Lenovo PC Manager Vulnerability Allows Local Attacker to Escalate Privileges
CVE-2019-6198

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Pc Manager
Vendor: CVE Published:; 31 July 2024

Summary

A security vulnerability exists in Lenovo PC Manager that allows a local attacker to potentially escalate privileges. This issue affects versions earlier than 2.8.90.11211. The flaw enables unauthorized users to gain elevated access to system resources, which can lead to further exploitation of the operating system and applications. Users are advised to update to the latest version of the software to mitigate any risk associated with this vulnerability.

Affected Version(s)

PC Manager 0 < 2.8.90.11211

References

https://iknow.lenovo.com.cn/detail/186945.html

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jan 11, 2019

Credit

Lenovo thanks Huang Can and Han Xinhui of Wang Xuan Institute of Computer Science, Peking University for reporting this issue.