[smarterchild]

https://support.lenovo.com/us/en/product_security/lsu_privil...

If this is considered "Medium" Severity, how bad would it have to be to become High?

[poizan42]

Something like the LSASS vulnerability used by the Sasser worm? http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0...

Or even worse - it's not inconceivable that some a bit too clever firmware for a ethernet or wifi device could be exploited by a specially crafted IP package that could be sent over the public internet. As such a device usually has DMA access that would be really bad. I don't think even "High" would be sufficient in that case though.

[brudgers]

I suspect that it would be a higher issue if the risk did not require the computer to already be infected with malware.