Main Vulnerability Database SB2020011615

SB2020011615 - Multiple vulnerabilities in Lenovo Inno Setup

Published: January 16, 2020

Security Bulletin ID SB2020011615

Severity

High

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Untrusted search path (CVE-ID: CVE-2019-6173)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to untrusted search path. A remote administrator can escalate privileges in some Lenovo installation packages during installation.

2) Link following (CVE-ID: CVE-2019-6196)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue in some Lenovo installation packages. A remote user can perform file operations during file extraction and installation.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.lenovo.com/lu/uk/product_security/LEN-27431