CVE-2016-2393 : Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 u

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

Published 2016-04-11 14:59:11

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2016-2393

Lenovo » Fingerprint Manager
Versions up to, including, (<=) 8.01.56
cpe:2.3:a:lenovo:fingerprint_manager:*:*:*:*:*:*:*:*
Matching versions
Lenovo » Touch Fingerprint
Versions up to, including, (<=) 1.00.07
cpe:2.3:a:lenovo:touch_fingerprint:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-2393

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-2393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-2393

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2393

https://support.lenovo.com/us/en/product_security/len_4282

Lenovo Fingerprint Manager and Lenovo Touch Fingerprint Software Privilege Escalation - US
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2016-2393

Products affected by CVE-2016-2393

Exploit prediction scoring system (EPSS) score for CVE-2016-2393

CVSS scores for CVE-2016-2393

CWE ids for CVE-2016-2393

References for CVE-2016-2393