nvd-json-data-feeds/CVE-2016/CVE-2016-23xx/CVE-2016-2393.json

{
  "id": "CVE-2016-2393",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2016-04-11T14:59:11.333",
  "lastModified": "2016-04-14T00:40:36.883",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks."
    },
    {
      "lang": "es",
      "value": "Lenovo Fingerprint Manager en versiones anteriores a 8.01.57 y Touch Fingerprint en versiones anteriores a 1.00.08 utiliza ACLs d\u00e9biles para (1) servicios y (2) archivos no especificados, lo que permite a usuarios locales obtener privilegios invalidando comprobaciones locales."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:lenovo:fingerprint_manager:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "8.01.56",
              "matchCriteriaId": "8094544C-928A-49DB-BF7A-278A0C78BE0D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:lenovo:touch_fingerprint:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.00.07",
              "matchCriteriaId": "CDF351B8-947E-478C-94E7-135462C454CE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://support.lenovo.com/us/en/product_security/len_4282",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}