Vulnerabilites related to lenovo - dynamic_power_reduction
Vulnerability from fkie_nvd
Published
2019-03-18 01:32
Modified
2024-11-21 04:46
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | dynamic_power_reduction | * | |
| lenovo | thinkpad_x1_carbon | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:lenovo:dynamic_power_reduction:*:*:*:*:*:*:*:*", matchCriteriaId: "C23AA005-4C36-4F68-A765-6128D252F72D", versionEndExcluding: "2.2.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkpad_x1_carbon:-:*:*:*:*:*:*:*", matchCriteriaId: "0B9E7845-CEA3-43A4-8978-F447A45E0E53", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad de ruta de búsqueda sin entrecomillar en Lenovo Dynamic Power Reduction Utility, en versiones anteriores a la 2.2.2.0, que podría permitir que un usuario malicioso con acceso local ejecute código con privilegios de administrador.", }, ], id: "CVE-2019-6149", lastModified: "2024-11-21T04:46:02.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@lenovo.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-18T01:32:29.310", references: [ { source: "psirt@lenovo.com", url: "http://www.securityfocus.com/bid/107438", }, { source: "psirt@lenovo.com", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/solutions/LEN-25674", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/107438", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/solutions/LEN-25674", }, ], sourceIdentifier: "psirt@lenovo.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-428", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2019-6149
Vulnerability from cvelistv5
Published
2019-03-15 22:00
Modified
2024-09-16 19:47
Severity ?
EPSS score ?
Summary
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.lenovo.com/solutions/LEN-25674 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/107438 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | unspecified |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:23.839Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.lenovo.com/solutions/LEN-25674", }, { name: "107438", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107438", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "unspecified", vendor: "unspecified", }, ], datePublic: "2019-03-14T00:00:00", descriptions: [ { lang: "en", value: "An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], providerMetadata: { dateUpdated: "2019-03-18T10:06:03", orgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", shortName: "lenovo", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.lenovo.com/solutions/LEN-25674", }, { name: "107438", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107438", }, ], solutions: [ { lang: "en", value: "Update Dynamic Power Reduction Utility to version 2.2.2.0.", }, ], source: { advisory: "LEN-25674", discovery: "UNKNOWN", }, x_ConverterErrors: { affects: { error: "Missing affected product. Using unspecified instead.", message: "Marking it unspecified!", }, }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@lenovo.com", DATE_PUBLIC: "2019-03-14T16:00:00.000Z", ID: "CVE-2019-6149", STATE: "PUBLIC", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, references: { reference_data: [ { name: "https://support.lenovo.com/solutions/LEN-25674", refsource: "CONFIRM", url: "https://support.lenovo.com/solutions/LEN-25674", }, { name: "107438", refsource: "BID", url: "http://www.securityfocus.com/bid/107438", }, ], }, solution: [ { lang: "en", value: "Update Dynamic Power Reduction Utility to version 2.2.2.0.", }, ], source: { advisory: "LEN-25674", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", assignerShortName: "lenovo", cveId: "CVE-2019-6149", datePublished: "2019-03-15T22:00:00Z", dateReserved: "2019-01-11T00:00:00", dateUpdated: "2024-09-16T19:47:26.228Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }