{"id":22679,"date":"2021-12-21T00:11:00","date_gmt":"2021-12-20T23:11:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22679"},"modified":"2022-11-04T11:42:19","modified_gmt":"2022-11-04T10:42:19","slug":"schwachstellen-cve-2021-3922-cve-2021-3969-im-imcontroller-von-in-lenovo-notebooks","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2021\/12\/21\/schwachstellen-cve-2021-3922-cve-2021-3969-im-imcontroller-von-in-lenovo-notebooks\/","title":{"rendered":"Vulnerabilities CVE-2021-3922, CVE-2021-3969 in ImController of Lenovo Notebooks"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=260777\" target=\"_blank\" rel=\"noopener\">German<\/a>]Lenovo notebooks and devices that use the ImController service are vulnerable to a privilege escation vulnerability. This can allow attackers to execute commands with administrator privileges on the devices. However, there is an update to address both vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg01.met.vgwort.de\/na\/1241ed0330aa4a399c00a6fcac84a1df\" width=\"1\" height=\"1\">I already came across the information from colleagues <a href=\"https:\/\/web.archive.org\/web\/20221031185136\/https:\/\/www.bleepingcomputer.com\/news\/security\/lenovo-laptops-vulnerable-to-bug-allowing-admin-privileges\/\" target=\"_blank\" rel=\"noopener\">here<\/a> the other days, so I'm posting it as a security topic. Security researchers at NCC Group have released <a href=\"https:\/\/research.nccgroup.com\/2021\/12\/15\/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969\/\" target=\"_blank\" rel=\"noopener\">this advisory<\/a> on Dec. 15, 2021, regarding the vulnerabilities in Lenovo notebooks and Yoga devices.&nbsp; <\/p>\n<h2>The ImController service<\/h2>\n<p>Lenovo ships a special ImController service pre-installed on its notebook and Yoga devices. The ImController service is installed on specific Lenovo devices (e.g., ThinkPad) and runs as a SYSTEM user. The service periodically runs subordinate processes for system configuration and maintenance tasks.<\/p>\n<h2>Critical vulnerabilities in the service<\/h2>\n<p>The service starts highly privileged child processes, resulting in two vulnerabilities CVE-2021-3922 and CVE-2021-3969. These affect the ImControllerService component of all Lenovo System Interface Foundation versions below 1.1.20.3. On Windows, the service appears as \"System Interface Foundation Service\". As a component of the Lenovo System Interface Foundation, it helps Lenovo devices communicate with universal apps such as Lenovo Companion, Lenovo Settings and Lenovo ID. According to <a href=\"https:\/\/support.lenovo.com\/us\/en\/product_security\/LEN-75210\" target=\"_blank\" rel=\"noopener\">this Lenovo support document<\/a>, the following vulnerabilities exist.&nbsp; ID.&nbsp; <\/p>\n<ul>\n<li><strong>CVE-2021-3922:<\/strong> A race condition vulnerability in MController that could allow a local attacker to connect to and interact with the named pipe of the IMController subprocess.\n<li><strong>CVE-2021-3969<\/strong>: A Time of Check Time of Use (TOCTOU) vulnerability in MController that could allow a local attacker to escalate privileges.<\/li>\n<\/ul>\n<p>Both vulnerabilities can only be exploited locally, but could cause some damage in a chain of vulnerabilities. Lenovo has since provided an update in the form of Lenovo System Interface Foundation version 1.1.20.3 (see <a href=\"https:\/\/support.lenovo.com\/us\/en\/product_security\/LEN-75210\" target=\"_blank\" rel=\"noopener\">support document<\/a> ), which fixes the vulnerabilities. According to <a href=\"https:\/\/forums.lenovo.com\/t5\/Enterprise-Client-Management\/CVE-2021-3922-and-CVE-2021-3969-System-Interface-Foundation-Vulnerability\/m-p\/5115245?page=1#5514389\" target=\"_blank\" rel=\"noopener\">this Lenovo forum post<\/a>, the component should update itself automatically.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Lenovo notebooks and devices that use the ImController service are vulnerable to a privilege escation vulnerability. This can allow attackers to execute commands with administrator privileges on the devices. However, there is an update to address both vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[448,580],"tags":[642,69],"class_list":["post-22679","post","type-post","status-publish","format-standard","hentry","category-devices","category-security","tag-devices","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22679"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22679\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}