Page 27 of 421 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/dc_415202.html • CWE-284: Improper Access Control •

CVSS: 5.9EPSS: 0%CPEs: 225EXPL: 0

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 225EXPL: 0

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 225EXPL: 0

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2

A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. Se informó una vulnerabilidad de escalada de privilegios en Lenovo HardwareScanPlugin antes de la versión 1.3.1.2 y Lenovo Diagnostics antes de la versión 4.45 que podría permitir a un usuario local ejecutar código con privilegios elevados. • https://github.com/alfarom256/CVE-2022-3699 https://github.com/Eap2468/CVE-2022-3699 https://support.lenovo.com/us/en/product_security/LEN-102365 https://support.lenovo.com/us/en/product_security/LEN-94532 - • CWE-787: Out-of-bounds Write •