Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-7334

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-27 Mar, 2020 | 14:05
Updated At-06 Aug, 2024 | 07:43
Rejected At-
Credits

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:27 Mar, 2020 | 14:05
Updated At:06 Aug, 2024 | 07:43
Rejected At:
▼CVE Numbering Authority (CNA)

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/lsu_privilege
x_refsource_MISC
Hyperlink: https://support.lenovo.com/us/en/product_security/lsu_privilege
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/lsu_privilege
x_refsource_MISC
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/lsu_privilege
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Mar, 2020 | 15:15
Updated At:30 Mar, 2020 | 18:25

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Lenovo Group Limited
lenovo
>>system_update>>Versions up to 5.07.0008(inclusive)
cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/lsu_privilegecve@mitre.org
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/lsu_privilege
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

827Records found
CVE-2022-3701
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.60%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 19:38
Updated-09 Sep, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_update_pluginhardware_scan_pluginhardware_scan_addinVantage SystemUpdate Pluginvantage_systemupdate_plugin
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1107
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.49%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t580_firmwarethinkpad_11e_yoga_firmwarethinkpad_x1_yoga_gen_2thinkpad_t560thinkpad_w541thinkpad_yoga_15thinkpad_x1_carbon_3rd_gen_firmwarethinkpad_x1_carbon_4th_genthinkpad_x1_yoga_gen_2_firmwarethinkpad_t570thinkpad_l560thinkpad_p50sthinkpad_t560_firmwarethinkpad_w541_firmwarethinkpad_t580thinkpad_x1_yoga_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_p51sthinkpad_x280_firmwarethinkpad_t550thinkpad_x1_yogathinkpad_x1_carbon_3rd_genthinkpad_11e_yogathinkpad_x1_tablet_gen_2_firmwarethinkpad_helix_firmwarethinkpad_t570_firmwarethinkpad_11e_firmwarethinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_yoga_260thinkpad_l570thinkpad_p52s_firmwarethinkpad_x1_tablet_gen_1_firmwarethinkpad_w550sthinkpad_x1_carbon_5th_gen_kabylakethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_yoga_gen_3_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l570_firmwarethinkpad_w540_firmwarethinkpad_x390_firmwarethinkpad_yoga_15_firmwarethinkpad_11ethinkpad_yoga_260_firmwarethinkpad_helixthinkpad_x1_tablet_gen_1thinkpad_x1_tablet_gen_2thinkpad_w550s_firmwarethinkpad_l560_firmwarethinkpad_w540thinkpad_x280thinkpad_x250thinkpad_x390thinkpad_p50s_firmwarethinkpad_s540thinkpad_s540_firmwarethinkpad_x250_firmwarethinkpad_x1_yoga_gen_3thinkpad_p51s_firmwarethinkpad_p52sThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1108
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.39%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-7333
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 07:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-system_updaten/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8327
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.10% / 29.04%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-8351
Matching Score-10
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-10
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.09%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 19:05
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-16
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-8534
