CVE-2024-4696 HIGH

CVE-2024-4696

Vendor Lenovo

Product Service Bridge

Weakness CWE-78

Published June 13, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited.

Key dates

02Disclosure timeline

June 13, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4696

Related vulnerabilities

04Related CVE

CVE-2021-47794 ZesleCP 3.1.9 - Remote Code Execution (RCE) (Authenticated) CVE-2018-0221 CVE-2020-2028 PAN-OS: OS command injection vulnerability in FIPS-CC mode certificate verification CVE-2025-14213 Cato's Socket WebUI is vulnerable to OS Command Injection CVE-2025-1370 MicroWorld eScan Antivirus Autoscan USB epsdaemon sprintf os command injection