CVE-2016-8231

{"id": "CVE-2016-8231", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-06-04T21:29:00.327", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-10149", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}, {"url": "https://support.lenovo.com/us/en/product_security/LEN-10149", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate."}, {"lang": "es", "value": "En Lenovo Service Bridge anterior a versi\u00f3n 4, podr\u00eda ser explotado por un atacante un bug detectado en la l\u00f3gica de comprobaci\u00f3n de firmas del certificado de firma de c\u00f3digo para insertar un certificado de firma de c\u00f3digo falsificado."}], "lastModified": "2024-11-21T02:59:01.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lenovo:lenovo_service_bridge:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D2C990A-7C32-4BE0-89ED-298FF700EC41"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@lenovo.com"}