An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.lenovo.co/us/en/product_security/LEN-174319 |
History
Mon, 16 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 16 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: lenovo
Published: 2024-12-16T17:04:18.384Z
Updated: 2024-12-16T17:18:06.452Z
Reserved: 2024-06-14T15:26:37.230Z
Link: CVE-2024-6001
Vulnrichment
Updated: 2024-12-16T17:18:02.551Z
NVD
Status : Received
Published: 2024-12-16T17:15:14.197
Modified: 2024-12-16T17:15:14.197
Link: CVE-2024-6001
Redhat
No data.