CVE-2023-6338

Published: Jan 3, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: psirt@lenovo.com (Secondary)

Description

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Affected (1)

Products: Lenovo: Universal Device Client

Lenovo

1 product

Universal Device Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Universal Device Client	Before 23.10

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-121183

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-121183

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.