DLL Search Path Vulnerability in Lenovo Drivers Management
CVE-2020-8317

7.3HIGH

Key Information:

Vendor: Lenovo
Status: Drivers Management
Vendor: CVE Published:; 24 July 2020

Summary

A DLL search path vulnerability exists in Lenovo Drivers Management that could permit an authenticated user to execute arbitrary code with elevated privileges. This issue may allow attackers to leverage a flawed search path for dynamic link libraries, leading to unauthorized access and control over the affected system. Users are advised to update to version 2.7.1128.1046 or later to mitigate this security risk.

Affected Version(s)

Drivers Management < 2.7.1128.1046

References

https://iknow.lenovo.com.cn/detail/dc_190088.html

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2020
Vulnerability Reserved
Jan 28, 2020

Credit

Lenovo thanks Can Huang and Xinhui Han at Wangxuan Institute of Computer Technology, Peking University for reporting this issue.