CVE-2024-7756
CVSS 3.1 Score 6.8 of 10 (medium)
Details
Summary
CVE-2024-7756 identifies a vulnerability in ThinkPad L390 Yoga and 10w Notebook models, which could enable a local attacker to escalate privileges via an embedded UEFI shell. The severity of this vulnerability is rated as medium, with a base score of 6.8, indicating high potential impacts on confidentiality, integrity, and availability. Exploitation requires physical access to the device and does not necessitate user interaction, making it particularly concerning for organizations with unsecured devices. To remediate this issue, affected users should consult Lenovo's security advisory for updates and guidance on mitigating the risk associated with this vulnerability. For further details, Lenovo provides additional information at their product security support page.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.