Sign-up

ID

VAR-202009-1525


CVE

CVE-2020-8342


TITLE

Lenovo System Update  In  Time-of-check Time-of-use (TOCTOU)  Race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-011306

DESCRIPTION

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. Lenovo System Update Has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Lenovo System Update is an application from China Lenovo (Lenovo) to check for driver updates and install them. A security vulnerability exists in Lenovo System Update. An attacker could exploit this vulnerability to escalate privileges

Trust: 1.71

sources: NVD: CVE-2020-8342 // JVNDB: JVNDB-2020-011306 // VULHUB: VHN-186467

AFFECTED PRODUCTS

vendor:lenovomodel:system updatescope:ltversion:5.07.0106

Trust: 1.0

vendor:lenovomodel:system updatescope:eqversion: -

Trust: 0.8

vendor:lenovomodel:system updatescope:ltversion:5.07.0106 less than

Trust: 0.8

sources: JVNDB: JVNDB-2020-011306 // NVD: CVE-2020-8342

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-8342
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2020-8342
value: HIGH

Trust: 1.0

NVD: CVE-2020-8342
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202009-653
value: HIGH

Trust: 0.6

VULHUB: VHN-186467
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8342
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-186467
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-8342
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2020-8342
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2020-011306
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-186467 // JVNDB: JVNDB-2020-011306 // CNNVD: CNNVD-202009-653 // NVD: CVE-2020-8342 // NVD: CVE-2020-8342

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.1

problemtype:CWE-367

Trust: 1.1

problemtype:Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-186467 // JVNDB: JVNDB-2020-011306 // NVD: CVE-2020-8342

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202009-653

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-202009-653

PATCH

title:LEN-42150url:https://support.lenovo.com/us/en/product_security/LEN-42150

Trust: 0.8

title:Lenovo System Update Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128099

Trust: 0.6

sources: JVNDB: JVNDB-2020-011306 // CNNVD: CNNVD-202009-653

EXTERNAL IDS

db:NVDid:CVE-2020-8342

Trust: 2.5

db:LENOVOid:LEN-42150

Trust: 1.7

db:JVNDBid:JVNDB-2020-011306

Trust: 0.8

db:CNNVDid:CNNVD-202009-653

Trust: 0.7

db:NSFOCUSid:50095

Trust: 0.6

db:VULHUBid:VHN-186467

Trust: 0.1

sources: VULHUB: VHN-186467 // JVNDB: JVNDB-2020-011306 // CNNVD: CNNVD-202009-653 // NVD: CVE-2020-8342

REFERENCES

url:https://support.lenovo.com/us/en/product_security/len-42150

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-8342

Trust: 1.4

url:http://www.nsfocus.net/vulndb/50095

Trust: 0.6

sources: VULHUB: VHN-186467 // JVNDB: JVNDB-2020-011306 // CNNVD: CNNVD-202009-653 // NVD: CVE-2020-8342

SOURCES

db:VULHUBid:VHN-186467
db:JVNDBid:JVNDB-2020-011306
db:CNNVDid:CNNVD-202009-653
db:NVDid:CVE-2020-8342

LAST UPDATE DATE

2024-11-23T22:29:28.604000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-186467date:2022-04-25T00:00:00
db:JVNDBid:JVNDB-2020-011306date:2021-03-26T07:02:00
db:CNNVDid:CNNVD-202009-653date:2022-04-26T00:00:00
db:NVDid:CVE-2020-8342date:2024-11-21T05:38:44.797

SOURCES RELEASE DATE

db:VULHUBid:VHN-186467date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2020-011306date:2021-03-26T00:00:00
db:CNNVDid:CNNVD-202009-653date:2020-09-08T00:00:00
db:NVDid:CVE-2020-8342date:2020-09-15T15:15:14.293