VYPR
High severity7.3NVD Advisory· Published Apr 22, 2022· Updated Jun 2, 2026

CVE-2022-0354

CVE-2022-0354

Description

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Affected products

3
  • cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*range: <2022-02-25
    • (no CPE)range: <2022-02-25
    • (no CPE)range: various

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.