CVE-2023-3078
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Aug 17, 2023
Updated: Aug 25, 2023
CWE ID 79
Summary
CVE-2023-3078 is an uncontrolled search path vulnerability affecting Lenovo's Universal Device Client (UDC). This issue grants local attackers the ability to execute code with elevated privileges, by manipulating the application's search path for files. Successful exploitation of this vulnerability could result in significant system compromise. Lenovo urges users to apply the available patches promptly to mitigate this risk. Unpatched systems remain vulnerable to local attackers with access to the affected Lenovo UDC.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share