CVE-2023-3112 - OpenCVE

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Ellipticlabs	Ai Virtual Presence Sensor Virtual Lock Sensor
Lenovo	Thinkpad T14 Gen 3

Configuration 1 [-]

AND

OR	cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor::::::::
	cpe:2.3:a:ellipticlabs:virtual_lock_sensor::::::::

cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-128081	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:31:09.667Z

Updated: 2023-10-24T20:31:09.667Z

Reserved: 2023-06-05T19:13:51.840Z

Link: CVE-2023-3112

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:30.060

Modified: 2023-10-31T18:33:10.290

Link: CVE-2023-3112

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F36B5F2-E5DF-4133-AEC7-6A84856BFF9D", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ellipticlabs:virtual_lock_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BFF461C-515F-41EB-A4A0-6877A19608F0", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "33F5E4AC-0BB5-4582-A68B-B044AE1FDDF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad en el sensor de bloqueo virtual de Elliptic Labs para ThinkPad T14 Gen 3 que podr\u00eda permitir a un atacante con acceso local ejecutar c\u00f3digo con privilegios elevados."}], "id": "CVE-2023-3112", "lastModified": "2023-10-31T18:33:10.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:30.060", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Primary"}]}