Uncontrolled Search Path Vulnerability in Lenovo Universal Device Client
CVE-2023-3078

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Universal Device Client (udc)
Vendor: CVE Published:; 17 August 2023

Summary

A vulnerability has been identified in the Lenovo Universal Device Client (UDC), which may be exploited by attackers with local access. This uncontrolled search path vulnerability allows malicious users to potentially execute arbitrary code with elevated privileges, posing a significant risk to system integrity and security.

Affected Version(s)

Universal Device Client (UDC) 0 < 23.10

References

https://support.lenovo.com/us/en/product_security/LEN-121183

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 17, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

Lenovo thanks Jérôme TCHAN from the Offensive Security Center of Deloitte France for reporting this issue.