Home
LOW: 2.4 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:NLOW: 3.2 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LDefault status
unaffected
Any version before 17.0.284
affected
Default status
unaffected
Any version before 17.0.284
affected
Default status
unaffected
Any version before 17.0.254
affected
Default status
unaffected
Any version before 17.0.084
affected
Default status
unaffected
Any version before 17.0.254
affected
Default status
unaffected
Any version before ZUI_17.0.04.266_ST_251120
affected
Default status
unaffected
Any version before 17.0.10.118
affected
Default status
unaffected
Any version before 17.0.10.098
affected
Default status
unaffected
Any version before 17.5.10.023
affected
Default status
unaffected
Any version before TB301FU_USR_S000126_250919_MP1V1111_ROW
affected
Default status
unaffected
Any version before TB301XU_USR_S000147_250919_MP1V1111_ROW
affected
Default status
unaffected
Any version before 17.5.184
affected
Default status
unaffected
Any version before 16.0.882
affected
Default status
unaffected
Any version before TB300XU_USR_S100149_250919_MP1V1111_ROW
affected
Default status
unaffected
Any version before TB300FU_USR_S100122_250919_MP1V1111_ROW
affected
Default status
unaffected
Any version before TB310XU_USR_S000913_2510021921_mp1V969_ROW
affected
Default status
unaffected
Any version before TB310FU_USR_S000912_2510022135_mp1V969_ROW
affected
Default status
unaffected
Any version before TB350FU_USER_S231044_2601050946
affected
Default status
unaffected
Any version before TB350XU_USER_S231018_2601050930
affected
Default status
unaffected
TDB (custom)
affected
Default status
unaffected
TDB (custom)
affected
Default status
unaffected
Any version before 17.0.10.250
affected
Default status
unaffected
Any version before 17.0.10.242
affected
Default status
unaffected
Any version before 17.5.10.036
affected
Default status
unaffected
Any version before 17.0.10.541
affected
Default status
unaffected
Any version before 17.0.10.541
affected
Default status
unaffected
Any version before 17.0.30.303
affected
Default status
unaffected
Any version before 17.0.31.259
affected
Default status
unaffected
Any version before 17.5.10.031
affected
Default status
unaffected
Any version before 17.0.339
affected
Default status
unaffected
Any version before 17.5.10.041
affected
Description
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.
Problem types
CWE-306: Missing Authentication for Critical Function
Product status
Any version before 17.0.284
Any version before 17.0.284
Any version before 17.0.254
Any version before 17.0.084
Any version before 17.0.254
Any version before ZUI_17.0.04.266_ST_251120
Any version before 17.0.10.118
Any version before 17.0.10.098
Any version before 17.5.10.023
Any version before TB301FU_USR_S000126_250919_MP1V1111_ROW
Any version before TB301XU_USR_S000147_250919_MP1V1111_ROW
Any version before 17.5.184
Any version before 16.0.882
Any version before TB300XU_USR_S100149_250919_MP1V1111_ROW
Any version before TB300FU_USR_S100122_250919_MP1V1111_ROW
Any version before TB310XU_USR_S000913_2510021921_mp1V969_ROW
Any version before TB310FU_USR_S000912_2510022135_mp1V969_ROW
Any version before TB350FU_USER_S231044_2601050946
Any version before TB350XU_USER_S231018_2601050930
TDB (custom)
TDB (custom)
Any version before 17.0.10.250
Any version before 17.0.10.242
Any version before 17.5.10.036
Any version before 17.0.10.541
Any version before 17.0.10.541
Any version before 17.0.30.303
Any version before 17.0.31.259
Any version before 17.5.10.031
Any version before 17.0.339
Any version before 17.5.10.041
Credits
Lenovo thanks Pablo Vivanco of DeepSecurity for reporting this issue.
References
support.lenovo.com/us/en/product_security/LEN-207951