LenovoLENOVO:PS500091-NOSIDPrivilege Escalation Vulnerability in Lenovo CCSDK - us
0.0004 Low
EPSS
Percentile
5.1%
Lenovo Security Advisory: LEN-11340
**Potential Impact:**Privilege Escalation
Severity: High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2016-8235
Summary Description:
An unquoted service path vulnerability was identified in the Lenovo Customer Care Software Development Kit (CCSDK) that could allow a user with local privileges on a system to execute code with administrative privileges.
The Customer Care Software Development Kit (CCSDK) on Lenovo Desktop and Lenovo Notebook systems provides anonymous, non-personally identifiable diagnostic device data to Lenovo to help Lenovo improve both existing and future products.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update CCSDK to version 2.0.16.3 or later by opening Lenovo System Update, clicking on βGet new updatesβ and following the prompts to update to the latest version of CCSDK. Users can also manually update by following the instructions at the link here.
Steps to verify that you are running the latest version of CCSDK:
- For Windows 8, 8.1 and Windows 10, right-click the screenβs bottom-left corner Windows icon. Type Control Panel, and then, under Programs orPrograms and Features, click βUninstall a Program.β
In Windows 7, open Programs and Features by clicking the Start button, clickingControl Panel, clickingPrograms, and then clickingPrograms and Features.
- When you find the program βCCSDKβ, click it, and then view the version number
Related
