Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code on a targeted system, giving an adversary Administrator or SYSTEM-level privileges.
Research come from Pen Test Partners, who found the flaw (CVE-2019-6177) and said the vulnerability is tied to its much-maligned Lenovo Solution Center (LSC) software.