Privilege Escalation Vulnerability in Lenovo System Interface Foundation
CVE-2021-3969

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Imcontroller
Vendor: CVE Published:; 18 May 2022

Summary

A Time of Check Time of Use (TOCTOU) vulnerability in Lenovo's System Interface Foundation allows a local attacker to potentially elevate their privileges. This could lead to unauthorized access and manipulation of sensitive information or system functions, affecting the overall security posture of the device.

Affected Version(s)

IMController < 1.1.20.3

References

https://support.lenovo.com/us/en/product_security/LEN-75210

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Nov 17, 2021

Credit

Lenovo thanks Rick Veldhoven from Fox-IT, part of NCC Group for reporting this issue.