Lenovo Solution Center Vulnerability - Lenovo Support US

Lenovo Security Advisory: LEN-27811

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-6177

Summary Description:

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2019.

Mitigation Strategy for Customers (what you should do to protect yourself):

Users should uninstall Lenovo Solution Center, using Programs and Features from the Control Panel, and migrate to Lenovo Vantage or Lenovo Diagnostics.

If you do not have Lenovo Solution Center installed on your system, you are not affected by this vulnerability and no action is needed.

Affected Product:

• Lenovo Solution Center

References:

Lenovo Diagnostics: <https://pcsupport.lenovo.com/us/en/solutions/downloads&gt;

Lenovo Vantage: <https://vantage.lenovo.com/&gt;

Acknowledgement:

Lenovo would like to thank T. Shiomitsu at Pen Test Partners for reporting this issue.

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.