Published: 21/08/2019 Updated: 14/10/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo solution center 03.12.003

Security gone in 600 seconds: Make-me-admin hole found in Lenovo Windows laptop crapware. Delete it now

The Register • Gareth Corfield • 23 Aug 2019

Solution Centre WONTFIX amid EOL date shenanigans Remember when Lenovo sold PCs with Superfish adware? It just got a mild scolding from FTC

Not only has a vulnerability been found in Lenovo Solution Centre (LSC), but the laptop maker fiddled with end-of-life dates to make it seem less important – and is now telling the world it EOL'd the vulnerable monitoring software before its final version was released. The LSC privilege-escalation vuln (CVE-2019-6177) was found by Pen Test Partners (PTP), which said it has existed in the code since it first began shipping in 2011. It was bundled with the vast majority of the Chinese manufactur...

CVE-2019-6177

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect