Unsigned DLL Execution Vulnerability in Lenovo System Interface Foundation
CVE-2020-8324

5MEDIUM

Key Information:

Vendor: Lenovo
Status: Lenovoappscenariopluginsystem For Lenovo System Interface Foundation
Vendor: CVE Published:; 14 April 2020

Summary

A vulnerability exists in the Lenovo System Interface Foundation that permits the execution of unsigned Dynamic Link Library (DLL) files. Versions prior to 1.2.184.31 of the LenovoAppScenarioPluginSystem are affected, potentially allowing malicious actors to exploit this flaw for unintended code execution. It is critical for users to update their software to the latest version to mitigate any security risks associated with this vulnerability.

Affected Version(s)

LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation < 1.2.184.31

References

https://support.lenovo.com/us/en/product_security/LEN-30401

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2020
Vulnerability Reserved
Jan 28, 2020

Credit

Lenovo thanks Ceri Coburn at Pen Test Partners for reporting this issue.