vendor": "nvidia",
"version": null
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:geforce_experience:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.",
"sources": [
{
"db": "BID",
"id": "93251"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4960",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-4960",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4960",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4960",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-124",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privilege. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. \nLocal attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "BID",
"id": "93251"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4960",
"trust": 2.7
},
{
"db": "BID",
"id": "93251",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"id": "VAR-201611-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T12:05:17.424000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65442"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65293"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.3,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93251"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4960"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4960"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/ps500070"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"date": "2016-11-08T20:59:02.567000",
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005837"
},
{
"date": "2016-12-15T02:59:43.277000",
"db": "NVD",
"id": "CVE-2016-4960"
},
{
"date": "2016-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Product NVStreamKMS.sys Elevation of privilege vulnerability in service component",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-124"
}
],
"trust": 0.6
}
}
var-201611-0007
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geforce experience",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": null
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": null
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "-",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4961"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.",
"sources": [
{
"db": "BID",
"id": "93251"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4961",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4961",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4961",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-126",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. \nLocal attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "BID",
"id": "93251"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4961",
"trust": 2.7
},
{
"db": "BID",
"id": "93251",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"id": "VAR-201611-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T12:05:17.399000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65295"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65444"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.3,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/93251"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4961"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/ps500070"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"date": "2016-11-08T20:59:03.583000",
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005838"
},
{
"date": "2016-12-15T02:59:44.637000",
"db": "NVD",
"id": "CVE-2016-4961"
},
{
"date": "2016-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Product Windows GPU Service operation disruption in display drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005838"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-126"
}
],
"trust": 0.6
}
}
var-201708-0549
Vulnerability from variot
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. plural Lenovo ThinkPad The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Active Protection System is prone to a local privilege-escalation vulnerability. Lenovo Thinkpad for Windows is a Windows-based portable computer owned by China Lenovo (Lenovo). Active Protection System is an autonomous feature designed to protect hard drives from damage caused by strong physical shocks and vibrations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0549",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkpad yoga 11e",
"scope": null,
"trust": 4.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e bios",
"scope": null,
"trust": 4.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e",
"scope": null,
"trust": 3.2,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e bios",
"scope": null,
"trust": 3.2,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon",
"scope": null,
"trust": 2.4,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon bios",
"scope": null,
"trust": 2.4,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga bios",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 bios",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e skylake bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10 ella 2 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e braswell bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e beema bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e broadwell bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e amd",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e beema bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 broadwell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e broadwell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20bx",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e braswell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10 ella 2",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga vpro",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 s440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 broadwell",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e broadwell",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga vpro bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 sharkbay bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga non vpro bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e beema",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e beema",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e amd bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga non vpro",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 e560p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e skylake",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 e560p",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20ax bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 sharkbay",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20ax",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 s440",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e broadwell",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e skylake",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e skylake bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e braswell",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e braswell",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20bx bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3-s440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3-s440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5/e560p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5/e560p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "active protection system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "active protection system",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "1.82.0.17"
}
],
"sources": [
{
"db": "BID",
"id": "100305"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_beema_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e465_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e550c_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e545_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_helix_20ch_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p50s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s5_yoga_15_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_tablet_10_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_tablet_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x240_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_braswell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_skylake_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_10_ella_2_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e555_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e565_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e445_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_12_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_non_vpro_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_vpro_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s3_s440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t540p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t550_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x250_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x250_sharkbay_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x260_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_beema_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_13e_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e450c_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e455_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440u_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w550s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x140e_amd_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_20ax_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_20bx_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_14_460_s3_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_260_s1_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_braswell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_skylake_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e550_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_helix_20cg_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p50_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p70_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s3_yoga_14_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s5_e560p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t450s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_tablet_8_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w541_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x240s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_beema:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e465:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e550c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e545:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_helix_20ch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s5_yoga_15:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_tablet_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_braswell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_skylake:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_13e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e450c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e455:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x140e_amd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_20ax:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_20bx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_14_460_s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_260_s1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_10_ella_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e565:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e445:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_non_vpro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_vpro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s3_s440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s3_yoga_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t540p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x250_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x250_sharkbay:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_braswell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_skylake:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e555:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_helix_20cg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s5_e560p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t450s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_tablet_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w541:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x240s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_beema:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3756"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silent Signal",
"sources": [
{
"db": "BID",
"id": "100305"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-3756",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-111959",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-3756",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3756",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-641",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-111959",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111959"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. plural Lenovo ThinkPad The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Active Protection System is prone to a local privilege-escalation vulnerability. Lenovo Thinkpad for Windows is a Windows-based portable computer owned by China Lenovo (Lenovo). Active Protection System is an autonomous feature designed to protect hard drives from damage caused by strong physical shocks and vibrations",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "BID",
"id": "100305"
},
{
"db": "VULHUB",
"id": "VHN-111959"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3756",
"trust": 2.8
},
{
"db": "LENOVO",
"id": "LEN-15765",
"trust": 2.0
},
{
"db": "BID",
"id": "100305",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-111959",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111959"
},
{
"db": "BID",
"id": "100305"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"id": "VAR-201708-0549",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-111959"
}
],
"trust": 0.47569444250000004
},
"last_update_date": "2023-12-18T13:29:14.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-15765",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/en/product_security/len-15765"
},
{
"title": "Lenovo ThinkPad for Windows Active Protection System Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74015"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111959"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/len-15765"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100305"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3756"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3756"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-111959"
},
{
"db": "BID",
"id": "100305"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-111959"
},
{
"db": "BID",
"id": "100305"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-18T00:00:00",
"db": "VULHUB",
"id": "VHN-111959"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100305"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"date": "2017-08-18T19:29:00.230000",
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"date": "2017-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-111959"
},
{
"date": "2017-08-10T00:00:00",
"db": "BID",
"id": "100305"
},
{
"date": "2017-09-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007637"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-3756"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "100305"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Lenovo ThinkPad Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007637"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-641"
}
],
"trust": 0.6
}
}
var-200703-0031
Vulnerability from variot
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. Currently, very little is known about this issue. This BID will be updated as more information becomes available. Versions prior to build 135400 are vulnerable.
SOLUTION: Update to build 135400. http://www-307.ibm.com/pc/support/site.wss/license.do?filename=mobiles/7ira09ww.exe
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: Lenovo: http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x60s"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "t42p"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x32"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x40"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "r50"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x60"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x60_tablet"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "t42"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "x31"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": "t60"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "r50p"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "t41p"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "r50e"
},
{
"model": "pro 1000 lan adapter",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": "135400"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "r51"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "t60p"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": "t41"
},
{
"model": "thinkpad",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "pro 1000 lan adapter",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "build 135400"
},
{
"model": "intel pro/1000 lan adapter software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "intel pro/1000 lan adapter software build",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "135400"
}
],
"sources": [
{
"db": "BID",
"id": "22822"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:r50p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:r51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:r50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:r50e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t60p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t41p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:intel:pro_1000_lan_adapter:135400:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:t42p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x60_tablet:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad:x60s:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1307"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "22822"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
],
"trust": 0.9
},
"cve": "CVE-2007-1307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-1307",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-24669",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-1307",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-204",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-24669",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24669"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors. \nCurrently, very little is known about this issue. This BID will be updated as more information becomes available. \nVersions prior to build 135400 are vulnerable. \n\nSOLUTION:\nUpdate to build 135400. \nhttp://www-307.ibm.com/pc/support/site.wss/license.do?filename=mobiles/7ira09ww.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nLenovo:\nhttp://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "BID",
"id": "22822"
},
{
"db": "VULHUB",
"id": "VHN-24669"
},
{
"db": "PACKETSTORM",
"id": "54778"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1307",
"trust": 2.8
},
{
"db": "BID",
"id": "22822",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "24349",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2007-0801",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "33854",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-24669",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "54778",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24669"
},
{
"db": "BID",
"id": "22822"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "PACKETSTORM",
"id": "54778"
},
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"id": "VAR-200703-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-24669"
}
],
"trust": 0.32222222
},
"last_update_date": "2023-12-18T12:46:50.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.intel.co.jp/"
},
{
"title": "LegacyDocID=MIGR-62922",
"trust": 0.8,
"url": "http://support.lenovo.com/en_us/detail.page?legacydocid=migr-62922"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=migr-62922"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/22822"
},
{
"trust": 1.7,
"url": "http://osvdb.org/33854"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/24349"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/0801"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1307"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0801"
},
{
"trust": 0.1,
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026amp;lndocid=migr-62922"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13599/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www-307.ibm.com/pc/support/site.wss/license.do?filename=mobiles/7ira09ww.exe"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24349/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-24669"
},
{
"db": "BID",
"id": "22822"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "PACKETSTORM",
"id": "54778"
},
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-24669"
},
{
"db": "BID",
"id": "22822"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"db": "PACKETSTORM",
"id": "54778"
},
{
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-24669"
},
{
"date": "2007-03-05T00:00:00",
"db": "BID",
"id": "22822"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"date": "2007-03-05T23:12:53",
"db": "PACKETSTORM",
"id": "54778"
},
{
"date": "2007-03-07T00:19:00",
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"date": "2007-03-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-24669"
},
{
"date": "2015-05-12T19:33:00",
"db": "BID",
"id": "22822"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003470"
},
{
"date": "2011-03-08T02:51:43.033000",
"db": "NVD",
"id": "CVE-2007-1307"
},
{
"date": "2007-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM Lenovo ThinkPad Used on the system Lenovo Intel PRO/1000 LAN Vulnerability in adapter",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-003470"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-204"
}
],
"trust": 0.6
}
}
var-201707-0437
Vulnerability from variot
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. Intel The processor contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Lenovo Products are prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Intel NUC7i3BNK (KBL) and so on are mini desktops of Intel Corporation of the United States. Several Intel products have security vulnerabilities. Attackers can exploit this vulnerability to control the system firmware and affect the security of SGX. The following products are affected: Intel NUC7i3BNK (KBL); NUC7i5BNK; NUC7i7BNH; STK2MV64CC (SKL); STK2M3W64CC (SKL); NUC6i7KYK (SKL); NUC6i3SYK (SKL); R1208SPOSHORR; Intel Server System LR1304SPCFG1R; Intel Server System R1208SPOSHOR; Intel Server Board S1200SPSR; Intel Server Board S1200SPOR; S1200SPLR; Intel Server System R1304SPOSHBNR. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p03767en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesb3p03767en_us Version: 1
HPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors, Unauthorized Write to Filesystem
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-08-03 Last Updated: 2017-08-03
Potential Security Impact: Local: Unauthorized Write Access to the File System; Remote: Unauthorized Write Access to the File System
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security problem has been identified in HPE Proliant ML10 Gen9 server using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors. The vulnerability could allow a remote unauthorized attacker to write to file systems.
