CVE-2024-6001

Name of the Vulnerable Software and Affected Versions Lenovo Accessories and Display Manager (LADM) (affected versions not specified) Lenovo Display Control Center (LDCC) (affected versions not specified)

Description The issue is related to improper certificate validation in the software, which could allow a network attacker to redirect an update request to a remote server and execute code with elevated privileges. This could potentially enable the execution of arbitrary code.

Recommendations For Lenovo Accessories and Display Manager (LADM), consider disabling the update feature until a patch is available to prevent potential exploitation. For Lenovo Display Control Center (LDCC), restrict access to the update mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.