CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-3944

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 9.3

References

https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
https://support.lenovo.com/us/en/product_security/len_6718
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
https://support.lenovo.com/us/en/product_security/len_6718

Products affected by CVE-2016-3944

Lenovo » Accelerator Application » Version: N/A

cpe:2.3:a:lenovo:accelerator_application:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-3944

Products

Pricing

Contact Us