CVE-2023-3112 - OpenCVE

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ellipticlabs	Ai Virtual Presence Sensor Virtual Lock Sensor
Lenovo	Thinkpad T14 Gen 3

Configuration 1 [-]

AND

cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor::::::::
	cpe:2.3:a:ellipticlabs:virtual_lock_sensor::::::::

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-128081

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:31:09.667Z

Updated: 2024-09-12T14:33:21.402Z

Reserved: 2023-06-05T19:13:51.840Z

Link: CVE-2023-3112

Vulnrichment

Updated: 2024-08-02T06:48:07.277Z

NVD

Status : Analyzed

Published: 2023-10-25T18:17:30.060

Modified: 2023-10-31T18:33:10.290

Link: CVE-2023-3112

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "lenovo", "product": "thinkpad_t14_gen_3", "cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.50719.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T14:17:52.903048Z", "id": "CVE-2023-3112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:33:21.402Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-11T14:17:52.903048Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "vendor": "lenovo", "product": "thinkpad_t14_gen_3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.1.50719.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T14:25:25.711Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "33F5E4AC-0BB5-4582-A68B-B044AE1FDDF3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F36B5F2-E5DF-4133-AEC7-6A84856BFF9D", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ellipticlabs:virtual_lock_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BFF461C-515F-41EB-A4A0-6877A19608F0", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad en el sensor de bloqueo virtual de Elliptic Labs para ThinkPad T14 Gen 3 que podr\u00eda permitir a un atacante con acceso local ejecutar c\u00f3digo con privilegios elevados."}], "id": "CVE-2023-3112", "lastModified": "2023-10-31T18:33:10.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:30.060", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Primary"}]}