CVE-2016-2393

Description

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

Related CPE's

a lenovo fingerprint_manager ********

a lenovo touch_fingerprint ********

References

https://support.lenovo.com/us/en/product_security/len_4282

PatchVendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	LOW
BaseScore	7.8
VectorString	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version	3.0
UserInteraction	NONE

CvssV2 impact

Version	2.0
VectorString	AV:L/AC:L/Au:N/C:C/I:C/A:C
AccessVector	LOCAL
AccessComplexity	LOW
Authentication	NONE
ConfidentialityImpact	COMPLETE
IntegrityImpact	COMPLETE
AvailabilityImpact	COMPLETE
BaseScore	7.199999809265137

Created by Yello

About Severity.io