Denial of Service Vulnerability in Lenovo PCManager
CVE-2021-3722

5MEDIUM

Key Information:

Vendor: Lenovo
Status: Pcmanager
Vendor: CVE Published:; 22 April 2022

Summary

A vulnerability has been identified in Lenovo PCManager that could potentially allow attackers to exploit the software during installation. Specifically, it enables configuration files to be written to unconventional locations, leading to possible disruptions in service. It is advisable for users to update to version 4.0.40.2175 or later to mitigate this risk.

Affected Version(s)

PCManager < 4.0.40.2175

References

https://iknow.lenovo.com.cn/detail/dc_199218.html

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2022
Vulnerability Reserved
Aug 18, 2021

Credit

Lenovo thanks She ZhenHua for reporting this issue.