CVE-2023-34419

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Aug 17, 2023
Updated: Aug 24, 2023
CWE ID 120

Summary

CVE-2023-34419 is a recently disclosed vulnerability affecting some Lenovo Notebook models. This issue involves a buffer overflow in the SetupUtility driver, which can be exploited by an attacker with local access and elevated privileges. By manipulating specially crafted input, the attacker can execute arbitrary code on the affected system. This is a serious concern since the SetupUtility driver has broad access to system resources, potentially enabling the attacker to take full control of the affected Lenovo Notebook. It is crucial that Lenovo releases a patch to address this vulnerability as soon as possible to prevent potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share