7.2
CWE
428
Advisory Published
Updated

CVE-2019-6149

First published: Thu Mar 14 2019(Updated: )

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.

Credit: psirt@lenovo.com psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Dynamic Power Reduction<2.2.2.0
Lenovo ThinkPad X1 Carbon
All of
Lenovo Dynamic Power Reduction<2.2.2.0
Lenovo ThinkPad X1 Carbon

Remedy

Update Dynamic Power Reduction Utility to version 2.2.2.0.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2019-6149?

    CVE-2019-6149 is an unquoted search path vulnerability identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0.

  • What is the severity of CVE-2019-6149?

    CVE-2019-6149 has a severity value of 6.7, which is considered high.

  • How does CVE-2019-6149 affect Lenovo Dynamic Power Reduction Utility?

    CVE-2019-6149 could allow a malicious user with local access to execute code with administrative privileges in Lenovo Dynamic Power Reduction Utility versions prior to 2.2.2.0.

  • Is Lenovo ThinkPad X1 Carbon affected by CVE-2019-6149?

    No, Lenovo ThinkPad X1 Carbon is not affected by CVE-2019-6149.

  • How can I fix CVE-2019-6149?

    Update Lenovo Dynamic Power Reduction Utility to version 2.2.2.0 or later to fix the CVE-2019-6149 vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203