**Lenovo Security Advisory:**LEN-44421
**Potential Impact:**Privilege escalation
**Severity:**High
**Scope of Impact:**Lenovo-specific
**CVE Identifier:**CVE-2020-8345
Summary Description:
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature that could allow escalation of privilege.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update the Lenovo HardwareScan Plugin to version 1.0.46.11.
The Lenovo HardwareScan Plugin is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the βSystem Interface Foundation Serviceβ service.
To verify the Lenovo HardwareScan Plugin version:
Acknowledgement:
Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2020-10-13 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an βas isβ basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.