Login Sign Up

CVE-2019-6167

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in Lenovo Service Bridge allows remote attackers to execute arbitrary code on affected systems. It affects all users running Lenovo Service Bridge versions before 4.1.0.1. The high CVSS score indicates this is a critical security issue requiring immediate attention.

💻 Affected Systems

Products:
  • Lenovo Service Bridge
Versions: All versions before 4.1.0.1
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Lenovo Service Bridge is typically installed on Lenovo devices to facilitate support services and driver updates.

📦 What is this software?

Service Bridge by Lenovo

View all CVEs affecting Service Bridge →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the affected machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution allowing installation of malware, backdoors, or credential harvesting tools on vulnerable systems.

🟢

If Mitigated

Limited impact if proper network segmentation and endpoint protection are in place, though the vulnerability still presents significant risk.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows remote code execution, suggesting relatively straightforward exploitation once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.0.1

Vendor Advisory: https://support.lenovo.com/solutions/LEN-27725

Restart Required: Yes

Instructions:

1. Download Lenovo Service Bridge version 4.1.0.1 or later from Lenovo's official website. 2. Uninstall the current version. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Uninstall Lenovo Service Bridge

windows

Remove the vulnerable software entirely if not required for system functionality.

Control Panel > Programs > Uninstall a program > Select Lenovo Service Bridge > Uninstall

Network Blocking

windows

Block network access to Lenovo Service Bridge using firewall rules.

New-NetFirewallRule -DisplayName "Block Lenovo Service Bridge" -Direction Outbound -Program "C:\Program Files\Lenovo\Service Bridge\LSB.exe" -Action Block

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate affected systems
  • Deploy endpoint detection and response (EDR) solutions to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the installed version of Lenovo Service Bridge via Control Panel > Programs and Features or by checking the program's about dialog.

Check Version:

wmic product where name="Lenovo Service Bridge" get version

Verify Fix Applied:

Verify that Lenovo Service Bridge version is 4.1.0.1 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process creation from LSB.exe
  • Network connections from Lenovo Service Bridge to unexpected destinations
  • Failed update attempts or unusual service behavior

Network Indicators:

  • Outbound connections from LSB.exe to non-Lenovo domains or IPs
  • Unusual traffic patterns from systems running vulnerable versions

SIEM Query:

source="*" (process_name="LSB.exe" AND (destination_ip NOT IN ["lenovo.com", "*.lenovo.com"] OR process_command_line CONTAINS suspicious_pattern))

📊 Metadata

CVE ID: CVE-2019-6167
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: June 26, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON