CVE-2023-3078

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 17, 2023
Updated: Aug 25, 2023
CWE ID 79

Summary

CVE-2023-3078 is an uncontrolled search path vulnerability affecting Lenovo's Universal Device Client (UDC). This issue grants local attackers the ability to execute code with elevated privileges, by manipulating the application's search path for files. Successful exploitation of this vulnerability could result in significant system compromise. Lenovo urges users to apply the available patches promptly to mitigate this risk. Unpatched systems remain vulnerable to local attackers with access to the affected Lenovo UDC.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share