Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionNVD
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
AnalysisAI
Local privilege escalation in Lenovo Accessories and Display Manager for Enterprise on Windows allows an authenticated low-privileged user to execute arbitrary code with elevated privileges, per a Lenovo-disclosed internal finding (LEN-213623). The CVSS 4.0 base score of 8.5 reflects high impact to confidentiality, integrity, and availability of the vulnerable system, though no public exploit identified at time of analysis. The CWE-306 (Missing Authentication for Critical Function) classification combined with the 'Authentication Bypass' tag suggests a privileged operation in the product is reachable without proper access checks.
Technical ContextAI
Lenovo Accessories and Display Manager for Enterprise is a Windows-based management utility distributed by Lenovo for enterprise endpoints to configure docks, monitors, and peripheral accessories. The underlying CWE-306 (Missing Authentication for Critical Function) indicates that a critical operation exposed by the application - likely an IPC endpoint, named pipe, COM interface, or privileged service routine - does not validate that the caller is authorized to invoke it. Because the product typically runs with elevated rights to manipulate device settings and drivers, a standard user process can reach this unauthenticated critical function and coerce it into performing actions (file writes, process spawning, driver loading) in the SYSTEM or administrator context, yielding arbitrary code execution. The CPE cpe:2.3:a:lenovo:accessories_and_display_manager_for_enterprise:*:*:*:*:*:*:*:* covers all versions, suggesting the affected version range is unbounded until the patched build identified in DS568567.
RemediationAI
Apply the patched version of Lenovo Accessories and Display Manager for Enterprise from Lenovo's download page at https://support.lenovo.com/us/en/downloads/ds568567, following the guidance in the security advisory at https://support.lenovo.com/us/en/product_security/LEN-213623 (Vendor-released patch: see DS568567 for the exact fix build). Push the update through your endpoint management platform (Intune, SCCM/MECM, Tanium, etc.) to all Lenovo Windows endpoints where the Enterprise variant is installed. If patching cannot be performed immediately, compensating controls include uninstalling the Accessories and Display Manager package on hosts where docks/peripherals aren't centrally managed (trade-off: users lose dock/monitor configuration UI and some firmware-update flows), restricting interactive logon on shared workstations to trusted users only via Group Policy User Rights Assignment (trade-off: operational impact on shared kiosks/lab machines), and monitoring for child processes of the Lenovo service running with elevated tokens that spawn cmd.exe/powershell.exe or write to system directories.
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagemen
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phone
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys ve
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by nav
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ab
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by mak
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external i
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36047
GHSA-j94f-hq72-qm3h