CVE-2020-8324

CWE-347 CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Lenovoappscenariopluginsystem FOR Lenovo System Interface Foundation Lenovo System Interface Foundation

Timeline

PublishedApr 14

Latest updateMay 24

Description

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5lenovo/lenovoappscenariopluginsystem_for_lenovo_system_interface_foundationunspecified — 1.2.184.31

▶NVDlenovo/system_interface_foundation< 1.2.184.31

🔴Vulnerability Details

GHSA

GHSA-jr27-w24g-5rq6: A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1↗2022-05-24

▶

CVEList

CVE-2020-8324: A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1↗2020-04-14

▶