Threat actors could exploit critical cross-site scripting vulnerabilities in Lenovo's GPT-4-powered artificial intelligence chatbot Lena to facilitate malicious code injections and session cookie theft through a single prompt.

An analysis from Cybernews researchers found that exfiltrating active session cookies has been made possible by a lone prompt commencing with an inquiry for legitimate information, followed by instructions for output format modification and how to generate an HTML-based output before including further orders to produce the requested image.

In the process of producing the HTML output - which eventually includes instructions for obtaining resources from an attacker-controlled server - the malicious code infiltrating Lenovo's systems is then executed before threat actors request communications with a human support agent, with the firm's customer support systems at risk of being compromised using previously secured cookies.

"It may also be possible to execute some system commands, which could allow for the installation of backdoors and lateral movement to other servers and computers on the network," said researchers.

In a statement send to SC UK, a Lenovo spokesperson said: "Lenovo takes the security of our products and the protection of our customers very seriously.

"We were recently made aware of a chatbot cross-site scripting (XSS) vulnerability by a third-party security researcher. Upon becoming aware of the issue, we promptly assessed the risk and implemented corrective actions to mitigate potential impact and address the issue. We want to thank the researchers for their responsible disclosure, which allowed us to deploy a solution without putting our customers at risk."

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.