Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-25496

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-28 Apr, 2023 | 21:13
Updated At-30 Jan, 2025 | 18:26
Rejected At-
Credits

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:28 Apr, 2023 | 21:13
Updated At:30 Jan, 2025 | 18:26
Rejected At:
▼CVE Numbering Authority (CNA)

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Lenovo Drivers Management
Default Status
unaffected
Versions
Affected
  • Versions prior to 3.1.1307.1308
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update to Lenovo Driver Manager version 3.1.1307.1308 or later.

Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Linke Lu for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://iknow.lenovo.com.cn/detail/dc_415202.html
N/A
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_415202.html
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://iknow.lenovo.com.cn/detail/dc_415202.html
x_transferred
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_415202.html
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:28 Apr, 2023 | 22:15
Updated At:08 May, 2023 | 18:09

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Lenovo Group Limited
lenovo
>>drivers_management>>Versions before 3.1.1307.1308(exclusive)
cpe:2.3:a:lenovo:drivers_management:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondarypsirt@lenovo.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://iknow.lenovo.com.cn/detail/dc_415202.htmlpsirt@lenovo.com
Vendor Advisory
Hyperlink: https://iknow.lenovo.com.cn/detail/dc_415202.html
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

259Records found
CVE-2021-26360
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.72%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 20:44
Updated-01 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in ASP.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareradeon_rx_6800mradeon_rx_6500_xtradeon_pro_w6600mradeon_rx_6300mradeon_rx_6750_xtradeon_rx_6800radeon_pro_w6800radeon_rx_6900_xtradeon_rx_6600sradeon_pro_w6600radeon_rx_6650m_xtradeon_pro_w6900xradeon_pro_w6400radeon_rx_6500mradeon_rx_6800sradeon_rx_6950_xtradeon_rx_6600_xtradeon_rx_6600mradeon_rx_6700mradeon_rx_6700_xtradeon_pro_w6800x_duoradeon_pro_softwareradeon_rx_6700radeon_rx_6850m_xtradeon_rx_6700sradeon_pro_w6800xradeon_rx_6650mradeon_rx_6800_xtenterprise_driverradeon_rx_6400radeon_rx_6600radeon_pro_w6300mradeon_rx_6650_xtradeon_pro_w6600xradeon_pro_w6500mAMD Radeon RX 6000 Series & PRO W6000 Series
CWE ID-CWE-284
Improper Access Control
CVE-2024-43530
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.08%
||
7 Day CHG+0.04%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_23h2windows_server_2022windows_11_22h2windows_10_22h2Windows Server 2022Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 Version 23H2Windows 11 version 22H3
CWE ID-CWE-284
Improper Access Control
CVE-2024-43503
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.84% / 73.89%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-08 Jul, 2025 | 15:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Elevation of Privilege Vulnerability

Microsoft SharePoint Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-284
Improper Access Control
CVE-2021-25438
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.00%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:47
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidmembersSamsung Members
CWE ID-CWE-284
Improper Access Control
CVE-2024-43492
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 71.93%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-284
Improper Access Control
CVE-2024-43590
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 55.80%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-08 Jul, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022Microsoft Visual Studio 2022 version 17.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2022 version 17.6Microsoft Visual Studio 2022 version 17.10Visual C++ Redistributable InstallerMicrosoft Visual Studio 2022 version 17.11
CWE ID-CWE-284
Improper Access Control
CVE-2020-9046
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8.8||HIGH
EPSS-0.04% / 11.42%
||
7 Day CHG~0.00%
Published-26 May, 2020 | 20:05
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kantech EntraPass Security Management Software - System Permissions Vulnerability

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-kantech_entrapassKantech EntraPass Security Management Software Special Edition versions 8.22 and priorKantech EntraPass Security Management Software Global Edition versions 8.22 and priorKantech EntraPass Security Management Software Corporate Edition versions 8.22 and prior
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-31320
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-0.71% / 71.33%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 20:11
Updated-17 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2022-32578
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 27.13%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_software_suiteIntel(R) NUC Pro Software Suite
CWE ID-CWE-284
Improper Access Control
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found