PT-2023-3168 · Lenovo · Thinkpad Hybrid Usb-C With Usb-A Dock
Published
2023-05-09
·
Updated
2023-06-13
·
CVE-2022-4569
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ThinkPad Hybrid USB-C with USB-A Dock (affected versions not specified)
Description
The issue is related to insufficient input validation in the firmware update tool, which could allow an attacker with local access to execute code with elevated privileges during package upgrade or installation.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Thinkpad Hybrid Usb-C With Usb-A Dock