Lenovo Vantage HardwareScan Plugin Vulnerability - Lenovo Support NL

**Lenovo Security Advisory:**LEN-44421

**Potential Impact:**Privilege escalation

**Severity:**High

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2020-8345

Summary Description:

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature that could allow escalation of privilege.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update the Lenovo HardwareScan Plugin to version 1.0.46.11.

The Lenovo HardwareScan Plugin is automatically updated by the Lenovo System Interface Foundation Service. To immediately start the update process, reboot the computer or restart the “System Interface Foundation Service” service.

To verify the Lenovo HardwareScan Plugin version:

1. Open File Explorer and navigate to C:\ProgramData\Lenovo\ImController\Plugins\LenovoHardwareScanPlugin\x64
2. Right click on LenovoHardwareScanPlugin.dll and select Properties.
3. Click on the Details tab.
4. Read the File version.

Acknowledgement:

Lenovo thanks Security Advisor, Anders Kusk, Improsec ApS for reporting this issue.

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.