Lenovo Solution Center Vulnerabilities Found in Pre-Installed Software

LenovoLenovo Pen Test Partners, Found Vulnerabilities high-privileged in Lenovo Solution Center (LSC) software in Pre-Installed Software on millions of older-model PCs made by the world’s leading computer maker. A vulnerability is a prediction escalation error that can be used to execute voluntary code on a targeted system, giving an opposition administrator
or system-level privileges.

Lenovo Pen Test Partners Researchers Who found the Vulnerabilities (CVE-29-6-17177) and stated that the vulnerability was tied to its highly-maligned Lenovo Solution Center software version 03.12.003. Lenovo ended support for Lenovo Solution Center
and recommended that customers migrated to Lenovo Vantage or Lenovo Diagnostics in April 2018

The intended scope of the software is to observe the overall health of the PC. It checks for battery, firewall, and driver updates. It comes pre-installed on most Lenovo PCs, including desktops and laptops.

Vulnerability advisory states that :

“Lenovo ended support for Lenovo Solution Center and recommended that customers migrated to Lenovo Vantage or Lenovo Diagnostics in April 2018.”

Lenovo Vantage

End-to-End Protection
Available through Lenovo Vantage, Security Advisor is a suite of security tools that are recommended by Lenovo and vetted by security professionals. Together, they offer everything you need to defend yourself against a wide range of online threats.

  • Features of Security Advisor:
  • Anti-Virus Protection powered by McAfee Livesafe
  • Network protection powered by Lenovo WiFi Security
  • Safer Online Authentication with Intel Online Connect
  • Protect your passwords with Dashlane Password Manager
  • Safer Online Browsing powered by SurfEasy VPN

The bug itself is a DACL (discretionary access control list) overwrite, which means that a high-privileged Lenovo process indiscriminately overwrites the privileges of a file that a low-privileged user can control. report by pentestpartners

It’s been assigned CVE-2019-6177. The Lenovo advisory is here

Researchers said the high-privileged process gives all users on the system full control of that file. In this scenario, a low-privileged user can write a “hard link” file to the controllable location – a pseudo-file which points to any another file on the system that the low-privileged user doesn’t have control.

When the Lenovo process runs, it overwrites the privileges of the hard-linked file with permissive rights, which lets the low-privileged user take full control of a file they shouldn’t usually be allowed to. This can if you’re smart, be used to execute arbitrary code on the system with Administrator or SYSTEM privileges.

Lenovo says LSC has been shipped since 2011, but haven’t been clear about when they stopped sending it by default with new devices. It’s been “officially” end of life since 30th November 2018. So depending on when the bug was introduced, this could have been languishing on all Lenovo machines with LSC installed for about eight years.