9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.4%
Lenovo Security Advisory: LEN-27811
Potential Impact: Privilege escalation
Severity: High
Scope of Impact: Lenovo-specific
CVE Identifier: CVE-2019-6177
Summary Description:
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2019.
Mitigation Strategy for Customers (what you should do to protect yourself):
Users should uninstall Lenovo Solution Center, using Programs and Features from the Control Panel, and migrate to Lenovo Vantage or Lenovo Diagnostics.
If you do not have Lenovo Solution Center installed on your system, you are not affected by this vulnerability and no action is needed.
Affected Product:
References:
Lenovo Diagnostics: <https://pcsupport.lenovo.com/us/en/solutions/downloads>
Lenovo Vantage: <https://vantage.lenovo.com/>
Acknowledgement:
Lenovo would like to thank T. Shiomitsu at Pen Test Partners for reporting this issue.
Revision History:
Revision | Date | Description |
---|---|---|
4 | 2019-09-05 | Updated Mitigation Strategy |
3 | 2019-08-26 | Corrected typo in End of Life date |
2 | 2019-08-22 | Updated acknowledgement |
1 | 2019-08-20 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.4%