References:
- CVE-2017-5691 - Intel SGX Update and Attestation Key Recovery
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo SP
- HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy SP
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr SP
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO SP
- HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV SP
- HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr SP
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-5691
8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided the following update:
-
Update to ML10 Gen 9 BIOS 1.07, which contains the 0xBA microcode update, will patch the SGX security issue. Available for download at this link:
-
https://www.hpe.com/global/swpublishing/MTX-df1494b3e9df455caf95a63c42
Note: Please contact HPE Technical Support if any assistance is needed with this information.
HISTORY Version:1 (rev.1) - 4 August 2017 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZg4xWAAoJELXhAxt7SZaijWIH/1bWATsLRK3sL2+urTNKGBnG gvVj0Oej02UmL1NY2sOeRJGV5ZO7NOvHlw7/+xgVEWaAOnlMgU22FEFOz7pMaSst MSgLWpraxYkh6uyncQjlaXQKgm+icOT6R/zDOYgw3Wm+GdyTO1eFXVpKGgCiTb24 /Bs12WZdvTDXefjHHbgR1T29EIzLtswFWNezsBQSLoy+CJ64tdtUAoyMi5hZjG7k 09dFJQ2PDIU8zRaa1+eiHzX1Qg5avT+L37aFdWQrd6+yXzsmh3xWqHUdnwUrqwZe DcC6XLY9TBbv1znuzSHhSY2cSwWZdIMb776C/90GDfXD78YDv05LFmxFBonTVKQ= =igsr -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0437",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuc6i5syk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "r1304sposhorr bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc7i3bnk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i7kyk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc7i5bnk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "stk2m3w64cc bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc7i7bnh bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "stk2mv64cc bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "r1304sposhor bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "nuc6i3syk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "intel",
"version": null
},
{
"model": "s1200spl bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "s1200spo bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "s1200splr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "lr1304spcfg1r bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "r1208sposhorr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "r1304sposhbn bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "r1304sposhbnr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "r1208sposhor bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "s1200spsr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "s1200sps bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "s1200spor bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "lr1304spcfg1 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2m3w64cc",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "compute stick stk2mv64cc",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i3syk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i5syk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc6i7kyk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i3bnk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i5bnk",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "nuc kit nuc7i7bnh",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200spl",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200splr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200spo",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200spor",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200sps",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server board s1200spsr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system lr1304spcfg1",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system lr1304spcfg1r",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1208sposhor",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1208sposhorr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1304sposhbn",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1304sposhbnr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1304sposhor",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "server system r1304sposhorr",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop all in one",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "-0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "xeon\u00ae e3-1500m",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v50"
},
{
"model": "xeon\u00ae e3-1200",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v60"
},
{
"model": "xeon\u00ae e3-1200",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v50"
},
{
"model": "xeon\u00ae e3- 1500m",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "v60"
}
],
"sources": [
{
"db": "BID",
"id": "100493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc7i3bnk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc7i3bnk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc7i5bnk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc7i5bnk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc7i7bnh_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc7i7bnh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:stk2mv64cc_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:stk2mv64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:stk2m3w64cc_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:stk2m3w64cc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i7kyk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i7kyk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i3syk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i3syk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:nuc6i5syk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:nuc6i5syk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1304sposhor_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1304sposhor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1304sposhorr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1304sposhorr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1208sposhorr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1208sposhorr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:lr1304spcfg1r_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:lr1304spcfg1r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1208sposhor_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1208sposhor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200spsr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200spsr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200spor_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200spor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:lr1304spcfg1_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:lr1304spcfg1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200spl_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200spl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200spo_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200spo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200sps_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200sps:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1304sposhbn_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1304sposhbn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:s1200splr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:s1200splr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:r1304sposhbnr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:r1304sposhbnr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5691"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "100493"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5691",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-5691",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-113894",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5691",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-1323",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-113894",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. Intel The processor contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Lenovo Products are prone to a local privilege escalation vulnerability. \nA local attacker can leverage this issue to gain elevated privileges. Intel NUC7i3BNK (KBL) and so on are mini desktops of Intel Corporation of the United States. Several Intel products have security vulnerabilities. Attackers can exploit this vulnerability to control the system firmware and affect the security of SGX. The following products are affected: Intel NUC7i3BNK (KBL); NUC7i5BNK; NUC7i7BNH; STK2MV64CC (SKL); STK2M3W64CC (SKL); NUC6i7KYK (SKL); NUC6i3SYK (SKL); R1208SPOSHORR; Intel Server System LR1304SPCFG1R; Intel Server System R1208SPOSHOR; Intel Server Board S1200SPSR; Intel Server Board S1200SPOR; S1200SPLR; Intel Server System R1304SPOSHBNR. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesb3p03767en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesb3p03767en_us\nVersion: 1\n\nHPESB3P03767 rev.1 - HPE Proliant ML10 Gen9 servers using Intel Xeon E3-1200M\nv5 and 6th Generation Intel Core Processors, Unauthorized Write to\nFilesystem\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-08-03\nLast Updated: 2017-08-03\n\nPotential Security Impact: Local: Unauthorized Write Access to the File\nSystem; Remote: Unauthorized Write Access to the File System\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security problem has been identified in HPE Proliant ML10 Gen9\nserver using Intel Xeon E3-1200M v5 and 6th Generation Intel Core Processors. \nThe vulnerability could allow a remote unauthorized attacker to write to file\nsystems. \n\nReferences:\n\n - CVE-2017-5691 - Intel SGX Update and Attestation Key Recovery\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo SP\n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy SP\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr SP\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO SP\n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV SP\n - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr\nSP\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-5691\n 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\n 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided the following update: \n\n * Update to ML10 Gen 9 BIOS 1.07, which contains the 0xBA microcode update,\nwill patch the SGX security issue. Available for download at this link:\n\n - \u003chttps://www.hpe.com/global/swpublishing/MTX-df1494b3e9df455caf95a63c42\u003e\n \n \n**Note:** Please contact HPE Technical Support if any assistance is needed\nwith this information. \n\nHISTORY\nVersion:1 (rev.1) - 4 August 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZg4xWAAoJELXhAxt7SZaijWIH/1bWATsLRK3sL2+urTNKGBnG\ngvVj0Oej02UmL1NY2sOeRJGV5ZO7NOvHlw7/+xgVEWaAOnlMgU22FEFOz7pMaSst\nMSgLWpraxYkh6uyncQjlaXQKgm+icOT6R/zDOYgw3Wm+GdyTO1eFXVpKGgCiTb24\n/Bs12WZdvTDXefjHHbgR1T29EIzLtswFWNezsBQSLoy+CJ64tdtUAoyMi5hZjG7k\n09dFJQ2PDIU8zRaa1+eiHzX1Qg5avT+L37aFdWQrd6+yXzsmh3xWqHUdnwUrqwZe\nDcC6XLY9TBbv1znuzSHhSY2cSwWZdIMb776C/90GDfXD78YDv05LFmxFBonTVKQ=\n=igsr\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "BID",
"id": "100493"
},
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "PACKETSTORM",
"id": "143663"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5691",
"trust": 2.9
},
{
"db": "LENOVO",
"id": "LEN-15184",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323",
"trust": 0.7
},
{
"db": "BID",
"id": "100493",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "143663",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113894",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "BID",
"id": "100493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "PACKETSTORM",
"id": "143663"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"id": "VAR-201707-0437",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-113894"
}
],
"trust": 0.5764981742857143
},
"last_update_date": "2023-12-18T13:19:27.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HPESB3P03767",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesb3p03767en_us"
},
{
"title": "INTEL-SA-00076",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00076\u0026languageid=en-fr"
},
{
"title": "Multiple Intel Product Privilege License and Access Control Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74817"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/product_security/len-15184"
},
{
"trust": 1.9,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00076\u0026languageid=en-fr"
},
{
"trust": 1.6,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesb3p03767en_us"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5691"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5691"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.1,
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesb3p03767en_us"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00076\u0026amp;languageid=en-fr"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/global/swpublishing/mtx-df1494b3e9df455caf95a63c42\u003e"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesb3p03767en_us"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "BID",
"id": "100493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "PACKETSTORM",
"id": "143663"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-113894"
},
{
"db": "BID",
"id": "100493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"db": "PACKETSTORM",
"id": "143663"
},
{
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-113894"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "100493"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"date": "2017-08-05T02:44:09",
"db": "PACKETSTORM",
"id": "143663"
},
{
"date": "2017-07-26T15:29:00.283000",
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"date": "2017-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113894"
},
{
"date": "2017-07-27T00:00:00",
"db": "BID",
"id": "100493"
},
{
"date": "2017-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006951"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-5691"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "143663"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Vulnerabilities related to authorization, authority, and access control in processors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006951"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-1323"
}
],
"trust": 0.6
}
}
var-201903-1019
Vulnerability from variot
SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. Synaptics TouchPad The driver contains an information disclosure vulnerability.Information may be obtained. Synaptics TouchPad is prone to a local information-disclosure vulnerability. Attackers can exploit this issue to read portions of kernel memory, resulting in a privilege escalation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "synaptics touchpad driver",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "2018-06-06"
},
{
"model": "touchpad driver",
"scope": "eq",
"trust": 0.8,
"vendor": "synaptics",
"version": "2018/06/06"
},
{
"model": "touchpad drivers",
"scope": "eq",
"trust": 0.3,
"vendor": "synaptics",
"version": "0"
},
{
"model": "pointing device driver",
"scope": "eq",
"trust": 0.3,
"vendor": "synaptics",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "106799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:synaptics_touchpad_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018-06-06",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15532"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Senior Security Consultant for IOActive,Enrique Nissim",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
],
"trust": 0.6
},
"cve": "CVE-2018-15532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15532",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.8,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-15532",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15532",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-898",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses. Synaptics TouchPad The driver contains an information disclosure vulnerability.Information may be obtained. Synaptics TouchPad is prone to a local information-disclosure vulnerability. \nAttackers can exploit this issue to read portions of kernel memory, resulting in a privilege escalation",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "BID",
