Skip to main content

Legion Y520T Z370 Firmware CVE-2019-10724

MEDIUM
2019-08-29 cve@mitre.org
Information Disclosure Legion Y520T Z370 Firmware Aio310 20Iap Firmware Aio510 22Ish Firmware Aio510 23Ish Firmware Aio520 22Ikl Firmware Aio520 22Iku Firmware Aio520 24Ikl Firmware Aio520 24Iku Firmware Aio520 27Ikl Firmware Aio720 24Ikb Firmware Ideacentre 520S 23Iku Firmware Thinkcentre M700Z Firmware Thinkcentre M800Z Firmware Thinkcentre M810Z Firmware Thinkcentre M818Z Firmware Thinkcentre M900Z Firmware Thinkcentre M910Z Firmware V410Z Yt S4250 Firmware 100E 2Nd Gen Firmware 300E 2Nd Gen Firmware 330 14Ikbr Firmware 330 15Ikbr Firmware 330 15Ikbr Touch Firmware 330 17Ikbr Firmware 720S Touch 15Ikb Firmware 720S 15Ikb Firmware B330 15Ikbr Firmware E43 80 Firmware E53 80 Firmware Flex 5 1470 R Firmware Flex 5 1570 R Firmware K42 80 Firmware K43C 80 Firmware Miix 520 12Ikb Firmware Miix 525 12Ikb Firmware V330 14Ikb Firmware V330 14Isk Firmware V330 15Ikb Firmware V330 15Isk Firmware V720 14 Firmware V730 15Ikb Firmware Yoga 520 14Ikbr Firmware Yoga 720 12Ikb Firmware Yoga 730 13Ikb Firmware Yoga 730 15Ikb Firmware Yoga Book C930 Firmware Yoga C930 13Ikb Firmware Yoga C930 13Ikb Glass Firmware Thinkpad 11E Firmware Thinkpad 11E Yoga Firmware Thinkpad 13 Firmware Thinkpad A275 Firmware Thinkpad A475 Firmware Thinkpad E460 Firmware Thinkpad E560 Firmware Thinkpad E465 Firmware Thinkpad E565 Firmware Thinkpad E470 Firmware Thinkpad E570 Firmware Thinkpad E475 Firmware Thinkpad E575 Firmware Thinkpad E480 Firmware Thinkpad E580 Firmware Thinkpad E485 Firmware Thinkpad E585 Firmware Thinkpad S5 Firmware Thinkpad L380 Firmware Thinkpad L380 Yoga Firmware Thinkpad L460 Firmware Thinkpad L470 Firmware Thinkpad L480 Firmware Thinkpad L580 Firmware Thinkpad L560 Firmware Thinkpad L570 Firmware Thinkpad P40 Firmware Thinkpad P50 Firmware Thinkpad P50S Firmware Thinkpad P51S Firmware Thinkpad P52S Firmware Thinkpad P70 Firmware Thinkpad S3 Yoga 14 Firmware Thinkpad S3 S440 Firmware Thinkpad E560P Firmware Thinkpad T25 Firmware Thinkpad T460 Firmware Thinkpad T460P Firmware Thinkpad T460S Firmware Thinkpad T470 Firmware Thinkpad T470P Firmware Thinkpad T470S Firmware Thinkpad T480 Firmware Thinkpad T480S Firmware Thinkpad T560 Firmware Thinkpad T570 Firmware Thinkpad T580 Firmware Thinkpad X1 Carbon Firmware Thinkpad X1 Yoga Firmware Thinkpad X1 Tablet Firmware Thinkpad X1 Yoga 3Rd Firmware Thinkpad X260 Firmware Thinkpad X270 Firmware Thinkpad X280 Firmware Thinkpad X380 Yoga Firmware Thinkpad Yoga 260 Firmware Thinkpad Yoga S1 Firmware Thinkpad Yoga 370 Firmware Thinkpad S1 3Rd Firmware Yoga 14 Firmware
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 29, 2019 - 00:15 nvd
MEDIUM 6.5

DescriptionNVD

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.

AnalysisAI

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54. Affected products include: Lenovo Legion Y520T Z370 Firmware, Lenovo Aio310-20Iap Firmware, Lenovo Aio510-22Ish Firmware, Lenovo Aio510-23Ish Firmware, Lenovo Aio520-22Ikl Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2019-10724 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy