Race Condition Vulnerability in Lenovo System Update
CVE-2020-8342

7.3HIGH

Key Information:

Vendor: Lenovo
Status: System Update
Vendor: CVE Published:; 15 September 2020

Summary

A race condition vulnerability has been identified in Lenovo System Update, prior to version 5.07.0106, allowing for potential escalation of privilege. This flaw can be exploited by attackers to gain unauthorized access, potentially compromising system security.

Affected Version(s)

System Update < 5.07.0106

References

https://support.lenovo.com/us/en/product_security/LEN-42150

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2020
Vulnerability Reserved
Jan 28, 2020

Credit

Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.