"id": "106799"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "LENOVO",
"id": "LEN-23156",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-15532",
"trust": 2.7
},
{
"db": "BID",
"id": "106799",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "43909",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "106799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"id": "VAR-201903-1019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.22222222
},
"last_update_date": "2023-12-18T12:28:26.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "TouchPad Family",
"trust": 0.8,
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"title": "Synaptics TouchPad Driver - SynTP.sys can leak freed pointers to kernel memory",
"trust": 0.8,
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.lenovo.com/us/en/product_security/len-23156"
},
{
"trust": 1.9,
"url": "https://www.synaptics.com/sites/default/files/touchpad-driver-security-brief-20190124.pdf"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/106799"
},
{
"trust": 1.6,
"url": "https://www.synaptics.com/products/touchpad-family"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15532"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15532"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/len-23156"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43909"
},
{
"trust": 0.3,
"url": "https://www.synaptics.com/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/in/en/product_security/len-23156"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/ie/en/product_security/len-23156"
}
],
"sources": [
{
"db": "BID",
"id": "106799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "106799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106799"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"date": "2019-03-21T16:00:21.310000",
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"date": "2019-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-24T00:00:00",
"db": "BID",
"id": "106799"
},
{
"date": "2019-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015098"
},
{
"date": "2019-03-27T17:55:35.483000",
"db": "NVD",
"id": "CVE-2018-15532"
},
{
"date": "2019-08-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106799"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Synaptics TouchPad Information disclosure vulnerability in driver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015098"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-898"
}
],
"trust": 0.6
}
}
var-201608-0492
Vulnerability from variot
BIOS (BasicInput/OutputSystem) is the basic output input system, which is the most basic software code loaded on the computer hardware system. There is a security vulnerability in LenovoThinkPadBIOS. In the system management mode, an attacker with local administrative access can use the vulnerability to execute arbitrary code, disable flash write protection, infect platform firmware, disable secure boot, bypass virtual security mode, and so on. Lenovo ThinkPad is prone to a local privilege escalation vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": null,
"trust": 0.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "80"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "100"
},
{
"model": "thinkstation d30 (type",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "4353-4354)0"
},
{
"model": "thinkstation d30 (type",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "4223-4228-4229)0"
},
{
"model": "thinkstation c30 (type",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1136-1137)0"
},
{
"model": "thinkstation c30 (type",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1095-1096-1097)0"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "150"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2500"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad x230s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad x230i tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad x230i",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2300"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2300"
},
{
"model": "thinkpad x140e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad x131e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w541",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w530",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad ultrazoom",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "1"
},
{
"model": "thinkpad ultranav wizard",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3"
},
{
"model": "thinkpad twist/edge s230",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t540p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t530i",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t530",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t431s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430si",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430i",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t420",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t400",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s531",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s3-s440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s3 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "140"
},
{
"model": "thinkpad l540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad helix",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "(3xxx)0"
},
{
"model": "thinkpad helix",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad edge s430",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad edge e555",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad edge e455",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "100"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x61"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x220"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x201"
},
{
"model": "thinkpad t61",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t60",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t530",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t430",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t43",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t410",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
},
{
"model": "system m5",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x36500"
},
{
"model": "system m5",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x35500"
},
{
"model": "system m5",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x35000"
},
{
"model": "ideapad z50-75",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3140"
},
{
"model": "ideapad s41-75",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad s41-35",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad m41-70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad k41-70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad g70-35",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad g51-35",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad g50-70m",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad g41-35",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad g40-75m",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad flex",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3-15700"
},
{
"model": "ideapad flex",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "3-14700"
},
{
"model": "ideapad flex 3-1435",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad 305-15ihw",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x880x60"
},
{
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x8800"
},
{
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x480x60"
},
{
"model": "flex system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x280x60"
},
{
"model": "flex system m5",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"db": "BID",
"id": "91538"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmytro Oleksiuk",
"sources": [
{
"db": "BID",
"id": "91538"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2016-05721",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-05721",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOS (BasicInput/OutputSystem) is the basic output input system, which is the most basic software code loaded on the computer hardware system. There is a security vulnerability in LenovoThinkPadBIOS. In the system management mode, an attacker with local administrative access can use the vulnerability to execute arbitrary code, disable flash write protection, infect platform firmware, disable secure boot, bypass virtual security mode, and so on. Lenovo ThinkPad is prone to a local privilege escalation vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"db": "BID",
"id": "91538"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "LENOVO",
"id": "LEN-8324",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05721",
"trust": 0.6
},
{
"db": "BID",
"id": "91538",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"db": "BID",
"id": "91538"
}
]
},
"id": "VAR-201608-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
}
],
"trust": 1.1456349242857142
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
}
]
},
"last_update_date": "2022-05-17T02:02:27.013000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/solutions/len-8324"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://github.com/cr4sh/thinkpwn"
},
{
"trust": 0.3,
"url": "http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/solutions/len-8324 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"db": "BID",
"id": "91538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"db": "BID",
"id": "91538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05721"
},
{
"date": "2016-07-14T20:00:00",
"db": "BID",
"id": "91538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91538"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo ThinkPad BIOS System Management Mode Arbitrary Code Execution Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05721"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "91538"
}
],
"trust": 0.3
}
}
var-201807-1678
Vulnerability from variot
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Intel Bootgaurd is prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkpad x1 yoga",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n25et38w"
},
{
"model": "thinkpad l380",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0ret28w"
},
{
"model": "thinkpad t480",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n24et41w"
},
{
"model": "thinkpad x280",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n20et33w"
},
{
"model": "v310-15ikb",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "thinkpad l580",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0qet47w"
},
{
"model": "thinkpad yoga 370",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0het48w"
},
{
"model": "thinkpad t25",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1qet77w"
},
{
"model": "thinkpad t470",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1qet77w"
},
{
"model": "thinkpad yoga 11e",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0vet23w"
},
{
"model": "thinkpad p72",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n2cet28w"
},
{
"model": "thinkpad t570",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1vet45w"
},
{
"model": "thinkpad x380 yoga",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0set29w"
},
{
"model": "thinkpad x1 tablet",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1oet45w"
},
{
"model": "e42-80 isk",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "0zcn48ww"
},
{
"model": "thinkpad s1",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0het48w"
},
{
"model": "v310-14ikb",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "thinkpad l480",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0qet47w"
},
{
"model": "thinkpad x270",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0iet53w"
},
{
"model": "thinkpad t470p",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0fet44w"
},
{
"model": "thinkpad p71",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1tet50w"
},
{
"model": "e42-80",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "thinkpad t480s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n22et48w"
},
{
"model": "v310-15isk",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "0zcn48ww"
},
{
"model": "miix 720-12ikb",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "3scn68ww"
},
{
"model": "thinkpad x1 tablet",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1zet69w"
},
{
"model": "thinkpad e480",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0pet47w"
},
{
"model": "thinkpad t470s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1wet49w"
},
{
"model": "thinkpad p52s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n27et27w"
},
{
"model": "v310-14isk",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "0zcn48ww"
},
{
"model": "thinkpad p52",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n2cet28w"
},
{
"model": "v510-14ikb",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "thinkpad x1 carbon",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1met49w"
},
{
"model": "thinkpad e580",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "r0pet47w"
},
{
"model": "thinkpad t580",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n27et27w"
},
{
"model": "e52-80 isk",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "0zcn48ww"
},
{
"model": "thinkpad p51s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1vet45w"
},
{
"model": "thinkpad x1 carbon",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n23et52w"
},
{
"model": "v510-15ikb",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "e52-80",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "2wcn40ww"
},
{
"model": "thinkpad x1 yoga",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1net42w"
},
{
"model": "thinkpad p51",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "n1uet71w"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "8th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "7th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "6th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "5th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
},
{
"model": "4th generation core processors",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "105387"
},
{
"db": "NVD",
