CVE-2023-3112 - Vulnerability Details - OpenCVE

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00059.

Key SSVC decision points have not yet been added.

Vendors	Products
Ellipticlabs	Ai Virtual Presence Sensor Virtual Lock Sensor
Lenovo	Thinkpad T14 Gen 3

Configuration 1 [-]

AND

OR	cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor::::::::
	cpe:2.3:a:ellipticlabs:virtual_lock_sensor::::::::

cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-43798	A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Fixes

Solution

Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory https://support.lenovo.com/us/en/product_security/LEN-128081

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-128081

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2023-10-24T20:31:09.667Z

Updated: 2024-09-12T14:33:21.402Z

Reserved: 2023-06-05T19:13:51.840Z

Link: CVE-2023-3112

Vulnrichment

Updated: 2024-08-02T06:48:07.277Z

NVD

Status : Modified

Published: 2023-10-25T18:17:30.060

Modified: 2024-11-21T08:16:29.187

Link: CVE-2023-3112

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "lenovo", "product": "thinkpad_t14_gen_3", "cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.50719.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T14:17:52.903048Z", "id": "CVE-2023-3112", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T14:33:21.402Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3112", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-06-05T19:13:51.840Z", "datePublished": "2023-10-24T20:31:09.667Z", "dateUpdated": "2024-09-12T14:33:21.402Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Elliptic Labs Virtual Lock Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}, {"defaultStatus": "unaffected", "product": "AI Virtual Presence Sensor", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "All versions prior to 3.1.50719.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-10-24T20:31:09.667Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-128081\">https://support.lenovo.com/us/en/product_security/LEN-128081</a></span><br>"}], "value": "\nUpgrade to the Elliptic Virtual Lock Sensor version (or newer) indicated for your model in the advisory\u00a0 https://support.lenovo.com/us/en/product_security/LEN-128081 \n"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:48:07.277Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-128081", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3112", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-11T14:17:52.903048Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*"], "vendor": "lenovo", "product": "thinkpad_t14_gen_3", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.1.50719.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T14:25:25.711Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ellipticlabs:ai_virtual_presence_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F36B5F2-E5DF-4133-AEC7-6A84856BFF9D", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ellipticlabs:virtual_lock_sensor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BFF461C-515F-41EB-A4A0-6877A19608F0", "versionEndExcluding": "3.1.50719.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "33F5E4AC-0BB5-4582-A68B-B044AE1FDDF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad en el sensor de bloqueo virtual de Elliptic Labs para ThinkPad T14 Gen 3 que podr\u00eda permitir a un atacante con acceso local ejecutar c\u00f3digo con privilegios elevados."}], "id": "CVE-2023-3112", "lastModified": "2024-11-21T08:16:29.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-25T18:17:30.060", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-128081"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}