Unsigned DLL Loading Vulnerability in Lenovo System Interface Foundation
CVE-2019-6189

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo System Interface Foundation
Vendor: CVE Published:; 19 November 2019

Summary

A vulnerability exists in the Lenovo System Interface Foundation that allows an administrative user to load unsigned dynamic link libraries (DLLs). If successfully exploited, this flaw could pose significant risk to the integrity of the system, as it opens avenues for unauthorized execution of potentially harmful code. Users are encouraged to update to version 1.1.18.3 or later to mitigate this risk.

Affected Version(s)

Lenovo System Interface Foundation <= 1.1.18.3

References

https://support.lenovo.com/solutions/LEN-29198

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2019
Vulnerability Reserved
Jan 11, 2019