Uncontrolled Search Path Vulnerability in Lenovo System Update
CVE-2023-4632

7.8HIGH

Key Information:

Vendor: Lenovo
Status: Lenovo System Update
Vendor: CVE Published:; 8 November 2023

Summary

A vulnerability exists in Lenovo System Update that allows an attacker with local access to exploit an uncontrolled search path issue. This flaw could enable the execution of arbitrary code with elevated privileges, potentially compromising system integrity and user privacy. Users are advised to update their systems to the latest version to mitigate any risks associated with this vulnerability.

Affected Version(s)

Lenovo System Update Versions prior to 5.08.02.25

References

https://support.lenovo.com/us/en/product_security/LEN-135367

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 8, 2023
Vulnerability Reserved
Aug 30, 2023

Credit

Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue.