Sign-up

ID

VAR-201706-0111


CVE

CVE-2016-8228


TITLE

Lenovo Service Bridge Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2016-008619

DESCRIPTION

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4

Trust: 1.71

sources: NVD: CVE-2016-8228 // JVNDB: JVNDB-2016-008619 // VULHUB: VHN-97048

AFFECTED PRODUCTS

vendor:lenovomodel:service bridgescope:eqversion: -

Trust: 1.6

vendor:lenovomodel:service bridgescope:ltversion:4

Trust: 0.8

sources: JVNDB: JVNDB-2016-008619 // CNNVD: CNNVD-201706-093 // NVD: CVE-2016-8228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8228
value: HIGH

Trust: 1.0

NVD: CVE-2016-8228
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-093
value: HIGH

Trust: 0.6

VULHUB: VHN-97048
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-8228
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-97048
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-8228
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-97048 // JVNDB: JVNDB-2016-008619 // CNNVD: CNNVD-201706-093 // NVD: CVE-2016-8228

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-97048 // JVNDB: JVNDB-2016-008619 // NVD: CVE-2016-8228

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201706-093

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201706-093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008619

PATCH
title:LEN-10149url:https://support.lenovo.com/jp/ja/product_security/len-10149
Trust: 0.8
title:Lenovo Service Bridge Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70754
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-008619 // 
            
            
            
            CNNVD: CNNVD-201706-093

EXTERNAL IDS
db:NVDid:CVE-2016-8228
Trust: 2.5
db:LENOVOid:LEN-10149
Trust: 1.7
db:JVNDBid:JVNDB-2016-008619
Trust: 0.8
db:CNNVDid:CNNVD-201706-093
Trust: 0.7
db:VULHUBid:VHN-97048
Trust: 0.1
sources:
            
            
            VULHUB: VHN-97048 // 
            
            
            
            JVNDB: JVNDB-2016-008619 // 
            
            
            
            CNNVD: CNNVD-201706-093 // 
            
            
            
            NVD: CVE-2016-8228

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-10149
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8228
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8228
Trust: 0.8
sources:
            
            
            VULHUB: VHN-97048 // 
            
            
            
            JVNDB: JVNDB-2016-008619 // 
            
            
            
            CNNVD: CNNVD-201706-093 // 
            
            
            
            NVD: CVE-2016-8228

SOURCES
db:VULHUBid:VHN-97048
db:JVNDBid:JVNDB-2016-008619
db:CNNVDid:CNNVD-201706-093
db:NVDid:CVE-2016-8228

LAST UPDATE DATE
2024-11-23T22:01:05.472000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-97048date:2017-06-09T00:00:00
db:JVNDBid:JVNDB-2016-008619date:2017-06-30T00:00:00
db:CNNVDid:CNNVD-201706-093date:2017-06-05T00:00:00
db:NVDid:CVE-2016-8228date:2024-11-21T02:59:01.650

SOURCES RELEASE DATE
db:VULHUBid:VHN-97048date:2017-06-04T00:00:00
db:JVNDBid:JVNDB-2016-008619date:2017-06-30T00:00:00
db:CNNVDid:CNNVD-201706-093date:2017-06-05T00:00:00
db:NVDid:CVE-2016-8228date:2017-06-04T21:29:00.187