CVE-2020-8327Unquoted Search Path or Element in Lenovo Vantage

CWE-428Unquoted Search Path or ElementCWE-269Improper Privilege Management3 documents3 sources
Severity
7.8HIGHNVD
CNA7.3
EPSS
0.1%
top 71.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Lenovo Vantage
Timeline
PublishedApr 14
Latest updateMay 24

Description

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5lenovo/vantageunspecified10.2003.10.0
NVDlenovo/vantage< 10.2003.10.0

🔴Vulnerability Details

2
GHSA
GHSA-7vr4-w8wh-ff7q: A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior2022-05-24
CVEList
CVE-2020-8327: A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior2020-04-14
CVE-2020-8327 — Unquoted Search Path or Element | cvebase