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.97%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 08:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-solution_centern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-4132
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lock_screenLock Screenlock_screen
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4131
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-emulatorEmulatoremulator
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-3751
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_compact_usb_keyboard_driverThinkPad Compact USB Keyboard with TrackPoint Driver
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2017-3748
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.19%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

Action-Not Available
Vendor-Google LLCLenovo Group Limited
Product-vibe_a3600-dvibe_a3000vibe_a3500vibe_a2560vibe_a6600vibe_a1600vibe_a2860vibe_k30-w-cuandroidvibe_a6020i37vibe_a2800vibe_a3600uvibe_a6800vibe_a3800-dvibe_a3900vibe_a2880vibe_a6000vibe_k30-evibe_k32c30vibe_k80mvibe_a6000-iLenovo Vibe and Lenovo China-only Moto Mobile Phones
CVE-2017-3767
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

Action-Not Available
Vendor-Realtek Semiconductor Corp.Lenovo Group Limited
Product-thinkpad_11ethinkpad_p51sthinkpad_t440sthinkpad_t450sthinkpad_x1_carbonthinkpad_t450thinkpad_x270_kblthinkpad_t440pthinkpad_t460thinkpad_p70thinkpad_t460pthinkpad_t470thinkpad_x240thinkpad_x1_tabletthinkpad_l470_kblthinkpad_t440thinkpad_w541thinkpad_t460sthinkpad_t560thinkpad_x250thinkpad_t470s_sklthinkpad_yoga_11ethinkpad_w540thinkpad_l560thinkpad_x260thinkpad_l460thinkpad_s1_yoga_12thinkpad_x1cthinkpad_p71thinkpad_p50sthinkpad_t570thinkpad_x270_sklaudio_driver_firmwarethinkpad_x1_yogathinkpad_13thinkpad_s1thinkpad_10thinkpad_t540pthinkpad_s1_yogathinkpad_l470_sklthinkpad_l450thinkpad_t470pthinkpad_s2thinkpad_w550sthinkpad_x240sthinkpad_p50thinkpad_t550Realtek Audio Driver
CVE-2017-3746
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-28 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_usb_3.0_ethernet_adapter_driverThinkPad USB 3.0 Ethernet Adapter Driver
CVE-2017-3753
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.05% / 15.16%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkstation_c30_\(1136\)_firmwarethinkcentre_m800zthinkstation_p710yangtian_mc_h110_firmware63_firmwareyangtian_mf\/wf_h81_firmwareyangtian_me\/we_h110_firmwarethinkcentre_m9500zv320-15iap_firmwarethinkcentre_m610_firmwares200z_firmwareideacentre_700_firmwarethinkcentre_m7250z_firmwarethinkcentre_m73z_\(aio\)thinkcentre_m600_firmwarethinkcentre_m900_firmwarethinkserver_rq750_firmwarethinkcentre_m710t\/s_firmwarethinkcentre_e74_firmwarethinkcentre_m910qthinkserver_ts450thinkstation_p510_firmwareideacentre_700thinkcentre_m92p_firmwarethinkcentre_m9550z_firmwarethinkcentre_e93_firmwarethinkcentre_e74z_firmwarethinkserver_ts250_firmwareideacentre_510s-08ish_firmwareyangtian_afq150_firmwareyangtian_mc_godavarithinkstation_p300thinkcentre_m4500t\/s_firmwarethinkstation_p410_firmwarethinkserver_rd440_firmwarethinkcentre_m83z_\(aio\)_firmwarethinkcentre_m6600qideacentre_510s-08ishyangtian_s3040_firmwarethinkstation_c30_\(1136\)thinkstation_p910thinkcentre_m92pthinkstation_p300_firmwarethinkcentre_m8300zthinkcentre_m8250z_firmwarethinkserver_rd340_firmwarethinkcentre_x1_aiothinkstation_d30_\(4354\)thinkcentre_m4500k_firmwarethinkcentre_m8250zthinkcentre_m610thinkcentre_m8600t\/sthinkcentre_e93z_\(aio\)thinkstation_c30_\(1137\)_firmwarethinkcentre_m910xthinkcentre_e74ideacentre_510s-23isu