CVE-2024-4696

Name of the Vulnerable Software and Affected Versions Lenovo Service Bridge versions prior to 5.0.2.17

Description A privilege escalation issue was reported that could allow operating system commands to be executed if a specially crafted link is visited. The vulnerability is related to the failure to neutralize special elements used in an operating system command, which could allow a remote attacker to elevate their privileges and execute arbitrary commands using a specially crafted malicious link.

Recommendations For versions prior to 5.0.2.17, update to version 5.0.2.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the Lenovo Service Bridge until a patch is applied. Avoid visiting suspicious links to minimize the risk of exploitation.