Privilege Escalation Vulnerability in Lenovo Service Bridge Could Allow OS Command Execution
CVE-2024-4696

7.5HIGH

Key Information:

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 13 June 2024

What is CVE-2024-4696?

A privilege escalation vulnerability has been identified in Lenovo Service Bridge, specifically in versions before 5.0.2.17. This vulnerability allows an attacker to potentially execute operating system commands by visiting a specially crafted link. Attackers exploiting this flaw could manipulate system operations with higher privileges than intended, leading to unauthorized access and control. Organizations utilizing affected versions of Lenovo Service Bridge should prioritize upgrading to the latest version to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Service Bridge 0 < 5.0.2.17

References

https://support.lenovo.com/us/en/product_security/LEN-163429

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
May 9, 2024

Credit

Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue.

JSON

Lenovo

What is CVE-2024-4696?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.