_firmwarethinkcentre_m72e_firmwarethinkcentre_m7200zthinkcentre_m8350zthinkcentre_m92s500thinkcentre_m8500t\/s_firmwarethinkcentre_m73thinkcentre_m700zthinkcentre_m7200z_firmwarethinkcentre_e79_firmwarethinkstation_p900_firmwarethinkcentre_m8500t\/syangtian_mc_godavari_firmwares200zthinkcentre_m7300z_firmwarethinkcentre_m83_firmwarethinkstation_p700thinkserver_rd540_firmwareyangtian_mc_h110yangtian_s800_firmwarethinkcentre_e79thinkcentre_m910q_firmwarethinkstation_c30_\(1137\)m4500_idthinkstation_e32thinkstation_p900thinkcentre_m810z_firmwarethinkcentre_m79yangtian_s3040thinkcentre_e73thinkstation_p310_firmwarethinkserver_ts150_firmwarethinkcentre_m710t\/sthinkcentre_m72eideacentre_510s-23isuthinkserver_ts240thinkcentre_m715q_firmware63thinkstation_p310yangtian_mc_carrizo-lthinkcentre_m6500t\/sthinkcentre_m83z_\(aio\)thinkstation_p700_firmwareyangtian_afh110_firmwarethinkcentre_m6600t\/s_firmwareyangtian_afq150thinkstation_s30_\(4352\)thinkcentre_m800thinkstation_d30_\(4353\)thinkcentre_m8300z_firmwareyangtian_afh81_firmwareyangtian_afh110thinkcentre_m900m4500_id_firmwarethinkserver_ts140_firmwarethinkstation_d30_\(4353\)_firmwarethinkstation_s30_\(4352\)_firmwarethinkcentre_m910t\/sthinkcentre_m910x_firmwarethinkcentre_e73z_\(aio\)_firmwarethinkserver_rd340thinkstation_p510thinkcentre_m700_firmwareideacentre_300-20ish_firmwarem4550_id_firmwarethinkcentre_m6600thinkserver_ts450_firmwarethinkstation_p320thinkserver_td340h50-30gideacentre_300s-11ishyangtian_afh81v320-15iapthinkcentre_m900z_firmwarem4550_idthinkcentre_m6600t\/sthinkcentre_m700ideacentre_300s-11ish_firmwarethinkcentre_m7250zthinkserver_rd540thinkstation_p320_firmwarethinkcentre_m83thinkcentre_m600thinkcentre_m8350z_firmwarethinkserver_ts550_firmwarethinkcentre_m900zthinkcentre_m8200z_firmwarethinkcentre_e73s_firmwarem4500_firmwarethinkcentre_m93p_firmwarem4500yangtian_mc_h81thinkcentre_m73_firmwarethinkcentre_e73_firmwarethinkcentre_m800_firmwarethinkcentre_m7300zthinkcentre_m4500kthinkcentre_m9550zthinkcentre_e93thinkcentre_m8200zthinkstation_e32_firmwarethinkcentre_m6500t\/s_firmwareyangtian_mc_h81_firmwarethinkserver_ts250thinkcentre_m700z_firmwarethinkserver_rd440thinkserver_ts150thinkstation_e31_firmwareyangtian_mc_carrizo-l_firmwarethinkcentre_m800z_firmwarethinkserver_ts240_firmwarethinkcentre_m92_firmwareideacentre_300-20ishthinkserver_rs140thinkserver_ts140thinkcentre_e75_t\/s_firmwarethinkcentre_e73sthinkcentre_m4600t\/sthinkcentre_m8600t\/s_firmwarethinkcentre_x1_aio_firmwarethinkstation_d30_\(4354\)_firmwares500_firmwarethinkcentre_e73z_\(aio\)thinkcentre_m73p_firmwarethinkcentre_m73z_\(aio\)_firmwarethinkcentre_e74s_firmwarethinkstation_e31thinkstation_p500thinkstation_p710_firmwarethinkcentre_m4500t\/sthinkcentre_m4500qthinkcentre_m9500z_firmwarethinkstation_p410thinkcentre_m4500q_firmwarethinkcentre_m6600q_firmwarethinkcentre_edge_62zthinkcentre_e75_t\/sthinkserver_td340_firmwareh50-30g_firmwarethinkcentre_e93z_\(aio\)_firmwarethinkcentre_m93_firmwarethinkstation_p500_firmwarethinkserver_rs140_firmwarethinkcentre_m93pthinkcentre_m93thinkcentre_edge_62z_firmwarethinkserver_rd640_firmwarethinkcentre_m910t\/s_firmwarethinkcentre_e74sthinkcentre_m6600_firmwareyangtian_mf\/wf_h81thinkcentre_e74zthinkstation_s30_\(4351\)thinkserver_ts550thinkstation_s30_\(4351\)_firmwarethinkserver_rq750thinkcentre_m73pthinkcentre_m810zthinkstation_p910_firmwarethinkcentre_m4600t\/s_firmwarethinkcentre_m79_firmwarethinkcentre_m715qDesktop and Notebook BIOS
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-3756
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-18 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

