{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5474", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2024-05-29T14:21:27.520Z", "datePublished": "2024-10-11T15:15:12.643Z", "dateUpdated": "2024-10-11T19:07:47.060Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dolby Vision Provisioning software", "vendor": "Lenovo", "versions": [{"lessThan": "2.0.0.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Alaa Kachouh for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.</span>"}], "value": "A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2024-10-11T15:15:12.643Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-158394"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Dolby Vision Provisioning package to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/downloads/ds543424-dolby-vision-provisioning-driver-for-windows-10-64-bit-version-1709-or-later-thinkpad-ideapad-ideacentre\">version 2.0.0.2 or later.</a>\n\n<br>"}], "value": "Update Dolby Vision Provisioning package to version 2.0.0.2 or later. https://support.lenovo.com/us/en/downloads/ds543424-dolby-vision-provisioning-driver-for-windows-10-64-bit-version-1709-or-later-thinkpad-ideapad-ideacentre"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "lenovo", "product": "dolby_vision_provisioning_software", "cpes": ["cpe:2.3:a:lenovo:dolby_vision_provisioning_software:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.0.0.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T19:03:44.471268Z", "id": "CVE-2024-5474", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:07:47.060Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5474", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2024-05-29T14:21:27.520Z", "datePublished": "2024-10-11T15:15:12.643Z", "dateUpdated": "2024-10-11T19:07:47.060Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Dolby Vision Provisioning software", "vendor": "Lenovo", "versions": [{"lessThan": "2.0.0.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Alaa Kachouh for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.</span>"}], "value": "A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2024-10-11T15:15:12.643Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-158394"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update Dolby Vision Provisioning package to </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/downloads/ds543424-dolby-vision-provisioning-driver-for-windows-10-64-bit-version-1709-or-later-thinkpad-ideapad-ideacentre\">version 2.0.0.2 or later.</a>\n\n<br>"}], "value": "Update Dolby Vision Provisioning package to version 2.0.0.2 or later. https://support.lenovo.com/us/en/downloads/ds543424-dolby-vision-provisioning-driver-for-windows-10-64-bit-version-1709-or-later-thinkpad-ideapad-ideacentre"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5474", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-11T19:03:44.471268Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:lenovo:dolby_vision_provisioning_software:*:*:*:*:*:*:*:*"], "vendor": "lenovo", "product": "dolby_vision_provisioning_software", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.0.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:07:34.223Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue."}, {"lang": "es", "value": "Se inform\u00f3 de una posible vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el paquete de software Dolby Vision Provisioning de Lenovo anterior a la versi\u00f3n 2.0.0.2 que podr\u00eda permitir que un atacante local lea archivos en el sistema con privilegios elevados durante la instalaci\u00f3n del paquete. Las versiones instaladas anteriormente no se ven afectadas por este problema."}], "id": "CVE-2024-5474", "lastModified": "2024-10-15T12:58:51.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2024-10-11T16:15:14.440", "references": [{"source": "psirt@lenovo.com", "url": "https://support.lenovo.com/us/en/product_security/LEN-158394"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}

{}