CVE-2019-6197 – A local privilege escalation vulnerability in L... (How to Fix)

Q: What is the severity of CVE-2019-6197?

CVE-2019-6197 has a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability in Lenovo PC Manager allows attackers to gain elevated system privileges. This affects users running vulnerable versions of Lenovo PC Manager on Windows systems. Attackers must have local access to the system to exploit this vulnerability.

📋 TL;DR

A local privilege escalation vulnerability in Lenovo PC Manager allows attackers to gain elevated system privileges. This affects users running vulnerable versions of Lenovo PC Manager on Windows systems. Attackers must have local access to the system to exploit this vulnerability.

💻 Affected Systems

Products:

Lenovo PC Manager

Versions: All versions prior to 2.8.90.11211

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Lenovo PC Manager installed. Typically pre-installed on Lenovo consumer PCs.

📦 What is this software?

Pcmanager by Lenovo

View all CVEs affecting Pcmanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full administrative control over the system, enabling installation of malware, data theft, or complete system compromise.

🟠

Likely Case

Local attackers escalate privileges to install persistent malware, modify system settings, or access protected files.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with workarounds, attack surface is reduced but risk remains.

🌐 Internet-Facing: LOW - This requires local system access and cannot be exploited remotely over the internet.

🏢 Internal Only: HIGH - Local attackers on shared systems or compromised user accounts can exploit this to gain administrative privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access but likely straightforward for attackers with basic skills given the CWE-287 (Improper Authentication) classification.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.8.90.11211 or later

Vendor Advisory: https://iknow.lenovo.com.cn/detail/186945.html

Restart Required: Yes

Instructions:

1. Open Lenovo PC Manager. 2. Check for updates in settings. 3. Install update to version 2.8.90.11211 or later. 4. Restart the computer.

🔧 Temporary Workarounds

Uninstall Lenovo PC Manager

windows

Remove the vulnerable software entirely if not needed

Control Panel > Programs > Uninstall a program > Select Lenovo PC Manager > Uninstall

Restrict local user privileges

windows

Limit standard user accounts to reduce impact of privilege escalation

🧯 If You Can't Patch

Remove local user access for untrusted individuals
Implement application whitelisting to prevent unauthorized program execution

🔍 How to Verify

Check if Vulnerable:

Check Lenovo PC Manager version in program details or settings. If version is below 2.8.90.11211, system is vulnerable.

Check Version:

wmic product where name="Lenovo PC Manager" get version

Verify Fix Applied:

Confirm Lenovo PC Manager version is 2.8.90.11211 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Lenovo PC Manager service anomalies
Windows Event Logs showing unusual process creation with elevated privileges

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID=4688 AND NewProcessName LIKE "%LenovoPCManager%" AND SubjectUserName!=SYSTEM

📊 Metadata

CVE ID: CVE-2019-6197

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: July 31, 2024

Last Updated: August 13, 2024

🔗 References

https://iknow.lenovo.com.cn/detail/186945.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-6197, you might also want to check these: