CVE-2022-0354

CWE-94 — Code Injection3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 83.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo System Update

Timeline

PublishedApr 22

Latest updateApr 23

Description

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages2 packages

▶NVDlenovo/system_update< 2022-02-25

▶CVEListV5lenovo/system_updatevarious

🔴Vulnerability Details

GHSA

GHSA-mgc9-7xh6-8mpm: A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with ele↗2022-04-23

▶

CVEList

CVE-2022-0354: A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with ele↗2022-04-22

▶