DLL Search Path Vulnerability in Lenovo PCManager
CVE-2021-3464

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Pcmanager
Vendor: CVE Published:; 27 April 2021

Summary

A vulnerability in Lenovo's PCManager prior to version 3.0.400.3252 enables attackers to exploit a DLL search path issue, potentially allowing for unauthorized privilege escalation on affected systems. This weakness poses significant risks if exploited, as it can lead to unauthorized actions with higher system privileges. Users are advised to update to the latest version to mitigate this vulnerability.

Affected Version(s)

PCManager < 3.0.400.3252

References

https://iknow.lenovo.com.cn/detail/dc_196156.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2021
Vulnerability Reserved
Mar 23, 2021

Credit

Lenovo thanks Aobo Wang of Chaitin Security Research Lab for reporting this issue.