Action-Not Available
Vendor-Microsoft CorporationLenovo Group Limited
Product-thinkpad_13e_biosthinkpad_x1_carbon_20bx_biosthinkpad_t450thinkpad_x1_tablet_biosthinkpad_t440s_biosthinkpad_s3_s440thinkpad_t460pthinkpad_e450cthinkpad_x250_sharkbaythinkpad_p50_biosthinkpad_t540thinkpad_s3_yoga_14_biosthinkpad_w541_biosthinkpad_x240s_biosthinkpad_l450_biosthinkpad_edge_e445thinkpad_e455thinkpad_e560_biosthinkpad_t560thinkpad_e550_biosthinkpad_e560thinkpad_edge_e540thinkpad_x260_biosthinkpad_s1_yoga_12thinkpad_yoga_11e_braswellthinkpad_s3_s440_biosthinkpad_w550s_biosthinkpad_e450c_biosthinkpad_11e_broadwell_bioswindows_10thinkpad_s1_yoga_vpro_biosthinkpad_x1_carbon_20axthinkpad_l440_biosthinkpad_11e_skylakethinkpad_w550sthinkpad_l540_biosthinkpad_yoga_11e_beemathinkpad_yoga_260_s1thinkpad_t560_biosthinkpad_tablet_10thinkpad_t550thinkpad_t450sthinkpad_s5_e560p_biosthinkpad_10_ella_2thinkpad_yoga_11e_braswell_biosthinkpad_t460_biosthinkpad_t460thinkpad_l560_biosthinkpad_tablet_8_biosthinkpad_x250_broadwell_biosthinkpad_x240thinkpad_x1_tabletthinkpad_s1_yoga_non_vprothinkpad_s1_yoga_vprothinkpad_t440thinkpad_helix_20cg_biosthinkpad_x1_yoga_biosthinkpad_l440thinkpad_edge_e445_bioswindows_8.1thinkpad_edge_e440thinkpad_11e_braswell_biosthinkpad_p50s_biosthinkpad_x1_carbon_20ax_biosthinkpad_l560thinkpad_edge_e545thinkpad_l460windows_7thinkpad_s1_yoga_non_vpro_biosthinkpad_yoga_14_460_s3_biosthinkpad_e550cthinkpad_yoga_14_460_s3thinkpad_e465thinkpad_e460_biosthinkpad_l460_biosthinkpad_s540thinkpad_s540_biosthinkpad_helix_20cgthinkpad_11e_beema_biosthinkpad_t450s_biosthinkpad_t440uthinkpad_10_ella_2_biosthinkpad_e550c_biosthinkpad_helix_20ch_biosthinkpad_13ethinkpad_s5_e560pthinkpad_e460thinkpad_t440sthinkpad_x1_carbon_biosthinkpad_e450thinkpad_t440pthinkpad_11e_skylake_biosthinkpad_x250_sharkbay_biosthinkpad_x250_broadwellthinkpad_s5_yoga_15_biosthinkpad_x140e_amd_biosthinkpad_t460sthinkpad_e455_biosthinkpad_yoga_11ethinkpad_w540thinkpad_e565_biosthinkpad_yoga_11e_broadwell_biosthinkpad_e450_biosthinkpad_tablet_10_biosthinkpad_helix_20chthinkpad_yoga_11e_broadwellthinkpad_t540p_biosthinkpad_x140e_amdthinkpad_yoga_260_s1_biosthinkpad_t540pthinkpad_x1_carbon_20bxthinkpad_w540_biosthinkpad_x240sthinkpad_s1_yoga_12_biosthinkpad_t550_biosthinkpad_x240_biosthinkpad_edge_e540_biosthinkpad_11e_braswellthinkpad_yoga_11e_skylake_biosthinkpad_e555thinkpad_x1_carbonthinkpad_e565thinkpad_yoga_11e_biosthinkpad_yoga_11e_beema_biosthinkpad_p70thinkpad_t440_biosthinkpad_edge_e440_biosthinkpad_s3_yoga_14thinkpad_w541thinkpad_s5_yoga_15thinkpad_e465_biosthinkpad_e555_biosthinkpad_t440p_biosthinkpad_x260thinkpad_t540_biosthinkpad_t450_biosthinkpad_edge_e545_biosthinkpad_tablet_8thinkpad_l540thinkpad_p50sthinkpad_t440u_biosthinkpad_11e_broadwellthinkpad_t460s_biosthinkpad_x1_yogathinkpad_l450thinkpad_yoga_11e_skylakethinkpad_11e_beemathinkpad_p70_biosthinkpad_e550thinkpad_p50thinkpad_t460p_biosThinkPad Active Protection System
CVE-2017-3754
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.96%
||
7 Day CHG~0.00%
Published-17 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_710-11ikblenovo_ideapad_320-15astv110-15iaplenovo_ideapad_110-15astk41-80lenovo_ideapad_320-14astv110-14iap710s-13ikb\/xiaoxin_air_13ikbmiix_710-12ikbk21-80lenovo_ideapad_110-14astv110-15iskv110-15ikbk22-80\/lenovo_v720-12710s-13isk\/xiaoxin_air_13biosrescuer_e520-15ikblenovo_xiaoxin_rui7000notebook_320-17astmiix_720-12ikbLenovo Notebook BIOS
CVE-2017-3762
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.37%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 01:00
Updated-16 Sep, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.

Action-Not Available
Vendor-Microsoft CorporationLenovo Group Limited
Product-fingerprint_manager_prowindows_7windows_8windows_8.1Lenovo Fingerprint Manager Pro
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2024-4130
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-app_storeApp Storeapp_store
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-4089
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.57%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-17 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-superfileSuperFilesuperfile
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-48188
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.41%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:03
Updated-08 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m720s_firmwarethinkcentre_m920qthinkstation_p520_firmwarethinkcentre_m75s_gen_2_firmwarev530s-07icbthinkcentre_m720t_firmwareideacentre_510s-07icb_firmwareideacentre_aio_3-27itl6_firmwareideacentre_aio_3-27itl6thinkcentre_m720ethinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m920zthinkstation_p330_tinyv30a-24itl_firmwareideacentre_510s-07icbthinkcentre_m75s_gen_2v30a-24itlthinkcentre_m720qthinkstation_p330_tiny_firmwarethinkstation_p520ideacentre_aio_3-24itl6ideacentre_720-18aprideacentre_aio_3_21itl7_firmwarethinkstation_p520cthinkstation_p520c_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_3-24itl6_firmwarethinkcentre_m920z_firmwarev530s-07icr_firmwarethinkcentre_m720e_firmwareideacentre_510s-07ickthinkcentre_m720sideacentre_720-18apr_firmwarethinkcentre_m75t_gen_2_firmwarev30a-22itl_firmwarev530s-07icrthinkstation_p360_ultra_firmwarev30a-22itlideacentre_510s-07ick_firmwarethinkcentre_m920t_firmwarev530s-07icb_firmwarethinkcentre_m725sideacentre_aio_3-22itl6thinkcentre_m920tthinkcentre_m920xideacentre_aio_3-22itl6_firmwarethinkstation_p360_ultrathinkcentre_m720tthinkcentre_m725s_firmwarethinkcentre_m75t_gen_2thinkcentre_m720q_firmwarethinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6232
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:19
Updated-22 Jul, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-commercial_vantagevantageVantageCommercial Vantage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2025-6231
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.03% / 5.13%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:19
Updated-22 Jul, 2025 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

Action-Not Available
Vendor-Lenovo Group Limited
Product-commercial_vantagevantageVantageCommercial Vantage
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2022-48181
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.41%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 21:01
Updated-08 Jan, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m920qthinkcentre_m720t_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkcentre_m720ethinkstation_p330_gen_2thinkstation_p350_tiny_firmwarethinkcentre_m70s_firmwarethinkcentre_m70t_gen_3thinkcentre_m90q_gen_2thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwareideacentre_3_07iab7_firmwareideacentre_g5-14imb05_firmwarethinkcentre_neo_50s_gen_3thinkcentre_m720qthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p330_tiny_firmwarev35s-07adav55t_gen_2_13acnthinkcentre_m90q_gen_3thinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwareideacentre_aio_3-24imb05_firmwarethinkcentre_m625qv50t-13imbthinkcentre_m90a_pro_gen_3_firmwarethinkcentre_t540-15ama_gideacentre_5-14are05thinkcentre_neo_50s_gen_3_firmwareideacentre_mini_5_01iaq7legion_t5-28imb05_firmwareideacentre_5-14iob6v30a-22itlideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarev530s-07icb_firmwarev55t_gen_2_13acn_firmwareideacentre_aio_3-27alc6_firmwarelegion_t5-26amr5_firmwarethinkcentre_m90tthinkstation_p340ideacentre_5-14iob6_firmwarethinkcentre_m920tideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarelegion_t5-28imb05thinkstation_p350thinkcentre_m720tthinkcentre_m80q_gen_3_firmwarev530s-07icblegion_c530-19icb_firmwareideacentre_3_07ach7_firmwarethinkcentre_t540-15ama_g_firmwarelegion_t530-28icbthinkcentre_m90sthinkcentre_neo_30a_24_gen_3ideacentre_5-14are05_firmwareideacentre_510s-07icb_firmwarethinkcentre_m75s-1thinkstation_p330_tinythinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m75s_gen_2thinkcentre_m90a_gen_3thinkstation_p340_firmwareideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_5-14imb05ideacentre_gaming_5-14acn6legion_c530-19icbthinkcentre_m70tthinkcentre_m80tthinkcentre_m625q_firmwarethinkcentre_m90a_firmwarethinