CVE-2023-4706

Summary

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Affected Software

VendorProductVersion RangeStatus
Lenovo1Lenovo Preload DirectoryRefer to Mitigation strategy section in LEN-127385affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References