Details of VAR-201908-1862

ID

VAR-201908-1862

CVE

CVE-2019-10724

TITLE

plural Lenovo Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-008838

DESCRIPTION

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. plural Lenovo The product contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. Dolby DAX2 API Service is an audio service component of Dolby Laboratories. An attacker could exploit this vulnerability to cause a denial of service

Trust: 1.71

sources: NVD: CVE-2019-10724 // JVNDB: JVNDB-2019-008838 // VULHUB: VHN-142299

AFFECTED PRODUCTS

vendor:	lenovo	model:	thinkpad l560	scope:	lt	version:	6.0.1.8644	Trust: 1.0
vendor:	lenovo	model:	thinkpad p50	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad x1 tablet	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	330-15ikbr touch	scope:	lt	version:	6.0.1.8652	Trust: 1.0
vendor:	lenovo	model:	thinkpad t570	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad x280	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad e460	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t25	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad t470s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad 11e yoga	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	flex 5-1570\	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	miix 520-12ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t480s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	aio310-20iap	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	aio520-22iku	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad x1 yoga 3rd	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad l380	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio510-23ish	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad l570	scope:	lt	version:	6.0.1.8644	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m900z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad yoga 260	scope:	lt	version:	8.66.62.92	Trust: 1.0
vendor:	lenovo	model:	thinkpad x270	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	yoga c930-13ikb glass	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad x1 yoga	scope:	lt	version:	8.66.62.92	Trust: 1.0
vendor:	lenovo	model:	thinkpad p51s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	330-15ikbr	scope:	lt	version:	6.0.1.8652	Trust: 1.0
vendor:	lenovo	model:	yoga book c930	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e475	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio520-24iku	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad l580	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	k43c-80	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t470	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	aio520-22ikl	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m818z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad e580	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad l470	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m700z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	720s-15ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t580	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	v330-14isk	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e585	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio510-22ish	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	flex 5-1470\	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e560	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad s3 yoga 14	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	v330-15isk	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio720-24ikb	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad t460s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad x1 carbon	scope:	lt	version:	8.66.76.72	Trust: 1.0
vendor:	lenovo	model:	330-14ikbr	scope:	lt	version:	6.0.1.8652	Trust: 1.0
vendor:	lenovo	model:	b330-15ikbr	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e465	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad yoga 370	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	yoga 730-13ikb	scope:	lt	version:	6.0.1.8644	Trust: 1.0
vendor:	lenovo	model:	thinkpad a275	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad l380 yoga	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e560p	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	720s touch-15ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio520-27ikl	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	yoga c930-13ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	yoga 14	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	v330-14ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m810z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad p50s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad yoga s1	scope:	lt	version:	8.66.62.92	Trust: 1.0
vendor:	lenovo	model:	miix 525-12ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad p52s	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad l460	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	e43-80	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad a475	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e480	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t480	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad t560	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad e485	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e570	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad 13	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad 11e	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	100e 2nd gen	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	k42-80	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	e53-80	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	300e 2nd gen	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	yoga 520-14ikbr	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	v720-14	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad p40	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e470	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t460	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t460p	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad x380 yoga	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad s1 3rd	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	ideacentre 520s-23iku	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	v730-15ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	v330-15ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad e575	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad p70	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	aio520-24ikl	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	v410z\	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad e565	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad t470p	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	330-17ikbr	scope:	lt	version:	6.0.1.8652	Trust: 1.0
vendor:	lenovo	model:	legion y520t z370	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	yoga 720-12ikb	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad s3-s440	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m800z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	yoga 730-15ikb	scope:	lt	version:	6.0.1.8644	Trust: 1.0
vendor:	lenovo	model:	thinkpad s5	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkcentre m910z	scope:	lt	version:	6.0.1.8642	Trust: 1.0
vendor:	lenovo	model:	thinkpad x260	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	thinkpad l480	scope:	eq	version:	-	Trust: 1.0
vendor:	lenovo	model:	aio310-20iap	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio510-22ish	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio510-23ish	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio520-22ikl	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio520-22iku	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio520-24ikl	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio520-24iku	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio520-27ikl	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	aio720-24ikb	scope:	-	version:	-	Trust: 0.8
vendor:	lenovo	model:	legion y520t z370	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008838 // NVD: CVE-2019-10724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10724
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-10724
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201904-968
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-142299
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10724
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142299
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10724
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-142299 // JVNDB: JVNDB-2019-008838 // CNNVD: CNNVD-201904-968 // NVD: CVE-2019-10724

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-142299 // JVNDB: JVNDB-2019-008838 // NVD: CVE-2019-10724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-968

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-968

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008838

PATCH

title:	レノボセキュリティアドバイザリ	url:	https://lenovomobilesupport.lenovo.com/jp/ja/product_security/home	Trust: 0.8
title:	LEN-26251	url:	https://support.lenovo.com/jp/ja/solutions/len-26251	Trust: 0.8
title:	Dolby DAX2 API Service Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91781	Trust: 0.6

sources: JVNDB: JVNDB-2019-008838 // CNNVD: CNNVD-201904-968

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10724	Trust: 2.5
db:	LENOVO	id:	LEN-26251	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-008838	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-968	Trust: 0.7
db:	VULHUB	id:	VHN-142299	Trust: 0.1

sources: VULHUB: VHN-142299 // JVNDB: JVNDB-2019-008838 // CNNVD: CNNVD-201904-968 // NVD: CVE-2019-10724

REFERENCES

url:	https://lenovomobilesupport.lenovo.com/us/en/product_security/home	Trust: 1.7
url:	https://support.lenovo.com/us/en/solutions/len-26251	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10724	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10724	Trust: 0.8
url:	https://support.lenovo.com/us/zh/solutions/len-26251	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-26251	Trust: 0.6

sources: VULHUB: VHN-142299 // JVNDB: JVNDB-2019-008838 // CNNVD: CNNVD-201904-968 // NVD: CVE-2019-10724

SOURCES

db:	VULHUB	id:	VHN-142299
db:	JVNDB	id:	JVNDB-2019-008838
db:	CNNVD	id:	CNNVD-201904-968
db:	NVD	id:	CVE-2019-10724

LAST UPDATE DATE

2024-11-23T23:11:44.569000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142299	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-008838	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201904-968	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-10724	date:	2024-11-21T04:19:48.827

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142299	date:	2019-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2019-008838	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201904-968	date:	2019-04-20T00:00:00
db:	NVD	id:	CVE-2019-10724	date:	2019-08-29T00:15:10.577