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkstation_p360_tiny_firmwareideacentre_aio_5_24iah7thinkstation_p360_firmwareideacentre_aio_3_21itl7thinkcentre_m920s_firmwareideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05ideacentre_aio_3-24itl6_firmwarelenovo_legion_t5_26iab7thinkcentre_m920z_firmwareideacentre_aio_3_22iap7_firmwareideacentre_510s-07ickthinkcentre_m75t_gen_2_firmwareideacentre_aio_5_24iah7_firmwarelegion_t5-26iob6thinkcentre_neo_70t_gen_3_firmwarev50t-13iob_g2thinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwarethinkcentre_m90t_gen_3ideacentre_gaming_5-14iob6thinkcentre_m90q_tinylegion_t7-34imz5_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05ideacentre_mini_5_01iaq7_firmwarethinkcentre_m70t_firmwarethinkcentre_m920xthinkcentre_neo_50t_gen_3thinkcentre_neo_70t_gen_3thinkcentre_m600_firmwareideacentre_aio_3_27iap7_firmwarethinkstation_p340_tinythinkstation_p350_tinythinkcentre_m90t_firmwarelegion_r5-28imb05thinkcentre_m720s_firmwarethinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwareideacentre_aio_3-27itl6thinkcentre_m920q_firmwarethinkcentre_m920sthinkcentre_m90s_firmwareideacentre_aio_3-22imb05thinkstation_p320ideacentre_510s-07icbthinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05lenovo_legion_t5_26iab7_firmwarethinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7thinkstation_p320_firmwareideacentre_aio_3_21itl7_firmwareideacentre_3_07iab7thinkcentre_m90s_gen_3thinkcentre_neo_30a_22_gen_3thinkcentre_neo_50t_gen_3_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m720e_firmwarethinkcentre_m80qthinkcentre_m720sideacentre_720-18apr_firmwareideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t5-26amr5thinkcentre_m920t_firmwarethinkstation_p360_tinythinkcentre_m725sthinkcentre_m75nlegion_t5-26iob6_firmwarelegion_t7-34imz5thinkcentre_m60e_tinythinkcentre_m70t_gen_3_firmwarethinkcentre_m725s_firmwarethinkcentre_neo_30a_24_gen_3_firmwarelegion_r5-28imb05_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_m60e_tiny_firmwarethinkcentre_m70q_gen_3_firmwarethinkcentre_m75s-1_firmwarethinkcentre_m90q_gen_3_firmwarelegion_t5-28icb05_firmwarethinkcentre_m90athinkcentre_m920zthinkcentre_m80s_gen_3v30a-24itl_firmwarethinkstation_p330thinkstation_p350_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7ideacentre_aio_3-27alc6thinkcentre_m80q_gen_3thinkcentre_m90q_gen_2_firmwarev30a-24itlv35s-07ada_firmwarethinkcentre_m70sthinkstation_p330_gen_2_firmwarev50s-07imb_firmwarethinkstation_p340_tiny_firmwareideacentre_aio_3-24itl6ideacentre_720-18aprlegion_t5-28icb05ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarev530s-07icr_firmwareideacentre_3-07ada05_firmwarethinkstation_p360v30a-22itl_firmwarev530s-07icrideacentre_5-14imb05_firmwareideacentre_3_07ach7v50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwarev50t-13iob_g2_firmwareideacentre_g5-14amr05thinkcentre_m70q_gen_3ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6ideacentre_aio_5_27iah7thinkcentre_m80s_firmwareideacentre_3-07imb05thinkstation_p330_firmwarelegion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m720q_firmwarethinkcentre_m600thinkcentre_m920x_firmwareThinkStation BIOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-33579
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:16
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Baiyingbaiying
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4568
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7||HIGH
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 14:36
Updated-30 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-33582
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Service Frameworkservice_framework
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-4569
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.91%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 20:59
Updated-08 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_hybrid_usb-c_with_usb-a_dockthinkpad_hybrid_usb-c_with_usb-a_dock_firmwareThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-33581
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager AI intelligent scenariopcmanager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-33580
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.64%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:17
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Personal Cloudpersonal_cloud
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-8338
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.55%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.

