Support

Lenovo Vantage Vulnerability

Lenovo Vantage Vulnerability

RSS

Lenovo Vantage Vulnerability

Lenovo Security Advisory: LEN-38717

Potential Impact: Denial of Service

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2020-8346

 

Summary Description:

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation that could allow configuration files to be written to non-standard locations.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps:

Update Lenovo Vantage to the latest version from the Microsoft Store.

Re-launch Lenovo Vantage to complete the update.

 

To verify the Lenovo System Interface Foundation version:

1. Open Device Manager.

2. Expand System devices.

3. Right click System Interface Foundation V2 Device and select Properties.

4. Click the Driver tab.

5. Read the Driver Version.

 

Acknowledgement:

Lenovo thanks Samet Bekmezci for reporting this issue.

 

Revision History:

Revision Date Description
2 2020-09-10 Updated Mitigation section
1 2020-09-08 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Alias Id:LEN-38717
Document ID:PS500345
Original Publish Date:09/06/2020
Last Modified Date:09/10/2020
X

Lenovo uses cookies to improve your experience.

Visit our Cookie Consent Tool to manage your preferences, or our Privacy Policy for more information.

Back to Previous Page
X
lenovo

Information We Collect About You

We want to be transparent about the data we and our partners collect and how we use it, so you can best exercise control over your personal data. For more information, please see our Privacy Policy.

Our cookie consent tool offers you greater visibility and control over how your preferences are stored on the site. However, some third party cookies have been temporarily classified as essential, meaning some cookies will drop that are not actually necessary for the functioning of the site. We are working to fix the issue, but you can still block essential cookies through your browser tools.

Information Our Partners Collect

We use the following partners to better improve your overall web browsing experience. They use cookies and other mechanisms to connect you with your social networks and tailor advertising to better match your interests. You can elect to opt-out of this information collection by unticking the boxes below.

Categories
1 of 1 allowed
Essential Required

We rely on cookies, javascript, and other web technologies to serve key—or essential—elements on the site. This may include things like your language preferences or server-based cookies intended to keep our site running and operational. If disabled, your site experience will likely be impacted.

Analytics

We use analytics to improve our website by better understanding how often users visit the site, what pages they visit most, and how long they spend on our site. We'll rely on cookies and third-party partners to track these actions and behaviors. Click on one of the partner names to learn more.

Vendors
Name Required

Website:

In Their Own Words

What data does this company collect?

Data Collected

Anonymous:

Pseudonymous:

PII:

Sensitive:

Data Sharing

Data Retention

Data Use

Data Storage

Adobe