First published: Thu Mar 14 2019(Updated: )
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
Credit: psirt@lenovo.com psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo Dynamic Power Reduction | <2.2.2.0 | |
Lenovo ThinkPad X1 Carbon | ||
All of | ||
Lenovo Dynamic Power Reduction | <2.2.2.0 | |
Lenovo ThinkPad X1 Carbon |
Update Dynamic Power Reduction Utility to version 2.2.2.0.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6149 is an unquoted search path vulnerability identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0.
CVE-2019-6149 has a severity value of 6.7, which is considered high.
CVE-2019-6149 could allow a malicious user with local access to execute code with administrative privileges in Lenovo Dynamic Power Reduction Utility versions prior to 2.2.2.0.
No, Lenovo ThinkPad X1 Carbon is not affected by CVE-2019-6149.
Update Lenovo Dynamic Power Reduction Utility to version 2.2.2.0 or later to fix the CVE-2019-6149 vulnerability.