Description
During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
Published: 2026-03-11
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

The reported vulnerability in Lenovo PC Manager allows a local authenticated user to terminate privileged processes, effectively causing a privilege escalation. The weakness is classified as CWE-269, indicating an authorization bypass or escalation of privilege. By terminating high‑privilege processes, an attacker could disrupt critical services, degrade system availability, or prepare for further escalation steps. No remote attack vector or exploit code is indicated; the impact is limited to a local context where the user has valid credentials to access the PC Manager application.

Affected Systems

Lenovo:PC Manager is affected. The specific affected software versions are not listed in the CVE data; however, the vulnerability applies to the product as a whole until the vendor specifies versions. Administrators should assume all current installers of Lenovo PC Manager are potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 6.8 indicates a moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, indicating it is not a known exploited vulnerability at the time of reporting. The attack requires local, authenticated access to Lenovo PC Manager, so physical or direct login access is necessary. Once executed, the attacker can terminate privileged processes, which may cause denial of service or create opportunities for further compromise. The practical risk is moderate but should be mitigated promptly.

Generated by OpenCVE AI on March 17, 2026 at 15:25 UTC.

Remediation

Vendor Solution

Update Lenovo PC Manager Version to version 5.1.160.12302 or later.

OpenCVE Recommended Actions

  • Update Lenovo PC Manager to version 5.1.160.12302 or later

Generated by OpenCVE AI on March 17, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://iknow.lenovo.com.cn/detail/438816 cve-icon cve-icon
History

Fri, 20 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation: Termination of Privileged Processes in Lenovo PC Manager

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Description During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.
First Time appeared Lenovo
Lenovo pc Manager
Weaknesses CWE-269
CPEs cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*
Vendors & Products Lenovo
Lenovo pc Manager
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Pc Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-03-12T16:18:19.313Z

Reserved: 2026-02-17T19:58:39.340Z

Link: CVE-2026-2640

cve-icon Vulnrichment

Updated: 2026-03-12T15:35:46.069Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T21:16:15.687

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-2640

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:37:09Z

Weaknesses