CVE-2023-6338

7.8HIGH

Key Information

Vendor: Lenovo
Status: Universal Device Client (UDC)
Vendor: CVE Published:; 3 January 2024

Summary

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Affected Version(s)

Universal Device Client (UDC) < 23.10

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jan 3, 2024
Vulnerability Reserved.
Nov 27, 2023

Collectors

NVD DatabaseMitre Database

Credit

Lenovo thanks Moritz Rauch for reporting this issue