System Interface Foundation
CVE-2020-8346
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
AnalysisAI
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations. Affected products include: Lenovo System Interface Foundation. Version information: version 1.1.19.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
More in System Interface Foundation
View allA potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interf
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that c
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today