"id": "CVE-2018-9062"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:e42-80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:e42-80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:e42-80_isk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0zcn48ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:e42-80_isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:e52-80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:e52-80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:e52-80_isk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0zcn48ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:e52-80_isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:miix_720-12ikb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3scn68ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v310-14ikb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v310-14ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v310-14isk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0zcn48ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v310-14isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v310-15ikb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v310-15ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v310-15isk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0zcn48ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v310-15isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v510-14ikb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v510-14ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:v510-15ikb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2wcn40ww",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:v510-15ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l380_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0ret28w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e480_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0pet47w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0pet47w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l480_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0qet47w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0qet47w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p51_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1uet71w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p51:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1vet45w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p52_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n2cet28w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p52:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n27et27w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p71_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1tet50w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p71:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p72_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n2cet28w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p72:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t25_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1qet77w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t25:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1qet77w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t470p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0fet44w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1wet49w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t480_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n24et41w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t480:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t480s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n22et48w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t480s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1vet45w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n27et27w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0set29w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0vet23w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0het48w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0het48w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1met49w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20hq:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20hr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n23et52w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20k4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20k3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1met49w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20kh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20kg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1oet45w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20jb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20jc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1zet69w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20kk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20kj:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n1net42w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20jd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20je:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20jf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20jg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n25et38w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20ld:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20le:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20lf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20lg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r0iet53w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20hm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20hn:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20k5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20k6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "n20et33w",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:20ke:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:20kf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9062"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trammell Hudson",
"sources": [
{
"db": "BID",
"id": "105387"
}
],
"trust": 0.3
},
"cve": "CVE-2018-9062",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-9062",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1172",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Intel Bootgaurd is prone to a local security-bypass vulnerability. \nSuccessful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"db": "BID",
"id": "105387"
}
],
"trust": 1.17
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "LENOVO",
"id": "LEN-20527",
"trust": 1.9
},
{
"db": "NVD",
"id": "CVE-2018-9062",
"trust": 1.9
},
{
"db": "BID",
"id": "105387",
"trust": 1.9
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1172",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "105387"
},
{
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"id": "VAR-201807-1678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6250000033333333
},
"last_update_date": "2023-12-18T13:43:34.318000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple Lenovo Thinkpad Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85206"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-9062"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://support.lenovo.com/us/en/solutions/len-20527"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105387"
},
{
"trust": 0.3,
"url": "http://www.intel.com/"
},
{
"trust": 0.3,
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html"
}
],
"sources": [
{
"db": "BID",
"id": "105387"
},
{
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105387"
},
{
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-20T00:00:00",
"db": "BID",
"id": "105387"
},
{
"date": "2018-07-19T19:29:00.607000",
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"date": "2018-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-20T00:00:00",
"db": "BID",
"id": "105387"
},
{
"date": "2019-10-15T18:03:59.653000",
"db": "NVD",
"id": "CVE-2018-9062"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105387"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Lenovo Thinkpad Product security vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1172"
}
],
"trust": 0.6
}
}
var-201611-0005
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash. Supplementary information : CWE Vulnerability types by CWE-476: NULL Pointer Dereference (NULL Pointer dereferencing ) Has been identified. Multiple NVIDIA products are prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "367"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "340"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "361"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "352.0"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "gpu display driver",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "354.74"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "368.22"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "362.00"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "341.95"
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "368.39",
"versionStartIncluding": "367",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "362.77",
"versionStartIncluding": "361",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "354.99",
"versionStartIncluding": "352.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "341.96",
"versionStartIncluding": "340",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tripwire VERT",
"sources": [
{
"db": "BID",
"id": "93256"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4959",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-4959",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4959",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-121",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a blue screen crash. Supplementary information : CWE Vulnerability types by CWE-476: NULL Pointer Dereference (NULL Pointer dereferencing ) Has been identified. Multiple NVIDIA products are prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "BID",
"id": "93256"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4959",
"trust": 2.7
},
{
"db": "BID",
"id": "93256",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "93256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"id": "VAR-201611-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T13:14:27.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65290"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65439"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.6,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93256"
},
{
"trust": 1.6,
"url": "http://www.tripwire.com/state-of-security/vulnerability-management/warning-this-post-contains-graphic-nvidia-content/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4959"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4959"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
}
],
"sources": [
{
"db": "BID",
"id": "93256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "93256"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-30T00:00:00",
"db": "BID",
"id": "93256"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"date": "2016-11-08T20:59:01.397000",
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93256"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005836"
},
{
"date": "2019-05-30T14:23:15.607000",
"db": "NVD",
"id": "CVE-2016-4959"
},
{
"date": "2019-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Denial of service in products (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-121"
}
],
"trust": 0.6
}
}
var-201611-0008
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "367"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "340"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "361"
},
{
"model": "gpu driver",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "352.0"
},
{
"model": "gpu driver",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "gpu display driver",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "354.74"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "368.22"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "362.00"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "gpu driver",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": "341.95"
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "368.39",
"versionStartIncluding": "367",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "362.77",
"versionStartIncluding": "361",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "354.99",
"versionStartIncluding": "352.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nvidia:gpu_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "341.96",
"versionStartIncluding": "340",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5025"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.",
"sources": [
{
"db": "BID",
"id": "93251"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5025",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5025",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.6,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5025",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5025",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-125",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. \nLocal attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "BID",
"id": "93251"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5025",
"trust": 2.7
},
{
"db": "BID",
"id": "93251",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"id": "VAR-201611-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T12:05:17.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65443"
},
{
"title": "NVIDIA Quadro , NVS and GeForce Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65294"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.6,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93251"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5025"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5025"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"date": "2016-11-08T20:59:04.630000",
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005839"
},
{
"date": "2019-05-30T14:30:14.440000",
"db": "NVD",
"id": "CVE-2016-5025"
},
{
"date": "2019-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Product Windows GPU Service operation disruption in display drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005839"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-125"
}
],
"trust": 0.6
}
}
var-201611-0148
Vulnerability from variot
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. ) There is a vulnerability that will be modified. ) Is subject to change. LenovoYoga11e and so on are all computer products of China Lenovo. A local security bypass vulnerability exists in several Lenovo ThinkPad products. A local attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. Lenovo Yoga 11e and others are all computer products of Lenovo, a Chinese company. The following products are affected: Lenovo Yoga 11e (Skylake), Lenovo Yoga 11e (Beema), Lenovo ThinkPad Yoga 260 S1, Lenovo ThinkPad Yoga 14 460 S3, Lenovo ThinkPad Yoga 11e (Broadwell)Lenovo ThinkPad Yoga 11e (Beema), Lenovo ThinkPad Yoga 11e, Lenovo ThinkPad X260, Lenovo ThinkPad X250 (Sharkbay), Lenovo ThinkPad X250 (Broadwell), Lenovo ThinkPad X240s, Lenovo ThinkPad X240, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkpad yoga 11e",
"scope": null,
"trust": 5.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e bios",
"scope": null,
"trust": 4.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e",
"scope": null,
"trust": 3.2,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e bios",
"scope": null,
"trust": 3.2,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon",
"scope": null,
"trust": 2.4,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon bios",
"scope": null,
"trust": 2.4,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga bios",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 bios",
"scope": null,
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 broadwell bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x250 sharkbay bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e amd bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s",
"scope": null,
"trust": 1.4,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 11e",
"scope": null,
"trust": 1.2,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 1.2,
"vendor": "lenovo",
"version": "x250"
},
{
"model": "thinkpad s5 e560p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e skylake bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20ax bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e beema bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e broadwell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e braswell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e beema bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e braswell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 s440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10 ella 2 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga vpro bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e skylake bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga non vpro bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 carbon 20bx bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 11e broadwell bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 10",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 10 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad 13e bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e450c bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e455 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e465 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e550c bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e555 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad e565 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e445 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad edge e545 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20cg bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad helix 20ch bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad l560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p50s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad p70 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s1 yoga 12 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3 yoga 14 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3-s440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s3-s440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5 yoga 15 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5/e560p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s5/e560p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad s540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t440u bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t450s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t460s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t540p bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t550 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad t560 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 10 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad tablet 8 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w540 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w541 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad w550s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 tablet bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x1 yoga bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x140e bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x240s bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad x260 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 14 460 s3 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga 260 s1 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkpad yoga s1",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "260"
},
{
"model": "thinkpad yoga s3",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "14460"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x260"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x240"
},
{
"model": "yoga 11e",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "x2500"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "80"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "100"
},
{
"model": "thinkpad 11e",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad yoga s1",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2600"
},
{
"model": "thinkpad yoga s3",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "144600"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad x140e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w541",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t540p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440u",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s5 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "150"
},
{
"model": "thinkpad s5",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s3-s440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s3 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "140"
},
{
"model": "thinkpad s1 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "120"
},
{
"model": "thinkpad s1 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad helix",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e555",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e550c",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e545",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e455",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e450c",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e445",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 13e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 11e beema",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "BID",
"id": "94409"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_10_ella_2_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_beema_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_beema_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e465_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e565_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p50s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p70_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_non_vpro_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_vpro_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s1_yoga_12_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t540p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x240_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x240s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x250_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x250_sharkbay_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_skylake_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_skylake_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_13e_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_helix_20cg_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_helix_20ch_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440u_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w541_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_w550s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_20ax_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_20bx_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_braswell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e550_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e455_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e540_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e545_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s3_yoga_14_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s5_yoga_15_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t550_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_tablet_10_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_tablet_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_11e_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_260_s1_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_broadwell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_11e_braswell_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e450c_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e550c_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_e555_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_edge_e445_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_l460_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_p50_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s3_s440_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_s5_e560p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t440p_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t450s_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_t560_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_tablet_8_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x140e_amd_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_x260_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkpad_yoga_14_460_s3_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_skylake:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_13e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e450c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_helix_20cg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_helix_20ch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w541:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_20ax:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_20bx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_10_ella_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_beema:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_beema:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e465:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e565:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_non_vpro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_vpro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s1_yoga_12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t540p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x240s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x250_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x250_sharkbay:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_braswell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e_skylake:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e455:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e545:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s3_yoga_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s5_yoga_15:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_tablet_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_w540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_tablet:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_260_s1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_broadwell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_braswell:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e550c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_e555:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_edge_e445:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_l460:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s3_s440:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_s5_e560p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t440p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t450s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_tablet_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x1_yoga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x140e_amd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_yoga_14_460_s3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94409"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8222",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11489",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.4,
"id": "VHN-97042",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8222",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8222",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-11489",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97042",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "VULHUB",
"id": "VHN-97042"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. ) There is a vulnerability that will be modified. ) Is subject to change. LenovoYoga11e and so on are all computer products of China Lenovo. A local security bypass vulnerability exists in several Lenovo ThinkPad products. A local attacker could exploit the vulnerability to bypass security restrictions and perform unauthorized operations. Lenovo Yoga 11e and others are all computer products of Lenovo, a Chinese company. The following products are affected: Lenovo Yoga 11e (Skylake), Lenovo Yoga 11e (Beema), Lenovo ThinkPad Yoga 260 S1, Lenovo ThinkPad Yoga 14 460 S3, Lenovo ThinkPad Yoga 11e (Broadwell)Lenovo ThinkPad Yoga 11e (Beema), Lenovo ThinkPad Yoga 11e, Lenovo ThinkPad X260, Lenovo ThinkPad X250 (Sharkbay), Lenovo ThinkPad X250 (Broadwell), Lenovo ThinkPad X240s, Lenovo ThinkPad X240, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "BID",
"id": "94409"
},
{
"db": "VULHUB",
"id": "VHN-97042"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8222",
"trust": 3.4
},
{
"db": "BID",
"id": "94409",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11489",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97042",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "VULHUB",
"id": "VHN-97042"
},
{
"db": "BID",
"id": "94409"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"id": "VAR-201611-0148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "VULHUB",
"id": "VHN-97042"
}
],
"trust": 1.1922222219999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
}
]
},
"last_update_date": "2023-12-18T13:48:42.401000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-8327",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/len_8327"
},
{
"title": "A variety of LenovoThinkPad product security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84254"
},
{
"title": "Multiple Lenovo ThinkPad Product safety bypass vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65811"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97042"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94409"
},
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/solutions/len_8327"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8222"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8222"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "VULHUB",
"id": "VHN-97042"
},
{
"db": "BID",
"id": "94409"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"db": "VULHUB",
"id": "VHN-97042"
},
{
"db": "BID",
"id": "94409"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"date": "2016-11-30T00:00:00",
"db": "VULHUB",
"id": "VHN-97042"
},
{
"date": "2016-11-18T00:00:00",
"db": "BID",
"id": "94409"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"date": "2016-11-30T15:59:00.173000",
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"date": "2016-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11489"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-97042"
},
{
"date": "2016-11-24T01:12:00",
"db": "BID",
"id": "94409"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006115"
},
{
"date": "2016-12-06T19:43:06.083000",
"db": "NVD",
"id": "CVE-2016-8222"
},
{
"date": "2016-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94409"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ThinkPad system\u0027s BIOS Service disruption in signed kernel drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006115"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-473"
}
],
"trust": 0.6
}
}
var-201609-0686
Vulnerability from variot
An information disclosure vulnerability exists in several Lenovo product SSD firmware. An attacker can exploit the vulnerability to gain sensitive information, which could lead to further attacks. Multiple Lenovo products are prone to a local information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "thinkstation s30",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p310",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation p900",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation e32",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation d30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation c30",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "140"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "120"
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2500"
},
{
"model": "thinkpad x240s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2400"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x1310"
},
{
"model": "thinkpad w550s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad w540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t540p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s5 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "150"
},
{
"model": "thinkpad s440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad s1 yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e555",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e550",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e540",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e455",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e450",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e440",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad m93z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad m83z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad m79",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad m73z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad m73p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e93z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e79",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m93",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m83",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m73",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre m53",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkcentre e73z",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkstation s30",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation p700",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation p500",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation p300",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation e32",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation d30",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkstation c30",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "01"
