Vulnerability identifier: #VU62366
Vulnerability risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
IdeaPad 3 15ADA05
Hardware solutions /
Firmware
IdeaPad 3-14ADA05
Hardware solutions /
Firmware
IdeaPad 3-14ADA6
Hardware solutions /
Firmware
IdeaPad 3-14ALC6
Hardware solutions /
Firmware
IdeaPad 3-14ARE05
Hardware solutions /
Firmware
IdeaPad 3-15ADA6
Hardware solutions /
Firmware
IdeaPad 3-15ALC6
Hardware solutions /
Firmware
IdeaPad 3-15ARE05
Hardware solutions /
Firmware
IdeaPad 3-15IGL05
Hardware solutions /
Firmware
IdeaPad 3-17ADA05
Hardware solutions /
Firmware
IdeaPad 3-17ADA6
Hardware solutions /
Firmware
IdeaPad 3-17ALC6
Hardware solutions /
Firmware
IdeaPad 3-17ARE05
Hardware solutions /
Firmware
IdeaPad 3-17IIL05
Hardware solutions /
Firmware
ideapad L3-15ITL6
Hardware solutions /
Firmware
ideapad L340-15IRH Gaming
Hardware solutions /
Firmware
ideapad L340-15IWL
Hardware solutions /
Firmware
ideapad L340-15IWL Touch
Hardware solutions /
Firmware
ideapad L340-17IRH Gaming
Hardware solutions /
Firmware
ideapad L340-17IWL
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ACH6
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ACH6H
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6
Hardware solutions /
Firmware
Lenovo Legion 5 Pro-16ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-15ACH6
Hardware solutions /
Firmware
Lenovo Legion 5-15ACH6A
Hardware solutions /
Firmware
Lenovo Legion 5-15ACH6H
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-15ITH6H
Hardware solutions /
Firmware
Lenovo Legion 5-17ACH6
Hardware solutions /
Firmware
Lenovo Legion 5-17ACH6H
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6
Hardware solutions /
Firmware
Lenovo Legion 5-17ITH6H
Hardware solutions /
Firmware
Lenovo Legion 7-16ACHg6
Hardware solutions /
Firmware
Lenovo Legion 7-16ITHg6
Hardware solutions /
Firmware
Lenovo Legion S7-15ACH6
Hardware solutions /
Firmware
Lenovo Legion Y540-15IRH
Hardware solutions /
Firmware
Lenovo Legion Y540-15IRH-PG0
Hardware solutions /
Firmware
Lenovo Legion Y540-17IRH
Hardware solutions /
Firmware
Lenovo Legion Y540-17IRH-PG0
Hardware solutions /
Firmware
Lenovo Legion Y545
Hardware solutions /
Firmware
Lenovo Legion Y545-PG0
Hardware solutions /
Firmware
Lenovo Legion Y7000-2019
Hardware solutions /
Firmware
Lenovo Legion Y7000-2019-PG0
Hardware solutions /
Firmware
ideapad S145-14API
Hardware solutions /
Firmware
ideapad S145-14AST
Hardware solutions /
Firmware
ideapad S145-14IGM
Hardware solutions /
Firmware
ideapad S145-14IIL
Hardware solutions /
Firmware
ideapad S145-15API
Hardware solutions /
Firmware
ideapad S145-15AST
Hardware solutions /
Firmware
ideapad S145-15IGM
Hardware solutions /
Firmware
ideapad S145-15IIL
Hardware solutions /
Firmware
ideapad S540-13API
Hardware solutions /
Firmware
Lenovo V14 G2-ALC
Hardware solutions /
Firmware
Lenovo V14-ADA
Hardware solutions /
Firmware
Lenovo V14-ARE
Hardware solutions /
Firmware
Lenovo V14-IGL
Hardware solutions /
Firmware
Lenovo V14-IIL
Hardware solutions /
Firmware
V140-15IWL
Hardware solutions /
Firmware
Lenovo V15 G2-ALC
Hardware solutions /
Firmware
Lenovo V15-ADA
Hardware solutions /
Firmware
Lenovo V15-IGL
Hardware solutions /
Firmware
Lenovo V15-IIL
Hardware solutions /
Firmware
Lenovo V17-IIL
Hardware solutions /
Firmware
Lenovo V340-17IWL
Hardware solutions /
Firmware
Yoga Slim 7 Pro-14ACH5 D
Hardware solutions /
Firmware
Yoga Slim 7 Pro-14ACH5 OD
Hardware solutions /
Firmware
ideapad Yoga Slim 7 Pro-14ARH5
Hardware solutions /
Firmware
ideapad 3-14IGL05
Hardware solutions /
Firmware
ideapad 3-14IIL05
Hardware solutions /
Firmware
ideapad 3-15IIL05
Hardware solutions /
Firmware
ideapad 5-15ARE05
Hardware solutions /
Firmware
ideapad Creator 5-15IMH05
Hardware solutions /
Firmware
ideapad Gaming 3-15ARH05
Hardware solutions /
Firmware
ideapad Gaming 3-15IMH05
Hardware solutions /
Firmware
Vendor:
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error in driver used during manufacturing process and was mistakenly not deactivated. A local privileged user can modify secure boot setting by modifying an NVRAM variable and bypass implemented security restrictions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://support.lenovo.com/lu/uk/product_security/LEN-73440
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.