Denial of Service Vulnerability in Lenovo Leyun Cloud Music Application
CVE-2022-1109

5.5MEDIUM

Key Information:

Vendor: Lenovo
Status: Leyun
Vendor: CVE Published:; 20 January 2023

Summary

The Lenovo Leyun Cloud Music application contains a vulnerability stemming from incorrect default permissions settings. This misconfiguration could potentially allow attackers to launch a denial of service attack, disrupting normal service for legitimate users. Proper management and rectification of permission settings are essential to mitigate this risk and ensure the secure operation of the application.

Affected Version(s)

Leyun Versions prior to 6.8.21.99

References

https://iknow.lenovo.com.cn/detail/dc_204380.html

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Mar 27, 2022

Credit

Thanks to Brother Wang for reporting this vulnerability to Lenovo.