Lucene search

LenovoCVELIST:CVE-2023-3112

HistoryOct 24, 2023 - 8:31 p.m.

CVE-2023-3112

2023-10-2420:31:09

CWE-276

lenovo

www.cve.org

vulnerability

elliptic labs

virtual lock sensor

thinkpad t14 gen 3

local access

code execution

elevated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Elliptic Labs Virtual Lock Sensor",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 3.1.50719.1"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AI Virtual Presence Sensor",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 3.1.50719.1"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-128081

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2023-3112