Description
During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
Published: 2026-06-10
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability enables a local authenticated user to execute arbitrary code with elevated privileges on Lenovo Accessories and Display Manager for Enterprise for Windows. This can lead to full control over the affected machine, potentially allowing the attacker to tamper with system configuration, install additional malware, or exfiltrate data. The weakness is categorized as CWE-306, indicating missing authentication for a critical function.

Affected Systems

Lenovo Accessories and Display Manager for Enterprise for Windows. Versions prior to 1.0.9 are vulnerable, as the vendor recommends updating to 1.0.9 or later to remediate the issue.

Risk and Exploitability

The CVSS score of 8.5 classifies the flaw as high severity, and the current EPSS score is not available, so the precise likelihood of exploitation is unclear. The vulnerability is not listed in the CISA KEV catalog. The attack vector is local and requires authentication; therefore, the threat is primarily to privileged users on the system. If an attacker gains sufficient local access, they can leverage this flaw to gain full system control.

Generated by OpenCVE AI on June 10, 2026 at 15:35 UTC.

Remediation

Vendor Solution

Update Lenovo Accessories and Display Manager for Enterprise for Windows to version 1.0.9 or later.

OpenCVE Recommended Actions

  • Update Lenovo Accessories and Display Manager for Enterprise for Windows to version 1.0.9 or higher.
  • Restrict local account privileges so that only trusted users have administrative rights.
  • Enable and review system event logging to detect unauthorized code execution attempts.

Generated by OpenCVE AI on June 10, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Title Local Privilege Escalation Allowing Code Execution in Lenovo Accessories and Display Manager

Wed, 10 Jun 2026 14:45:00 +0000

Type Values Removed Values Added
Description During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges.
First Time appeared Lenovo
Lenovo accessories And Display Manager For Enterprise
Weaknesses CWE-306
CPEs cpe:2.3:a:lenovo:accessories_and_display_manager_for_enterprise:*:*:windows:*:*:*:*:*
Vendors & Products Lenovo
Lenovo accessories And Display Manager For Enterprise
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lenovo Accessories And Display Manager For Enterprise
cve-icon MITRE

Status: PUBLISHED

Assigner: lenovo

Published:

Updated: 2026-06-10T16:07:37.876Z

Reserved: 2026-05-19T19:01:21.410Z

Link: CVE-2026-9045

cve-icon Vulnrichment

Updated: 2026-06-10T16:07:34.596Z

cve-icon NVD

Status : Received

Published: 2026-06-10T15:16:43.070

Modified: 2026-06-10T15:16:43.070

Link: CVE-2026-9045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T15:45:20Z

Weaknesses