CVE-2023-3078
First published: Thu Aug 17 2023(Updated: )
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
Credit: psirt@lenovo.com psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Universal Device Client | <23.4 |
Remedy
Update the Universal Device Client to version 23.10 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3078?
CVE-2023-3078 is an uncontrolled search path vulnerability in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
How severe is CVE-2023-3078?
CVE-2023-3078 has a severity score of 7.8, which is considered high.
How does CVE-2023-3078 impact Lenovo Universal Device Client (UDC)?
CVE-2023-3078 can allow an attacker with local access to execute code with elevated privileges in the Lenovo Universal Device Client (UDC).
Is there a fix available for CVE-2023-3078?
Yes, Lenovo has released a fix for CVE-2023-3078. Please refer to the Lenovo support page for more information.
What is CWE-427?
CWE-427 refers to an uncontrolled search path element vulnerability, which is the type of vulnerability found in CVE-2023-3078.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/weakness
- agent/event
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/lenovo
- canonical/lenovo universal device client