CVE-2016-8223
HIGHLenovo System Interface Foundation - Privilege Escalation
Title source: llmDescription
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://support.lenovo.com/us/en/solutions/LEN_10150
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94597
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
10.2%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (2)
lenovo/system_interface_foundation
< 1.0.66.0
Lenovo Group Ltd./All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.
1.0.66.0 and earlier
Published
Nov 29, 2016
Tracked Since
Feb 18, 2026