Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

ThinkPad Dock Firmware Update Tool Elevation of Privilege Vulnerability

ThinkPad Dock Firmware Update Tool Elevation of Privilege Vulnerability

ThinkPad Dock Firmware Update Tool Elevation of Privilege Vulnerability

Lenovo Security Advisory: LEN-103544

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2022-4569

 

Summary Description: 

A vulnerability was reported in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool that could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

 

Mitigation Strategy for Customers (what you should do to protect yourself): 

Customers should update their ThinkPad Dock Firmware Udpate Tool to version v1.0.35_v2 or later.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

Docks

 

Acknowledgement:

Lenovo thanks Raphael Rosenast of Compass Security for reporting this issue.

 

Revision History:

Revision Date Description
2023-05-10 Clarified Summary Description, updated version number
1 2023-05-09 Initial release

 

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

Docks

Product Component Minimum Fixed Version
ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool for Windows 11 (Version 21H2 or later), 10 (Version 1809 or later) - ThinkPad Hybrid USB-C with USB-A Dock V1.0.35_v2

Alias Id:LEN-103544
Document ID:PS500562
Original Publish Date:05/09/2023
Last Modified Date:05/10/2023