},
{
"model": "thinkpad",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "x13101"
},
{
"model": "thinkpad carbon",
"scope": "ne",
"trust": 0.3,
"vendor": "lenovo",
"version": "x12.74"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"db": "BID",
"id": "92178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92178"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-07048",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-07048",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An information disclosure vulnerability exists in several Lenovo product SSD firmware. An attacker can exploit the vulnerability to gain sensitive information, which could lead to further attacks. Multiple Lenovo products are prone to a local information-disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"db": "BID",
"id": "92178"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "92178",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07048",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"db": "BID",
"id": "92178"
}
]
},
"id": "VAR-201609-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
}
],
"trust": 1.01759259
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
}
]
},
"last_update_date": "2022-05-17T01:52:38.252000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patches for several Lenovo product SSD firmware information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81013"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/92178"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/len_5595"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len_5595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"db": "BID",
"id": "92178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"db": "BID",
"id": "92178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"date": "2016-07-28T00:00:00",
"db": "BID",
"id": "92178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07048"
},
{
"date": "2016-07-28T00:00:00",
"db": "BID",
"id": "92178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92178"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A variety of Lenovo product SSD firmware information disclosure vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07048"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "92178"
}
],
"trust": 0.3
}
}
var-201605-0697
Vulnerability from variot
Multiple Lenovo Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this vulnerability to run files with SYSTEM privileges.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0697",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "yoga 900-13isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "yoga 700-14isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "yoga 700-11isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "500-150"
},
{
"model": "yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "500-140"
},
{
"model": "y900-17isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "y700-17 isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "y700-15 isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "y700-15 acz",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "y700-14 isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "xiaoxin",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "700-150"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "140"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad yoga",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 13e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "m51-80",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "700-170"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "700-170"
},
{
"model": "ideapad isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "700-150"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "700-150"
},
{
"model": "ideapad 500s-15isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad 500s-14isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad 500s-13isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "ideapad isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "500-150"
},
{
"model": "ideapad isk",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "500-140"
},
{
"model": "flex3-1580",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "flex3-1480",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2-15800"
}
],
"sources": [
{
"db": "BID",
"id": "92213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "92213"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Lenovo Products are prone to a local privilege-escalation vulnerability.\nA local attacker can exploit this vulnerability to run files with SYSTEM privileges.",
"sources": [
{
"db": "BID",
"id": "92213"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "92213",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "92213"
}
]
},
"id": "VAR-201605-0697",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.311111108
},
"last_update_date": "2022-05-17T01:52:38.710000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.3,
"url": "https://support.lenovo.com/us/en/product_security/len_4884"
}
],
"sources": [
{
"db": "BID",
"id": "92213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "92213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-02T00:00:00",
"db": "BID",
"id": "92213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-02T00:00:00",
"db": "BID",
"id": "92213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92213"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Lenovo Products Dolby Audio X2 Local Privilege Escalation Vulnerability",
"sources": [
{
"db": "BID",
"id": "92213"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "92213"
}
],
"trust": 0.3
}
}
var-201611-0178
Vulnerability from variot
For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. Local attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geforce experience",
"scope": "lte",
"trust": 1.0,
"vendor": "nvidia",
"version": null
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.8,
"vendor": "nvidia",
"version": "(windows)"
},
{
"model": "geforce experience",
"scope": "eq",
"trust": 0.6,
"vendor": "nvidia",
"version": null
},
{
"model": "quadro r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "quadro r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r361",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r352",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "nvs r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r367",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "geforce r340",
"scope": "eq",
"trust": 0.3,
"vendor": "nvidia",
"version": "0"
},
{
"model": "thinkstation",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x0"
},
{
"model": "ideapad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "system",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "x0"
},
{
"model": "quadro r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "quadro r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "quadro r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "quadro r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "nvs r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.39"
},
{
"model": "nvs r361",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "362.77"
},
{
"model": "nvs r352",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "354.99"
},
{
"model": "nvs r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
},
{
"model": "geforce r367",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "368.69"
},
{
"model": "geforce r340",
"scope": "ne",
"trust": 0.3,
"vendor": "nvidia",
"version": "341.96"
}
],
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "-",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:titan_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_945m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gt_710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m500m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k620:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k420:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_510:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1050:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_965m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m3000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1070:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_1060:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_940m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_930mx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m5000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m6000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_p5000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_315:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:nvs_310:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_960m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_gtx_950m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_920m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:geforce_910m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m1000m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m600m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_m2000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nvidia:quadro_k1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alin Ghica, Joseph Bialek of Microsoft Vulnerability Research and Daniel Cornel.",
"sources": [
{
"db": "BID",
"id": "93251"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-3161",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-3161",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-3161",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-122",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-3161",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successful exploit of a vulnerable service installation can enable malicious code to execute on the system at the system/user privilege level. The CVE-2016-3161 ID is for the GameStream unquoted service path. Supplementary information : CWE Vulnerability type by CWE-428: Unquoted Search Path or Element ( Unquoted search path or element ) Has been identified. https://cwe.mitre.org/data/definitions/428.htmlMalicious code can be executed on the system. Multiple NVIDIA products are prone to multiple local privilege-escalation vulnerabilities and multiple local denial-of-service vulnerabilities. \nLocal attackers can exploit these issues to gain elevated privileges or cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "BID",
"id": "93251"
},
{
"db": "VULMON",
"id": "CVE-2016-3161"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3161",
"trust": 2.8
},
{
"db": "BID",
"id": "93251",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-3161",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"id": "VAR-201611-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.215972225
},
"last_update_date": "2023-12-18T12:05:17.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Bulletin: Multiple vulnerabilities affect Quadro, NVS, and GeForce Windows based systems",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"title": "NVIDIA Quadro , NVS and GeForce GFE GameStream and VTray Fixes for component denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65440"
},
{
"title": "NVIDIA Quadro , NVS and GeForce GFE GameStream and VTray Fixes for component denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65291"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213"
},
{
"trust": 1.4,
"url": "https://support.lenovo.com/us/en/product_security/ps500070"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93251"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3161"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3161"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/product_security/ps500070"
},
{
"trust": 0.3,
"url": "http://www.nvidia.com"
},
{
"trust": 0.3,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4213/~/security-bulletin%3a-multiple-vulnerabilities-affect-quadro,-nvs,-and-geforce"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"db": "BID",
"id": "93251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"date": "2016-08-11T00:00:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"date": "2016-11-08T20:59:00.177000",
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"date": "2016-09-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3161"
},
{
"date": "2016-10-03T00:03:00",
"db": "BID",
"id": "93251"
},
{
"date": "2016-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005835"
},
{
"date": "2016-12-15T02:59:35.807000",
"db": "NVD",
"id": "CVE-2016-3161"
},
{
"date": "2016-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "93251"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural NVIDIA Product GFE GameStream and NVTray Plug-in malicious code execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005835"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-122"
}
],
"trust": 0.6
}
}
var-201710-0668
Vulnerability from variot
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as "ROCA" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer's site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03789en_us Version: 2
HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-10-18 Last Updated: 2017-10-17
Potential Security Impact: Local: Unauthorized Access to Data; Remote: Unauthorized Access to Data
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data.
References:
- PSRT110605
- PSRT110598
- CVE-2017-15361
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this option). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers - - it is an option. - HP ProLiant BL460c Gen9 Server Blade n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant BL660c Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL120 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL160 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL360 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL380 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL388 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL580 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL60 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL80 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML110 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML150 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE Apollo 4200 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL20 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL560 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML30 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL170r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL190r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL260a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL450 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-15361
7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided both an updated system ROM, and updated TPM firmware to correct this issue for impacted systems. Update the system ROM and "HPE Trusted Platform Module 2.0 Option" to firmware version 5.62 or subsequent.
The latest version of the System ROM is available, and must be updated before updating the TPM firmware. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category BIOS - System ROM.
8.Select the latest release of HPE System ROM Version 2.50 (or later).
9.Click Download.
The latest version of the TPM firmware is available. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category Firmware.
8.Select the latest release of the HPE Trusted Platform Module 2.0 Option
firmware update for HPE Gen9 Severs Version 5.62 (or later).
9.Click Download.
Note:
-
After the firmware upgrade, the TPM will generate RSA keys using an improved algorithm. Revoking the weak TPM generated RSA keys will still be required. Refer to the OS documentation for OS-specific instructions. In addition, a System ROM update to version 2.50 (or later) is required before updating the TPM 2.0 firmware.
