Rick Veldhoven
Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
Summary The ImController service comes installed on certain Lenovo devices, for example NCC found the service installed on a ThinkPad workstation. The service runs as the SYSTEM user and periodically executes child processes which perform system configuration and maintenance tasks. Impact Elevation of privilege. An attacker can elevate their privileges…