Privilege Escalation Vulnerability in Lenovo PCManager
CVE-2021-3550

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Pcmanager
Vendor: CVE Published:; 16 July 2021

Summary

A DLL search path vulnerability was identified in Lenovo PCManager, allowing attackers to exploit the application for privilege escalation. This vulnerability affects versions prior to 3.0.500.5102 and can potentially be leveraged to run unauthorized code with elevated privileges, posing a significant risk to system security. Users are advised to update to the latest version to mitigate this vulnerability.

Affected Version(s)

PCManager < 3.0.500.5102

References

https://iknow.lenovo.com.cn/detail/dc_197169.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2021
Vulnerability Reserved
May 13, 2021

Credit

Lenovo thanks Hou JingYi (@hjy79425575) of Qihoo 360 CERT for reporting this issue.