Details of VAR-201609-0686

ID

VAR-201609-0686

TITLE

A variety of Lenovo product SSD firmware information disclosure vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-07048

DESCRIPTION

An information disclosure vulnerability exists in several Lenovo product SSD firmware. An attacker can exploit the vulnerability to gain sensitive information, which could lead to further attacks. Multiple Lenovo products are prone to a local information-disclosure vulnerability

Trust: 0.81

sources: CNVD: CNVD-2016-07048 // BID: 92178

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-07048

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkstation s30	scope:	eq	version:	0	Trust: 0.9
vendor:	lenovo	model:	thinkstation p310	scope:	eq	version:	0	Trust: 0.9
vendor:	lenovo	model:	thinkstation p900	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation e32	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation d30	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation c30	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad yoga	scope:	eq	version:	140	Trust: 0.3
vendor:	lenovo	model:	thinkpad yoga	scope:	eq	version:	120	Trust: 0.3
vendor:	lenovo	model:	thinkpad yoga 11e	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x2500	Trust: 0.3
vendor:	lenovo	model:	thinkpad x240s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x2400	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	eq	version:	x1310	Trust: 0.3
vendor:	lenovo	model:	thinkpad w550s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad w540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t550	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t540p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t450s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t450	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440s	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad t440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s5 yoga	scope:	eq	version:	150	Trust: 0.3
vendor:	lenovo	model:	thinkpad s440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad s1 yoga	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l450	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad l440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e555	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e550	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e540	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e455	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e450	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e440	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad m93z	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad m83z	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad m79	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad m73z	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad m73p	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e93z	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkpad e79	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m93	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m83	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m73	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre m53	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkcentre e73z	scope:	eq	version:	0	Trust: 0.3
vendor:	lenovo	model:	thinkstation s30	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation p700	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation p500	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation p300	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation e32	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation d30	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkstation c30	scope:	ne	version:	01	Trust: 0.3
vendor:	lenovo	model:	thinkpad	scope:	ne	version:	x13101	Trust: 0.3
vendor:	lenovo	model:	thinkpad carbon	scope:	ne	version:	x12.74	Trust: 0.3

sources: CNVD: CNVD-2016-07048 // BID: 92178

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-07048
value:	LOW
Trust: 0.6

CNVD:	CNVD-2016-07048
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-07048

THREAT TYPE

local

Trust: 0.3

sources: BID: 92178

TYPE

Design Error

Trust: 0.3

sources: BID: 92178

PATCH

title:

Patches for several Lenovo product SSD firmware information disclosure vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/81013

Trust: 0.6

sources: CNVD: CNVD-2016-07048

EXTERNAL IDS

db:	BID	id:	92178	Trust: 0.9
db:	CNVD	id:	CNVD-2016-07048	Trust: 0.6

sources: CNVD: CNVD-2016-07048 // BID: 92178

REFERENCES

url:	http://www.securityfocus.com/bid/92178	Trust: 0.6
url:	https://support.lenovo.com/us/zh/product_security/len_5595	Trust: 0.6
url:	http://www.lenovo.com/ca/en/	Trust: 0.3
url:	https://support.lenovo.com/us/en/product_security/len_5595	Trust: 0.3

sources: CNVD: CNVD-2016-07048 // BID: 92178

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92178

SOURCES

db:	CNVD	id:	CNVD-2016-07048
db:	BID	id:	92178

LAST UPDATE DATE

2022-05-17T01:52:38.252000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-07048	date:	2016-09-01T00:00:00
db:	BID	id:	92178	date:	2016-07-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-07048	date:	2016-09-01T00:00:00
db:	BID	id:	92178	date:	2016-07-28T00:00:00