Sign-up

ID

VAR-201804-0472


CVE

CVE-2016-8732


TITLE

Invincea Dell Protected Workspace Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009036

DESCRIPTION

Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. Invincea Dell Protected Workspace Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell is a company based in Round Rock, Texas, USA. There are protection bypass bugs in several Dell products. An attacker could exploit the vulnerability to bypass the authentication mechanism and gain unauthorized access. A privilege escalation vulnerability. 2

Trust: 2.43

sources: NVD: CVE-2016-8732 // JVNDB: JVNDB-2016-009036 // CNVD: CNVD-2017-21751 // BID: 99360

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-21751

AFFECTED PRODUCTS

vendor:sophosmodel:invincea dell protected workspacescope:eqversion:5.1.1-22303

Trust: 1.6

vendor:dellmodel:precision towerscope:eqversion:5810

Trust: 0.9

vendor:dellmodel:invincea-xscope:eqversion:6.1.3-24058

Trust: 0.9

vendor:dellmodel:invincea dell protected workspacescope:eqversion:5.1.1-22303

Trust: 0.9

vendor:sophosmodel:dell protected workspacescope:eqversion:5.1.1-22303

Trust: 0.8

sources: CNVD: CNVD-2017-21751 // BID: 99360 // JVNDB: JVNDB-2016-009036 // CNNVD: CNNVD-201707-080 // NVD: CVE-2016-8732

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-8732
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2016-8732
value: HIGH

Trust: 1.0

NVD: CVE-2016-8732
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-21751
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-080
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-8732
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-21751
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

talos-cna@cisco.com: CVE-2016-8732
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2016-8732
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-21751 // JVNDB: JVNDB-2016-009036 // CNNVD: CNNVD-201707-080 // NVD: CVE-2016-8732 // NVD: CVE-2016-8732

PROBLEMTYPE DATA

problemtype:CWE-275

Trust: 1.8

sources: JVNDB: JVNDB-2016-009036 // NVD: CVE-2016-8732

THREAT TYPE

local

Trust: 0.9

sources: BID: 99360 // CNNVD: CNNVD-201707-080

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201707-080

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-009036

PATCH
title:Dell Data Protection | Protected Workspace - Supporturl:https://dellprotectedworkspace.com/support/index.html
Trust: 0.8
title:Patches for many Dell product protection bypassing vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/100437
Trust: 0.6
title:Dell Invincea Dell Protected Workspace Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71417
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-21751 // 
            
            
            
            JVNDB: JVNDB-2016-009036 // 
            
            
            
            CNNVD: CNNVD-201707-080

EXTERNAL IDS
db:NVDid:CVE-2016-8732
Trust: 3.3
db:TALOSid:TALOS-2016-0246
Trust: 2.7
db:BIDid:99360
Trust: 2.5
db:JVNDBid:JVNDB-2016-009036
Trust: 0.8
db:CNVDid:CNVD-2017-21751
Trust: 0.6
db:CNNVDid:CNNVD-201707-080
Trust: 0.6
db:TALOSid:TALOS-2016-0256
Trust: 0.3
db:TALOSid:TALOS-2016-0247
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-21751 // 
            
            
            
            BID: 99360 // 
            
            
            
            JVNDB: JVNDB-2016-009036 // 
            
            
            
            CNNVD: CNNVD-201707-080 // 
            
            
            
            NVD: CVE-2016-8732

REFERENCES
url:http://www.securityfocus.com/bid/99360
Trust: 2.2
url:https://www.talosintelligence.com/vulnerability_reports/talos-2016-0246
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8732
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-8732
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2016-0246
Trust: 0.6
url:http://dell.com
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0247
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0246
Trust: 0.3
url:https://www.talosintelligence.com/reports/talos-2016-0256
Trust: 0.3
url:http://blog.talosintelligence.com/2017/06/vulnerability-spotlight-dell-precision.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-21751 // 
            
            
            
            BID: 99360 // 
            
            
            
            JVNDB: JVNDB-2016-009036 // 
            
            
            
            CNNVD: CNNVD-201707-080 // 
            
            
            
            NVD: CVE-2016-8732

CREDITS
Marcin ???Icewall??? Noga of Cisco Talos.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201707-080

SOURCES
db:CNVDid:CNVD-2017-21751
db:BIDid:99360
db:JVNDBid:JVNDB-2016-009036
db:CNNVDid:CNNVD-201707-080
db:NVDid:CVE-2016-8732

LAST UPDATE DATE
2024-11-23T22:41:53.151000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-21751date:2017-08-18T00:00:00
db:BIDid:99360date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2016-009036date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201707-080date:2022-04-20T00:00:00
db:NVDid:CVE-2016-8732date:2024-11-21T02:59:56.797

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-21751date:2017-07-06T00:00:00
db:BIDid:99360date:2017-06-30T00:00:00
db:JVNDBid:JVNDB-2016-009036date:2018-07-03T00:00:00
db:CNNVDid:CNNVD-201707-080date:2017-06-30T00:00:00
db:NVDid:CVE-2016-8732date:2018-04-24T19:29:00.610