all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater

Add to bookmarks
Oct. 26, 2023, 4:52 p.m. | Matt Nelson

Security Boulevard securityboulevard.com

Version: Lenovo Updater Version <= 5.08.01.0009
Operating System Tested On: Windows 10 22H2 (x64)
Vulnerability: Lenovo System Updater Local Privilege Escalation via Arbitrary File Write
Advisory: https://support.lenovo.com/us/en/product_security/LEN-135367


Vulnerability Overview


The Lenovo System Update application is designed to allow non-administrators to check for and apply updates to their workstation. During the process of checking for updates, the privileged Lenovo Update application attempts to utilize C:\SSClientCommon\HelloLevel_9_58_00.xml, which doesn’t exist on the filesystem. Due to the ability for any low-privileged user to …

administrators application check directory filesystem lenovo low non privileged privileged user process research root system update updates vulnerability workstation xml

Visit resource

More from securityboulevard.com / Security Boulevard

The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with … 10 hours ago | securityboulevard.com
asia asia pacific balbix customer +15
Airsoft Data Breach Exposes Data of 75,000 Players 11 hours ago | securityboulevard.com
airsoft attack surface authentication breach +31
Get SOAR Savvy Before RSAC 2024: 5 Reads to Level Up Your SOC 12 hours ago | securityboulevard.com
and response automation check d3 security +24
Cloud Monitor Automation Thwarts Phishing & Malware Emails 13 hours ago | securityboulevard.com
automation chief cloud cybersecurity +27
MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’ 15 hours ago | securityboulevard.com
computing conference eve francisco +19
Palo Alto Networks Extends SASE Reach to Unmanaged Devices 16 hours ago | securityboulevard.com
alto devices devops devsecops +20
USENIX Security ’23 – Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations 16 hours ago | securityboulevard.com
access authors channel conference +17
The impact of automating open source dependency management 16 hours ago | securityboulevard.com
automation business consuming customer +14
Unlocking SMB Cybersecurity: The Rise of Virtual CISOs in 2024 and Beyond 16 hours ago | securityboulevard.com
align beyond business businesses +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Network Security Administrator

@ Peraton | United States
View on infosec-jobs.com

IT Security Engineer 2

@ Oracle | BENGALURU, KARNATAKA, India
View on infosec-jobs.com

Sr Cybersecurity Forensics Specialist

@ Health Care Service Corporation | Chicago (200 E. Randolph Street)
View on infosec-jobs.com

Security Engineer

@ Apple | Hyderabad, Telangana, India
View on infosec-jobs.com

Cyber GRC & Awareness Lead

@ Origin Energy | Adelaide, SA, AU, 5000
View on infosec-jobs.com

Senior Security Analyst

@ Prenuvo | Vancouver, British Columbia, Canada
View on infosec-jobs.com
View more jobs