Unquoted Service Path Privilege Escalation Vulnerability in Lenovo Active Protection System

Unquoted Service Path Privilege Escalation Vulnerability in Lenovo Active Protection System

CVE-2017-3756 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Learn more about our Web Application Penetration Testing UK.