CVE-2023-4632

7.8HIGH

Key Information

Vendor: Lenovo
Status: Lenovo System Update
Vendor: CVE Published:; 8 November 2023

Summary

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

Affected Version(s)

Lenovo System Update = Versions prior to 5.08.02.25

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 8, 2023
Vulnerability Reserved.
Aug 30, 2023

Collectors

NVD DatabaseMitre Database

Credit

Lenovo thanks Matt Nelson, Hunter Orrantia and Max Harley of SpecterOps for reporting this issue.