Lucene search

LenovoVULNRICHMENT:CVE-2024-4696

HistoryJun 13, 2024 - 8:01 p.m.

CVE-2024-4696

2024-06-1320:01:18

CWE-78

lenovo

github.com

privilege escalation

lenovo service bridge

vulnerability

operating system commands

specially crafted link

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.6%

JSON

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

CNA Affected

[
  {
    "vendor": "Lenovo",
    "product": "Service Bridge",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "5.0.2.17",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

support.lenovo.com/us/en/product_security/LEN-163429

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for VULNRICHMENT:CVE-2024-4696