Login Sign Up

CVE-2021-3550

7.8 HIGH

📋 TL;DR

This CVE describes a DLL search path vulnerability in Lenovo PCManager that could allow local attackers to escalate privileges by placing a malicious DLL in a directory that the application searches before loading legitimate libraries. Users running Lenovo PCManager versions below 3.0.500.5102 on Windows systems are affected.

💻 Affected Systems

Products:
  • Lenovo PCManager
Versions: All versions prior to 3.0.500.5102
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires local access to the system and ability to place malicious DLL in search path.

📦 What is this software?

Pcmanager by Lenovo

View all CVEs affecting Pcmanager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could execute arbitrary code with SYSTEM/administrator privileges, potentially gaining full control of the system.

🟠

Likely Case

Local privilege escalation allowing attackers to gain administrative rights on compromised systems.

🟢

If Mitigated

Limited impact if proper access controls prevent unauthorized local execution or if vulnerable software is not installed.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.
🏢 Internal Only: MEDIUM - Internal attackers or malware with local execution could exploit this to escalate privileges on affected systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

DLL hijacking vulnerabilities typically have low exploitation complexity but require local access and ability to write to specific directories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.500.5102 and later

Vendor Advisory: https://iknow.lenovo.com.cn/detail/dc_197169.html

Restart Required: Yes

Instructions:

1. Download Lenovo PCManager version 3.0.500.5102 or later from official Lenovo sources. 2. Run the installer to update the software. 3. Restart the system to ensure changes take effect.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Lenovo PCManager if not required for system functionality

Control Panel > Programs > Uninstall a program > Select Lenovo PCManager > Uninstall

Restrict directory permissions

windows

Set restrictive permissions on directories where DLL hijacking could occur

icacls "C:\Program Files\Lenovo\PCManager" /deny Everyone:(OI)(CI)(WD,AD,RX)

🧯 If You Can't Patch

  • Restrict local user access to prevent unauthorized users from executing applications
  • Implement application whitelisting to control which applications can run on the system

🔍 How to Verify

Check if Vulnerable:

Check Lenovo PCManager version in Control Panel > Programs > Programs and Features

Check Version:

wmic product where name="Lenovo PCManager" get version

Verify Fix Applied:

Verify installed version is 3.0.500.5102 or higher and check that the application loads properly

📡 Detection & Monitoring

Log Indicators:

  • Unusual DLL loading from non-standard paths
  • Failed DLL loading attempts from PCManager process

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Process Creation where Image contains "PCManager" AND CommandLine contains unusual DLL paths

📊 Metadata

CVE ID: CVE-2021-3550
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: July 16, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3550, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)