CVE-2024-7756

CVSS 3.1 Score 6.8 of 10 (medium)

Details

Published Sep 13, 2024
Updated: Sep 14, 2024
CWE ID 489

Summary

CVE-2024-7756 identifies a vulnerability in ThinkPad L390 Yoga and 10w Notebook models, which could enable a local attacker to escalate privileges via an embedded UEFI shell. The severity of this vulnerability is rated as medium, with a base score of 6.8, indicating high potential impacts on confidentiality, integrity, and availability. Exploitation requires physical access to the device and does not necessitate user interaction, making it particularly concerning for organizations with unsecured devices. To remediate this issue, affected users should consult Lenovo's security advisory for updates and guidance on mitigating the risk associated with this vulnerability. For further details, Lenovo provides additional information at their product security support page.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share