Description

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Related CPE's

o

lenovo

thinkpad_hybrid_usb-c_with_usb-a_dock_firmware

*

*

*

*

*

windows

Vulnerable

h

lenovo

thinkpad_hybrid_usb-c_with_usb-a_dock

-

References

https://support.lenovo.com/us/en/product_security/LEN-103544

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-276

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-06-05T21:15:10.413

1 year ago

Last modified

2023-06-13T16:56:50.710

1 year ago