Lucene search

LenovoCVELIST:CVE-2023-6044

HistoryJan 19, 2024 - 8:09 p.m.

CVE-2023-6044

2024-01-1920:09:05

CWE-290

lenovo

www.cve.org

lenovo vantage

privilege escalation

vulnerability

local attacker

physical access

impersonate

execute arbitrary code

elevated privileges

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

23.1%

JSON

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vantage",
    "vendor": "Lenovo",
    "versions": [
      {
        "lessThan": "4.0.49.0",
        "status": "affected",
        "version": " ",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-144736

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

23.1%

JSON

Related for CVELIST:CVE-2023-6044