| Vulnerability Name: | CVE-2018-9063 (CCN-142706) | ||||||||||||
| Assigned: | 2018-05-03 | ||||||||||||
| Published: | 2018-05-03 | ||||||||||||
| Updated: | 2018-06-13 | ||||||||||||
| Summary: | MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv. | ||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-9063 Source: BID Type: Third Party Advisory, VDB Entry 104125 Source: CCN Type: BID-104125 Lenovo System Update CVE-2018-9063 Local Buffer Overflow Vulnerability Source: XF Type: UNKNOWN lenovo-cve20189063-bo(142706) Source: CCN Type: Lenovo Security Advisory: LEN-19625 Buffer Overflow in Lenovo System Update Drive Mapping Utility Source: CONFIRM Type: Vendor Advisory https://support.lenovo.com/us/en/solutions/LEN-19625 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||