Support

CCSDK Discontinuation

CCSDK Discontinuation

RSS

CCSDK Discontinuation

Lenovo Security Advisory: LEN-29289

Potential Impact: Local Privilege Escalation

Severity: Medium

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2019-6184

Summary Description:

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software may allow local privilege escalation.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo has discontinued support for CCSDK and recommends that users uninstall it at their earliest convenience.

Acknowledgement:

Lenovo thanks Zhiniang Peng of Qihoo 360 Core security & Jiadong Lu of South China University of Technology for reporting this issue.

Revision History:

Revision Date Description
1 2019-11-19 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Alias Id:LEN-29289
Document ID:PS500284
Original Publish Date:11/09/2019
Last Modified Date:11/19/2019
X

Lenovo uses cookies to improve your experience.

Visit our Cookie Consent Tool to manage your preferences, or our Privacy Policy for more information.

Back to Previous Page
X
lenovo

Information We Collect About You

We want to be transparent about the data we and our partners collect and how we use it, so you can best exercise control over your personal data. For more information, please see our Privacy Policy.

Our cookie consent tool offers you greater visibility and control over how your preferences are stored on the site. However, some third party cookies have been temporarily classified as essential, meaning some cookies will drop that are not actually necessary for the functioning of the site. We are working to fix the issue, but you can still block essential cookies through your browser tools.

Information Our Partners Collect

We use the following partners to better improve your overall web browsing experience. They use cookies and other mechanisms to connect you with your social networks and tailor advertising to better match your interests. You can elect to opt-out of this information collection by unticking the boxes below.

Categories
1 of 1 allowed
Essential Required

We rely on cookies, javascript, and other web technologies to serve key—or essential—elements on the site. This may include things like your language preferences or server-based cookies intended to keep our site running and operational. If disabled, your site experience will likely be impacted.

Analytics

We use analytics to improve our website by better understanding how often users visit the site, what pages they visit most, and how long they spend on our site. We'll rely on cookies and third-party partners to track these actions and behaviors. Click on one of the partner names to learn more.

Vendors
Name Required

Website:

In Their Own Words

What data does this company collect?

Data Collected

Anonymous:

Pseudonymous:

PII:

Sensitive:

Data Sharing

Data Retention

Data Use

Data Storage

Adobe