all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023–4632: Local Privilege Escalation in Lenovo System Updater

Add to bookmarks
Oct. 26, 2023, 5 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Version: Lenovo Updater Version <= 5.08.01.0009
Operating System Tested On: Windows 10 22H2 (x64)
Vulnerability: Lenovo System Updater Local Privilege Escalation via Arbitrary File Write
Advisory: https://support.lenovo.com/us/en/product_security/LEN-135367

Vulnerability Overview

The Lenovo System Update application is designed to allow non-administrators to check for and apply updates to their workstation. During the process of checking for updates, the privileged Lenovo Update application attempts to utilize C:\SSClientCommon\HelloLevel_9_58_00.xml, which doesn’t exist on the filesystem. Due to the ability for any low-privileged user to …

article cve escalation lenovo link local local privilege escalation matt posts privilege privilege escalation specterops system team topic

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Malware Simulators cannot test Antivirus Software 7 hours ago | malware.news
malware analysis topic
Ready2Run - Is dnSpy dead? 7 hours ago | malware.news
malware analysis topic
Security above all else—expanding Microsoft’s Secure Future Initiative 10 hours ago | malware.news
cyberattacks cybersecurity future high +11
FBI warns of email spoofing by North Korean threat actor Kimsuky 13 hours ago | malware.news
actor article dmarc domains +16
You get a passkey, you get a passkey, everyone should get a passkey 17 hours ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 17 hours ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 18 hours ago | malware.news
article cisco credit credit monitoring +8
Code faster with generative AI, but beware the risks when you do 18 hours ago | malware.news
article can code coding +13
Proposed Bill Focuses on Voluntary AI Security Incident Reporting 18 hours ago | malware.news
ai security bill companies cybersecurity +21

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

QA Customer Response Engineer

@ ORBCOMM | Sterling, VA Office, Sterling, VA, US
View on infosec-jobs.com

Enterprise Security Architect

@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site
View on infosec-jobs.com

DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)

@ Sierra Nevada Corporation | Dayton, OH - OH OD1
View on infosec-jobs.com

Senior Development Security Analyst (REMOTE)

@ Oracle | United States
View on infosec-jobs.com

Software Engineer - Network Security

@ Cloudflare, Inc. | Remote
View on infosec-jobs.com

Software Engineer, Cryptography Services

@ Robinhood | Toronto, ON
View on infosec-jobs.com
View more jobs