-
Please refer to the HPE Customer Bulletin as well:
-
HPE ProLiant Gen9 Servers - Potential Vulnerability in the HPE Trusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant Gen9 Servers http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us
HISTORY
Version:1 (rev.1) - 16 October 2017 Initial release
Version:2 (rev.2) - 17 October 2017 Added CVE reference
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB UgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08 rzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd eQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l OMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j SR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM= =KoaT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.31"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "133.32"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "6.40"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.32"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 1.2,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": "rsa library",
"scope": "lte",
"trust": 1.0,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atos se",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gemalto av",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rubrik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "taglio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winmagic",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "yubico",
"version": null
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": "version 1.02.013"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.3.4"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.2.6"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "thinkpad yoga s1",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2600"
},
{
"model": "thinkpad yoga s3",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "144600"
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t470p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p51",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l570",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l470",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.3,
"vendor": "infineon",
"version": "1.2.13"
},
{
"model": "trusted platform module option kit",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96702.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96701.2)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96652.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96601.2)0"
},
{
"model": "mobile workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "mobile thin client and tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "commercial notebook pc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "chrome os m63",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m62",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m61",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "idprime.net",
"scope": "eq",
"trust": 0.3,
"vendor": "gemalto",
"version": "0"
},
{
"model": "tpm 2.0 fw7.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw7.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.40",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.33",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw149.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw133.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "chrome os m80",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "6.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "133.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rsa library",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g4\\/g4_ee:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebox_cb1-\\(000-099\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.013",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.",
"sources": [
{
"db": "BID",
"id": "101484"
}
],
"trust": 0.3
},
"cve": "CVE-2017-15361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-33657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-106176",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-15361",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15361",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-008423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106176",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as \"ROCA\" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer\u0027s site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03789en_us\nVersion: 2\n\nHPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module\nv2.0 Option, Unauthorized Access to Data\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-10-18\nLast Updated: 2017-10-17\n\nPotential Security Impact: Local: Unauthorized Access to Data; Remote:\nUnauthorized Access to Data\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in the \"HP Trusted\nPlatform Module 2.0 Option\" kit. This optional kit is available for HPE Gen9\nsystems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is\nthat new mathematical methods exist such that RSA keys generated by the TPM\n2.0 with firmware 5.51 are cryptographically weakened. This vulnerability\ncould lead to local and remote unauthorized access to data. \n\nReferences:\n\n - PSRT110605\n - PSRT110598\n - CVE-2017-15361\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this\noption). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers\n- - it is an option. \n - HP ProLiant BL460c Gen9 Server Blade n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant BL660c Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL120 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL160 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL360 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL380 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL388 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL580 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL60 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL80 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML110 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML150 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE Apollo 4200 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL20 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL560 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo n/a - only if \"HPE Trusted Platform Module 2.0\nKit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr\nn/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51 is\ninstalled. \n - HPE ProLiant ML30 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL170r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL190r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL260a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL450 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-15361\n 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided both an updated system ROM, and updated TPM firmware to\ncorrect this issue for impacted systems. Update the system ROM and \"HPE\nTrusted Platform Module 2.0 Option\" to firmware version 5.62 or subsequent. \n\nThe latest version of the System ROM is available, and must be updated before\nupdating the TPM firmware. Use these instructions:\n\n1.Click the following link: \n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n3.Click Go. \n4.Select the appropriate product model from the Results list (if prompted). \n5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n7.Click the category BIOS - System ROM. \n8.Select the latest release of HPE System ROM Version 2.50 (or later). \n9.Click Download. \n\n\nThe latest version of the TPM firmware is available. Use these instructions:\n\n 1.Click the following link:\n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n 2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n 3.Click Go. \n 4.Select the appropriate product model from the Results list (if prompted). \n\n 5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n 6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n 7.Click the category Firmware. \n 8.Select the latest release of the HPE Trusted Platform Module 2.0 Option\nfirmware update for HPE Gen9 Severs Version 5.62 (or later). \n 9.Click Download. \n\n**Note:** \n\n * After the firmware upgrade, the TPM will generate RSA keys using an\nimproved algorithm. Revoking the weak TPM generated RSA keys will still be\nrequired. Refer to the OS documentation for OS-specific instructions. In\naddition, a System ROM update to version 2.50 (or later) is required before\nupdating the TPM 2.0 firmware. \n \n * Please refer to the HPE *Customer Bulletin* as well:\n \n - **HPE ProLiant Gen9 Servers** - Potential Vulnerability in the HPE\nTrusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant\nGen9 Servers\n\u003chttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 16 October 2017 Initial release\n\nVersion:2 (rev.2) - 17 October 2017 Added CVE reference\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB\nUgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08\nrzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd\neQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l\nOMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j\nSR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM=\n=KoaT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "PACKETSTORM",
"id": "144646"
}
],
"trust": 3.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15361",
"trust": 4.6
},
{
"db": "CERT/CC",
"id": "VU#307015",
"trust": 3.7
},
{
"db": "BID",
"id": "101484",
"trust": 2.7
},
{
"db": "LENOVO",
"id": "LEN-15552",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-470231",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01A",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95530052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E0DF457-AAB1-4879-A7C8-5371086A00D5",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144646",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99005",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-106176",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"id": "VAR-201710-0668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
}
],
"trust": 1.4398148266666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
}
]
},
"last_update_date": "2023-12-18T13:48:29.328000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information on TPM firmware update for Microsoft Windows systems as announced on Microsoft`s patchday on October 10th 2017",
"trust": 0.8,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirid=59160"
},
{
"title": "Security Alert 20171012",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2017/securityalert20171012.html"
},
{
"title": "Infineon RSA Library Encryption Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/105950"
},
{
"title": "Infineon Trusted Platform Module Infineon RSA Repair measures for library security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75565"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/23/roca_crypto_flaw_gemalto/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d442339efd5a6d4834ac93a8dc07c35d"
},
{
"title": "HP: HPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbhf03568"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ca9eba9c5c56724cf0dd05e2bbff5dc4"
},
{
"title": "HP: HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03583"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=03aca358debd7682b3b457bbf62087d3"
},
{
"title": "Infineon-CVE-2017-15361",
"trust": 0.1,
"url": "https://github.com/lva/infineon-cve-2017-15361 "
},
{
"title": "RocaCmTest",
"trust": 0.1,
"url": "https://github.com/jnpuskar/rocacmtest "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/bro-plugin-roca "
},
{
"title": "Detect-CVE-2017-15361-TPM",
"trust": 0.1,
"url": "https://github.com/nsacyber/detect-cve-2017-15361-tpm "
},
{
"title": "cedarkey",
"trust": 0.1,
"url": "https://github.com/nuclearcat/cedarkey "
},
{
"title": "roca",
"trust": 0.1,
"url": "https://github.com/brunoproduit/roca "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/zeek-plugin-roca "
},
{
"title": "tpm-firmware",
"trust": 0.1,
"url": "https://github.com/fishilico/tpm-firmware "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/google/paranoid_crypto "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-hello-for-business-orphaned-key-risks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"trust": 3.4,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirid=59160"
},
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"trust": 2.9,
"url": "http://support.lenovo.com/us/en/product_security/len-15552"
},
{
"trust": 2.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv170012"
},
{
"trust": 2.6,
"url": "https://github.com/crocs-muni/roca"
},
{
"trust": 2.6,
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"trust": 2.6,
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/101484"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"trust": 1.8,
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"trust": 1.8,
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"trust": 1.8,
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"trust": 1.8,
"url": "https://github.com/iadgov/detect-cve-2017-15361-tpm"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01"
},
{
"trust": 1.8,
"url": "https://keychest.net/roca"
},
{
"trust": 1.8,
"url": "https://monitor.certipath.com/rsatest"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15361"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.8,
"url": "https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/article/us/en/19/sln307820/"
},
{
"trust": 0.8,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html"
},
{
"trust": 0.8,
"url": "https://safenet.gemalto.com/technical-support/security-updates/"
},
{
"trust": 0.8,
"url": "https://support.rubrik.com/articles/how_to/000001116"
},
{
"trust": 0.8,
"url": "https://www.yubico.com/keycheck/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15361"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-058-01a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95530052/"
},
{
"trust": 0.3,
"url": "https://www.infineon.com/"
},
{
"trust": 0.3,
"url": "https://support.hp.com/us-en/document/c05792935"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/lva/infineon-cve-2017-15361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01a"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=a00028289en_us\u003e"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/hpesc\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"date": "2017-10-16T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-16T00:00:00",
"db": "BID",
"id": "101484"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2017-10-17T15:22:22",
"db": "PACKETSTORM",
"id": "144646"
},
{
"date": "2017-10-16T17:29:00.243000",
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-23T20:04:00",
"db": "BID",
"id": "101484"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infineon RSA library does not properly generate RSA key pairs",
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2019-04-10 17:29
Modified
2024-11-21 04:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | bootable_usb | * | |
| lenovo | ideacentre | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:bootable_usb:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4373A561-D116-4844-8F09-BEB7923ED0DB",
"versionEndExcluding": "mar-2019",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
},
{
"lang": "es",
"value": "Se inform\u00f3 de una vulnerabilidad en la ruta de b\u00fasqueda de DLL en Lenovo Bootable Generator, anterior a la versi\u00f3n Mar-2019, que podr\u00eda permitir a un usuario malicioso con acceso local ejecute c\u00f3digo en el sistema."
}
],
"id": "CVE-2019-6154",
"lastModified": "2024-11-21T04:46:02.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T17:29:00.400",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2019-6167",
"lastModified": "2024-11-21T04:46:03.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.213",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
},
{
"lang": "es",
"value": "Una vulnerabilidad comunicada en Lenovo Service Bridge antes de la versi\u00f3n 4.1.0.1 podr\u00eda permitir descargas sin cifrar a trav\u00e9s de FTP."
}
],
"id": "CVE-2019-6169",
"lastModified": "2024-11-21T04:46:04.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.357",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2019-6166",
"lastModified": "2024-11-21T04:46:03.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.153",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-07 00:19
Modified
2024-11-21 00:28
Severity ?
