CVE-2023-3112 - Vulnerability Details - OpenCVE

Description

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Published: 2023-10-24

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Lenovo

Elliptic Labs Virtual Lock Sensor

unaffected

Version	Status	Constraints
`All versions prior to 3.1.50719.1`	affected	—

Lenovo

AI Virtual Presence Sensor

unaffected

Version	Status	Constraints
`All versions prior to 3.1.50719.1`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor::::::::
	cpe:2.3:a:ellipticlabs:virtual_lock_sensor::::::::

cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory https://support.lenovo.com/us/en/product_security/LEN-128081

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-43798	A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-128081

History

No history.

Subscriptions

Ellipticlabs Ai Virtual Presence Sensor Virtual Lock Sensor

Lenovo Thinkpad T14 Gen 3

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:31:09.667Z

Updated: 2024-09-12T14:33:21.402Z

Reserved: 2023-06-05T19:13:51.840Z

Link: CVE-2023-3112

Vulnrichment

Updated: 2024-08-02T06:48:07.277Z

NVD

Status : Modified

Published: 2023-10-25T18:17:30.060

Modified: 2024-11-21T08:16:29.187

Link: CVE-2023-3112

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "lenovo", "product": "thinkpad_t14_gen_3", "cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.50719.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T14:17:52.903048Z", "id": "CVE-2023-3112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:33:21.402Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-11T14:17:52.903048Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "vendor": "lenovo", "product": "thinkpad_t14_gen_3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.1.50719.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T14:25:25.711Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F36B5F2-E5DF-4133-AEC7-6A84856BFF9D", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ellipticlabs:virtual_lock_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BFF461C-515F-41EB-A4A0-6877A19608F0", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "33F5E4AC-0BB5-4582-A68B-B044AE1FDDF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad en el sensor de bloqueo virtual de Elliptic Labs para ThinkPad T14 Gen 3 que podr\u00eda permitir a un atacante con acceso local ejecutar c\u00f3digo con privilegios elevados."}], "id": "CVE-2023-3112", "lastModified": "2024-11-21T08:16:29.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:30.060", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}