Privilege Escalation Vulnerability in Lenovo Service Bridge Could Allow OS Command Execution

CVE-2024-4696

7.5HIGH

Key Information

Vendor: Lenovo
Status: Service Bridge
Vendor: CVE Published:; 13 June 2024

Summary

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

Affected Version(s)

Service Bridge < 5.0.2.17

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 13, 2024
Vulnerability Reserved.
May 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

Lenovo thanks Darrel Huang of the Trend Micro Zero Day Initiative for reporting this issue.