CVE-2023-4632

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-135367	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*

History

16 Nov 2023, 17:33

Type	Values Removed	Values Added
First Time		Lenovo Lenovo system Update
CPE		cpe:2.3:a:lenovo:system_update::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
References	~~() https://support.lenovo.com/us/en/product_security/LEN-135367 -~~	() https://support.lenovo.com/us/en/product_security/LEN-135367 - Patch, Vendor Advisory

09 Nov 2023, 13:46

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-08 22:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-4632

Mitre link : CVE-2023-4632

CVE.ORG link : CVE-2023-4632

JSON object : View

Products Affected

lenovo

system_update

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10