Vulnerabilities > CVE-2022-0354 - Unspecified vulnerability in Lenovo System Update

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

lenovo

NVD

Published: 2022-04-22

Updated: 2023-08-08

Summary

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Vulnerable Configurations

Part	Description	Count
Application	Lenovo Lenovo System Update - Lenovo System Update 5.06.0027 Lenovo System Update 5.06.0034 Lenovo System Update 5.06.0043 Lenovo System Update 5.07.0008 Lenovo System Update 5.07.0013 Lenovo System Update 5.07.0019 Lenovo System Update 5.07.0072 Lenovo System Update 5.07.0084 Lenovo System Update 5.07.0088 Lenovo System Update 5.07.0106	11

Summary

Vulnerable Configurations

References