Action-Not Available
Vendor-Lenovo Group Limited
Product-diagnosticsDiagnostics
CWE ID-CWE-426
Untrusted Search Path
CVE-2020-8319
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovo System Interface Foundation
CVE-2020-8318
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.93%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 21:05
Updated-16 Sep, 2024 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationLenovoSystemUpdatePlugin for Lenovo System Interface Foundation
CVE-2019-6191
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.49%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-paperLenovoPaper
CVE-2019-6184
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.53%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-customer_engagement_serviceCustomer Engagement Service (CCSDK)
CVE-2019-6197
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.24%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-31 Jul, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Managerpcmanager
CWE ID-CWE-287
Improper Authentication
CVE-2022-3699
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-84.02% / 99.26%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:48
Updated-17 Sep, 2024 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-diagnosticshardwarescan_pluginhardwarescan_addinDiagnosticsHardwareScanPlugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6149
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.60%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.

Action-Not Available
Vendor-unspecifiedLenovo Group Limited
Product-thinkpad_x1_carbondynamic_power_reductionunspecified
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2019-6171
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.14% / 34.66%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 14:56
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

Action-Not Available
Vendor-Lenovo Group Limited
Product-20ef_firmware20h8_firmware20l2_firmware20bl_firmware20eg20ef20jr20ak_firmware20eu_firmware20dh_firmware20an_firmware20ng_firmware20bf20fv_firmware20mu_firmware20ln20ju_firmware20m7_firmware20ln_firmware20dj_firmware20bw_firmware20gb20mv20aq_firmware20j520nq20fm_firmware20jh_firmware20mx_firmware20j1235x_firmware20f520fu20jh20k6247x_firmware20mw_firmware20m620dd20g9_firmware20jv20hv343x20hs_firmware20k520jq20ku20kv_firmware20jj_firmware247x20aw_firmware20m520an20g820nu243x20n8234x_firmware20b7_firmware344x_firmware20jv_firmware20lh20nu_firmware20hm30eh_firmware20ab_firmware20kt20kl20kd20de_firmware20b3_firmware20eu20mw20ey20n9_firmware20fx_firmware20j620f620j7_firmware20e020a9_firmware20fw_firmware20dt20bw20km20dj20lm20h6_firmware20nr20nr_firmware244x_firmware337x20bx_firmware20fv20da_firmware20al20ew_firmware20kn_firmware20fn_firmware243x_firmware30eh20ga_firmware20ev_firmware20h120km_firmware20kc20b020aa_firmware20ab20ht_firmware20lx_firmware20j6_firmware20hv_firmware20g4_firmware244x246x_firmware20ng20h2_firmware20bm20j5_firmware20da20h620h4_firmware20h420dq_firmware20be_firmware20a8_firmware20a920lh_firmware20jr_firmware20bx20hn_firmware3xxx_firmware20ev34xx20nt20et20nn_firmware20ks20am20lq_firmware233x_firmware20d9_firmware20be20a820h23xxx20ku_firmware20nn20k5_firmware20aq20lj20lr_firmware20hs20ja20dg20bl20dc20f120ja_firmware20n9232x_firmware20fw20nq_firmware20ar20b6234x20aa20ga20j1_firmware20h1_firmware20kd_firmware20ds_firmware20ls_firmware20kt_firmware20hu20j2235x230x232x20bm_firmware20g5_firmware20ht20nt_firmware20ks_firmware20b720fu_firmware20jj20bg20m5_firmware20ns20f2_firmware20dg_firmware20bv_firmware20bf_firmware20e0_firmware20j2_firmware20bg_firmware20df20m734xx_firmware20b6_firmware20h5_firmware20a7_firmware20f5_firmware20lr20ew20et_firmware20n8_firmware20ns_firmware20ak20aj20kv20bu344x20m8_firmware20am_firmware20d920m820lt20eg_firmware20kq20jq_firmware20k6_firmware20dq20de20dh20aj_firmware20ac20j720dr20mx20fx20ex_firmware336x20gb_firmware20f1_firmware20mv_firmware337x_firmware20hm_firmware20lx239x20kq_firmware20kl_firmware20g920lq20mu20fm20lj_firmware20g4248x_firmware20hu_firmware20ey_firmware20fn20f6_firmware20h820ds20j4_firmware20dr_firmware246x343x_firmware242x20bv20h520ls20b3242x_firmware20f220dc_firmware20l220hn20ex20m6_firmware20lt_firmware20ju20j420ar_firmware233x20g520kc_firmware230x_firmware20al_firmware20lm_firmware20b0_firmware20aw20dt_firmware20g8_firmware20a7248x20ac_firmware20dd_firmware20df_firmware20bu_firmware239x_firmware20kn336x_firmwareBIOS