Summary
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | pro_1000_lan_adapter | 135400 | |
| lenovo | thinkpad | r50 | |
| lenovo | thinkpad | r50e | |
| lenovo | thinkpad | r50p | |
| lenovo | thinkpad | r51 | |
| lenovo | thinkpad | t41 | |
| lenovo | thinkpad | t41p | |
| lenovo | thinkpad | t42 | |
| lenovo | thinkpad | t42p | |
| lenovo | thinkpad | t60 | |
| lenovo | thinkpad | t60p | |
| lenovo | thinkpad | x31 | |
| lenovo | thinkpad | x32 | |
| lenovo | thinkpad | x40 | |
| lenovo | thinkpad | x60 | |
| lenovo | thinkpad | x60_tablet | |
| lenovo | thinkpad | x60s |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:pro_1000_lan_adapter:135400:*:*:*:*:*:*:*",
"matchCriteriaId": "29EB8639-FFB5-4C2D-BC84-CB5CF023D5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB8FBD5-E649-451A-8607-3A348177875B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50e:*:*:*:*:*:*:*",
"matchCriteriaId": "941F6EC8-721C-47D5-A1C9-F693DEF342E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50p:*:*:*:*:*:*:*",
"matchCriteriaId": "398C1D16-35C6-4EC5-8E8D-20BE5AB8E534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r51:*:*:*:*:*:*:*",
"matchCriteriaId": "1B971BF4-1FA7-4890-83D6-063249E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t41:*:*:*:*:*:*:*",
"matchCriteriaId": "7754E7B3-9C85-43D6-BA9A-0DC2E381FDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t41p:*:*:*:*:*:*:*",
"matchCriteriaId": "3F707727-B8C3-405D-802D-26A6382070C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t42:*:*:*:*:*:*:*",
"matchCriteriaId": "2027DC41-7A87-4247-9306-7A069E2A7E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t42p:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA56ADA-6228-43ED-9940-EB2456D1A894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t60:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56DD14-0857-4473-9F70-19412599EC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t60p:*:*:*:*:*:*:*",
"matchCriteriaId": "23121483-2DBF-4426-85E6-ED252B9514CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAD5486-77BD-4C6A-B904-DAD1C439CA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x32:*:*:*:*:*:*:*",
"matchCriteriaId": "678E12C5-FDCE-4D64-9062-933509D419D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x40:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD0F316-BDFF-44FB-99DE-610A658AE5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABCC46A-FA30-42CB-BB3B-EC8EBE4B730C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60_tablet:*:*:*:*:*:*:*",
"matchCriteriaId": "B4159479-CD51-424F-8449-D29947021FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60s:*:*:*:*:*:*:*",
"matchCriteriaId": "825A06DA-4AEB-44C8-ADCD-8220C8B2A031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el adaptador Lenovo Intel PRO/1000 LAN anterior a Build 135400, como ha sido usado en sistemas IBM Lenovo ThinkPad, tienen impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2007-1307",
"lastModified": "2024-11-21T00:28:00.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33854"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24349"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | system_update | * | |
| lenovo | b_series | - | |
| lenovo | c100 | - | |
| lenovo | c200 | - | |
| lenovo | e_series | - | |
| lenovo | j100 | - | |
| lenovo | j105 | - | |
| lenovo | j110 | - | |
| lenovo | j115 | - | |
| lenovo | j200 | - | |
| lenovo | j200p | - | |
| lenovo | j205 | - | |
| lenovo | k_series | - | |
| lenovo | n100 | - | |
| lenovo | n200 | - | |
| lenovo | s200 | - | |
| lenovo | s200p | - | |
| lenovo | s205 | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | v_series | - | |
| lenovo | v100 | - | |
| lenovo | v200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "425E8D8C-9D57-421C-B9D8-91570342F37C",
"versionEndExcluding": "5.07.0084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:b_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF35A407-04DB-4484-8C92-44E9CA35784B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:c100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2679679A-86BF-4346-B49A-1CF59066A3C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF289431-1E47-4AAE-9664-CB70EBDBE835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:e_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20A22C95-1285-46B8-A9BB-8BE1D7824C41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59F2C7AD-9AC4-4582-952B-561D86C98BB5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7C3A94-C947-47CF-94EF-A36D51E568A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72664BC5-3936-455A-AF94-96686CD4E3B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B111141-88BD-46D8-9FE1-2D72CD9D9383",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAC20A5-7F62-4BEF-A489-B14EC1AF24C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j200p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "165777CC-AEA0-4AF6-813A-0BCF19C011B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E48F87-3FAE-4AFB-B691-F60CAA0D264C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C2A201-9452-4753-AB38-29F7B53E3C4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "969C2FCE-A6C7-4D61-8ECC-CAE595829EAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414F3F97-0D2C-4B3A-B5AB-59B308652FD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD73A62-B205-4D80-9516-F1603198E0E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s200p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BB43C-D47F-4CA1-B69C-CAB260D58EE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25405CB9-280E-4EDD-A2AE-3869F781BE66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4199C75-BB7A-4F1B-911B-28FCB859474E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F32E145-62E2-4A52-8E48-C5CD9CBFB1C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "547B731E-658D-4312-BDC2-22A3F584833E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
},
{
"lang": "es",
"value": "Se comunic\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en Lenovo System Update en versiones anteriores a la 5.07.0084 que podr\u00eda permitir que los archivos de registro de servicio sean escritos en ubicaciones no standard."
}
],
"id": "CVE-2019-6163",
"lastModified": "2024-11-21T04:46:03.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.107",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2019-6168",
"lastModified": "2024-11-21T04:46:04.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.277",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-4029
Vulnerability from cvelistv5
Published
2023-08-17 16:48
Modified
2024-10-08 13:16
Severity ?
EPSS score ?
Summary
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad",
"vendor": "lenovo",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:13:15.422315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:16:40.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:24.711Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4029",
"datePublished": "2023-08-17T16:48:24.711Z",
"dateReserved": "2023-07-31T16:48:52.842Z",
"dateUpdated": "2024-10-08T13:16:40.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6169
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 20:32
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unencrypted downloads over FTP",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6169",
"datePublished": "2019-06-26T14:12:34.865362Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T20:32:51.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6163
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27348 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | System Update |
Version: unspecified < 5.07.0084 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.07.0084",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T18:56:07",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27348",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6163",
"datePublished": "2019-06-26T14:12:34.696699Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T23:41:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1307
Vulnerability from cvelistv5
Published
2007-03-07 00:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/22822 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24349 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/33854 | vdb-entry, x_refsource_OSVDB | |
| http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-62922 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/0801 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"refsource": "OSVDB",
"url": "http://osvdb.org/33854"
},
{
"name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922",
"refsource": "CONFIRM",
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1307",
"datePublished": "2007-03-07T00:00:00",
"dateReserved": "2007-03-06T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6154
Vulnerability from cvelistv5
Published
2019-04-10 17:04
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-25401 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Lenovo Bootable Generator |
Version: unspecified < Mar-2019 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Bootable Generator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Mar-2019",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue."
}
],
"datePublic": "2019-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T17:04:19",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)."
}
],
"source": {
"advisory": "LEN-25401",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-04T19:00:00.000Z",
"ID": "CVE-2019-6154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Bootable Generator",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "Mar-2019"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-25401",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)."
}
],
"source": {
"advisory": "LEN-25401",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6154",
"datePublished": "2019-04-10T17:04:19.857324Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-17T02:06:09.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6167
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:02
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6167",
"datePublished": "2019-06-26T14:12:34.783642Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T17:02:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6172
Vulnerability from cvelistv5
Published
2019-11-12 20:40
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-27714 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Various",
"status": "affected",
"version": "Various",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T21:49:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"solutions": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Various",
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27714",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6172",
"datePublished": "2019-11-12T20:40:53",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8341
Vulnerability from cvelistv5
Published
2020-09-01 21:30
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-30042 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T21:30:16",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-01T21:00:00.000Z",
"ID": "CVE-2020-8341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8341",
"datePublished": "2020-09-01T21:30:16.648832Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T23:16:41.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6170
Vulnerability from cvelistv5
Published
2019-11-12 20:40
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-27714 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Various",
"status": "affected",
"version": "Various",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T21:49:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"solutions": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Various",
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27714",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6170",
"datePublished": "2019-11-12T20:40:53",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6168
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6168",
"datePublished": "2019-06-26T14:12:34.822409Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T23:41:33.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2290
Vulnerability from cvelistv5
Published
2023-06-26 19:44
Modified
2024-12-03 18:40
Severity ?
EPSS score ?
Summary
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e14:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e14",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e14_gen2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e14_gen2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.22"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e15:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e15",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e490",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.34"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T18:34:50.401160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T18:40:33.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Enrique Nissim, Joseph Tartaro and Krzysztof Okupski from IOActive for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:49:30.904Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-106014\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-106014\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-2290",
"datePublished": "2023-06-26T19:44:19.989Z",
"dateReserved": "2023-04-25T19:41:49.164Z",
"dateUpdated": "2024-12-03T18:40:33.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4030
Vulnerability from cvelistv5
Published
2023-08-17 16:48
Modified
2024-10-08 13:11
Severity ?
EPSS score ?
Summary
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkpad",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "p14_gen2"
},
{
"status": "affected",
"version": "p15_gen2"
},
{
"status": "affected",
"version": "t14_gen2"
},
{
"status": "affected",
"version": "t15_gen2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:08:56.146548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:11:13.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."
}
],
"value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:47.172Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4030",
"datePublished": "2023-08-17T16:48:47.172Z",
"dateReserved": "2023-07-31T16:54:49.207Z",
"dateUpdated": "2024-10-08T13:11:13.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6166
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:14
Severity ?
EPSS score ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-27725 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6166",
"datePublished": "2019-06-26T14:12:34.747569Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T17:14:55.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}