CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25496
https://notcve.org/view.php?id=CVE-2023-25496
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. • https://iknow.lenovo.com.cn/detail/dc_415202.html • CWE-284: Improper Access Control •
CVSS: 5.9EPSS: 0%CPEs: 225EXPL: 0CVE-2023-29056
https://notcve.org/view.php?id=CVE-2023-29056
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 225EXPL: 0CVE-2023-29057
https://notcve.org/view.php?id=CVE-2023-29057
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 225EXPL: 0CVE-2023-29058
https://notcve.org/view.php?id=CVE-2023-29058
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. • https://support.lenovo.com/us/en/product_security/LEN-118321 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2022-3699 – Lenovo Diagnostics Driver Memory Access
https://notcve.org/view.php?id=CVE-2022-3699
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. Se informó una vulnerabilidad de escalada de privilegios en Lenovo HardwareScanPlugin antes de la versión 1.3.1.2 y Lenovo Diagnostics antes de la versión 4.45 que podría permitir a un usuario local ejecutar código con privilegios elevados. • https://github.com/alfarom256/CVE-2022-3699 https://github.com/Eap2468/CVE-2022-3699 https://support.lenovo.com/us/en/product_security/LEN-102365 https://support.lenovo.com/us/en/product_security/LEN-94532 - • CWE-787: Out-of-bounds Write •