Privilege Escalation Vulnerability in Lenovo Solution Center by Lenovo
CVE-2019-6177

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Solution Center
Vendor: CVE Published:; 20 August 2019

Summary

A vulnerability in Lenovo Solution Center enables log files to be written to non-standard locations, which could potentially allow an attacker to escalate privileges within the system. This poses a significant security risk, especially since Lenovo has discontinued support for this software version, urging users to transition to Lenovo Vantage or Lenovo Diagnostics.

Affected Version(s)

Solution Center <= 03.12.003

References

https://support.lenovo.com/solutions/LEN-27811

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 11, 2019

Credit

Lenovo would like to thank Takeshi Shiomitsu at Pen Test Partners for reporting this issue.