Improper Validation Vulnerability in Lenovo's LADM and LDCC Firmware Update Mechanism
CVE-2024-4762

7.8HIGH

Key Information:

Vendor: Lenovo
Vendor: CVE Published:; 16 December 2024

Summary

The vulnerability in Lenovo's LADM and LDCC firmware update mechanism arises from improper validation processes. This flaw could potentially enable a local attacker to exploit the system and escalate their privileges. Such vulnerabilities may lead to unauthorized access, compromising system integrity and exposing sensitive information. It is crucial for users to be aware of this issue and take appropriate security measures to safeguard their systems.

References

https://support.lenovo.co/us/en/product_security/LEN-174319

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2024