Lenovo CCSDK CVE-2016-8235 Local Privilege Escalation Vulnerability

Lenovo CCSDK is prone to a local privilege-escalation vulnerability.

Local attackers may exploit this issue to execute arbitrary code with elevated privileges.

Versions prior to CCSDK 2.0.16.3 are vulnerable.

Information

Bugtraq ID: 97543
Class: Input Validation Error
CVE: CVE-2016-8235

Remote: No
Local: Yes
Published: Mar 30 2017 12:00AM
Updated: Apr 12 2017 12:02AM
Credit: Ali Onder
Vulnerable: Lenovo CCSDK 1.2
Lenovo CCSDK 1.1

Not Vulnerable: Lenovo CCSDK 2.0.16.3

References:

• Lenovo Homepage (IBM)
  
• Privilege Escalation Vulnerability in Lenovo CCSDK (Lenovo)
  

Source: www.securityfocus.com