Local Privilege Escalation in ThinkPad Hybrid USB-C Dock Firmware Tool from Lenovo
CVE-2022-4569
7.8HIGH
Key Information:
- Vendor
Lenovo
- Vendor
- CVE Published:
- 5 June 2023
What is CVE-2022-4569?
A vulnerability exists in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool that allows a user with local access to execute malicious code with elevated privileges during the installation or upgrade of the firmware. If compromised, this vulnerability could enable an attacker to gain increased control over the system, potentially leading to unauthorized access and further exploitation of the device.
Affected Version(s)
ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool versions prior to v1.0.35_v2