Lucene search

[email protected]CVE-2023-6338

HistoryJan 03, 2024 - 9:15 p.m.

CVE-2023-6338

2024-01-0321:15:08

CWE-427

[email protected]

web.nvd.nist.gov

lenovo

udc

vulnerability

cve-2023-6338

code execution

elevated privileges

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Affected configurations

NVD

Node

lenovouniversal_device_clientRange<23.10

CPENameOperatorVersion
lenovo:universal_device_clientlenovo universal device clientlt23.10

CPE	Name	Operator	Version
lenovo:universal_device_client	lenovo universal device client	lt	23.10

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Universal Device Client (UDC)",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "23.10",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-121183

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-6338

prion1 cvelist1 nvd1