CVE-2023-3078

HIGH

Lenovo UDC - Privilege Escalation

Title source: llm

Description

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-121183

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

lenovo/universal_device_client < 23.4

Timeline

Published Aug 17, 2023

Tracked Since Feb 18, 2026