Lenovo Vantage Vulnerability - Lenovo Support NL

**Lenovo Security Advisory:**LEN-38717

**Potential Impact:**Denial of Service

**Severity:**Medium

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2020-8346

Summary Description:

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation that could allow configuration files to be written to non-standard locations.

Mitigation Strategy for Customers (what you should do to protect yourself):

To update Lenovo System Interface Foundation to version 1.1.19.5 or later, follow these steps:

Update Lenovo Vantage to the latest version from the Microsoft Store.

Re-launch Lenovo Vantage to complete the update.

To verify the Lenovo System Interface Foundation version:

1. Open Device Manager.

2. Expand System devices.

3. Right click System Interface Foundation V2 Device and select Properties.

4. Click the Driver tab.

5. Read the Driver Version.

Acknowledgement:

Lenovo thanks Samet Bekmezci for reporting this issue.

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.