CVE-2022-0354

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
lenovoCNA
7.3 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
lenovosystem_update
𝑥
< 2022-02-25
𝑥
= Vulnerable software versions
References
https://support.lenovo.com/us/en/product_security/LEN-76673
https://www.infosec.tirol/cve-2022-0354/
https://support.lenovo.com/us/en/product_security/LEN-76673
https://www.infosec.tirol/cve-2022-0354/