Description
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-30401
Scores
CVSS v3
7.3
EPSS
0.0012
EPSS Percentile
30.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
lenovo/system_interface_foundation
< 2.0.0.92
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026