{"containers": {"cna": {"affected": [{"product": "Legion Phone Pro (L79031)", "vendor": "Lenovo", "versions": [{"lessThan": "12.5.231", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Legion Phone2 Pro (L70081)", "vendor": "Lenovo", "versions": [{"lessThan": "12.5.632", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Xiaofeng Liu (Shandong University) and Qinsheng Hou (Shandong University & Qi An Xin Group Corp.) for reporting this issue."}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-12T22:05:38.000Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html"}], "solutions": [{"lang": "en", "value": "For Legion Phone Pro (L79031), perform an Over-The-Air (OTA) system update to version 12.5.231 (or later).\nFor Legion Phone2 Pro (L70081), perform an Over-The-Air (OTA) system update to version 12.5.632 (or later).\nTo check for available updates wirelessly/over-the-air: # Go to Settings > My Phone > System Update \nIf an update is available, follow the instructions on your phone to download and install it.\nOnce updated, your phone will restart to complete the installation."}], "source": {"advisory": "LEN-65134", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2021-3720", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Legion Phone Pro (L79031)", "version": {"version_data": [{"version_affected": "<", "version_value": "12.5.231"}]}}, {"product_name": "Legion Phone2 Pro (L70081)", "version": {"version_data": [{"version_affected": "<", "version_value": "12.5.632"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Xiaofeng Liu (Shandong University) and Qinsheng Hou (Shandong University & Qi An Xin Group Corp.) for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-276 Incorrect Default Permissions"}]}]}, "references": {"reference_data": [{"name": "https://iknow.lenovo.com.cn/detail/dc_199217.html", "refsource": "MISC", "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html"}]}, "solution": [{"lang": "en", "value": "For Legion Phone Pro (L79031), perform an Over-The-Air (OTA) system update to version 12.5.231 (or later).\nFor Legion Phone2 Pro (L70081), perform an Over-The-Air (OTA) system update to version 12.5.632 (or later).\nTo check for available updates wirelessly/over-the-air: # Go to Settings > My Phone > System Update \nIf an update is available, follow the instructions on your phone to download and install it.\nOnce updated, your phone will restart to complete the installation."}], "source": {"advisory": "LEN-65134", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:08.293Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2021-3720", "datePublished": "2021-11-12T22:05:38.000Z", "dateReserved": "2021-08-18T00:00:00.000Z", "dateUpdated": "2024-08-03T17:01:08.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:legion_phone_pro_\\(l79031\\)firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36A91A6C-44DE-406F-92BB-FFFC787F09EB", "versionEndExcluding": "12.5.231", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:legion_phone_pro_\\(l79031\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "9A2B1693-72A3-45B0-9496-D57B373CE66E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:legion_phone2_pro_\\(l70081\\)_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "72FBE839-AA26-4DC8-8B79-9A1A9B00AF2B", "versionEndExcluding": "12.5.632", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:legion_phone2_pro_\\(l70081\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "3C03E10A-B58D-479C-88E4-B6265DAC4FCC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data."}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el widget del sistema Time Weather en Legion Phone Pro (L79031) y Legion Phone2 Pro (L70081) que podr\u00eda permitir a otras aplicaciones acceder a los datos del GPS del dispositivo"}], "id": "CVE-2021-3720", "lastModified": "2024-11-21T06:22:14.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-12T22:15:08.007", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://iknow.lenovo.com.cn/detail/dc_199217.html"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}