Privilege Escalation Vulnerability in Lenovo Service Bridge Could Allow OS Command Execution
CVE-2024-4696

7.5HIGH

Key Information:

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 13 June 2024

Summary

A privilege escalation vulnerability has been identified in Lenovo Service Bridge, specifically in versions before 5.0.2.17. This vulnerability allows an attacker to potentially execute operating system commands by visiting a specially crafted link. Attackers exploiting this flaw could manipulate system operations with higher privileges than intended, leading to unauthorized access and control. Organizations utilizing affected versions of Lenovo Service Bridge should prioritize upgrading to the latest version to mitigate associated risks.

Affected Version(s)

Service Bridge 0 < 5.0.2.17

References

https://support.lenovo.com/us/en/product_security/LEN-163429

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
May 9, 2024

Credit

Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue.