CVE-2023-6338

HIGH

Lenovo UDC - Privilege Escalation

Title source: llm

Description

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

References (1)

[Vendor Advisory] https://support.lenovo.com/us/en/product_security/LEN-121183

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 15.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

lenovo/universal_device_client < 23.10

Timeline

Published Jan 03, 2024

Tracked Since Feb 18, 2026