CVE-2008-4589
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.09% / 27.26%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-resuce_and_recoveryn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-3431
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 7.51%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 18:18
Updated-19 Sep, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwarethinkbook_plus_g3_iap_firmwareyoga_slim_7-13itl05yoga_slim_7_carbon_13itl5thinkbook_16_g4\+_arad330-10iglideapad_5_pro-16ihu6yoga_slim_7-13itl05_firmwareyoga_duet_7-13itl6-lteyoga_slim_7-13acn05_firmwareyoga_slim_7_carbon_13itl5_firmwareslim_7_16arh7_firmwareyoga_duet_7-13iml05_firmwarethinkbook_14_g4\+_araideapad_slim_7_pro_16ach6_firmwarethinkbook_13x_itgthinkbook_16_g4\+_iapthinkbook_13x_itg_firmwareideapad_5_pro_16arh7yoga_slim_7_pro_16ach6ideapad_creator_5-16ach6_firmwarethinkbook_plus_g3_iapd330-10igl_firmwareideapad_duet_3_10igl5_firmwareyoga_slim_7_pro_16arh7yoga_slim_7-13acn05ideapad_creator_5-16ach6thinkbook_plus_g2_itg_firmwarethinkbook_plus_g2_itgthinkbook_16_g4\+_iap_firmwareyoga_slim_7_pro_16ach6_firmwareyoga_duet_7-13itl6_firmwareyoga_duet_7-13iml05ideapad_5_pro_16arh7_firmwarethinkbook_16_g4\+_ara_firmwares540-15iml_firmwareideapad_slim_7_pro_16ach6slim_7_16arh7thinkbook_16p_nx_arh_firmwareyoga_duet_7-13itl6-lte_firmwareyoga_slim_7_pro_16arh7_firmwareyoga_duet_7-13itl6thinkbook_14_g4\+_iaps540-15imlideapad_5_pro-16ach6thinkbook_14_g4\+_iap_firmwarethinkbook_14_g4\+_ara_firmwareideapad_5_pro-16ach6_firmwareideapad_duet_3_10igl5thinkbook_16p_nx_arhBIOSnotebook
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1891
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.61%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:25
Updated-03 Apr, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_15-imlthinkbook_14-iml_firmwareyoga_c640-13iml_firmwarethinkbook_15-iml_firmwarethinkbook_14-iil_firmwarethinkbook_14-imlthinkbook_15-iilyoga_c640-13imlyoga_c640-13iml_lte_firmwarethinkbook_14-iilthinkbook_15-iil_firmwareyoga_c640-13iml_lteBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-1890
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.61%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:18
Updated-01 Apr, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_15-imlthinkbook_14-iml_firmwareyoga_c640-13iml_firmwarethinkbook_15-iml_firmwarethinkbook_14-iil_firmwarethinkbook_14-imlthinkbook_15-iilyoga_c640-13imlyoga_c640-13iml_lte_firmwarethinkbook_14-iilthinkbook_15-iil_firmwareyoga_c640-13iml_lteBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1892
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.61%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:31
Updated-02 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_s730-13imlideapad_3-17ada05_firmwareideapad_s940-14iilthinkbook_14p_g2_ach500w_gen_3ideapad_3-14ada05s145-15api_firmwareideapad_5_15aba7v14_g2-alcyoga_c640-13iml_firmwareideapad_slim_1-11ast-05_firmwareyoga_c940-15irh_firmwarev14_g2-alc_firmwareideapad_5_15aba7_firmware100w_gen_3_firmwareideapad_flex_5_16alc7_firmware14w_gen_2v130-15ikbflex_5-15iil05s145-14ast_firmware300e_2nd_gen_firmwareyoga_s730-13iml_firmwarev14-ada_firmwareideapad_1-14ada05yoga_c940-15irhthinkbook_13s_g2_are_firmwarethinkbook_14s-iml_firmware13w_yoga_firmwareideapad_1-14igl05thinkbook_16p_g2_achflex_5-15iil05_firmwareyoga_c640-13iml_lte_firmwareflex_5-15itl05_firmwareideapad_3-17alc6legion_s7-15arh5s540-13api_firmwarev130-15ikb_firmwares145-15ast_firmwarethinkbook_14-iil_firmwareideapad_3-15alc6ideapad_3-15ada05ideapad_slim_1-14ast-05_firmwareflex_5-15alc05ideapad_3-15ada6100e_2nd_genthinkbook_14s_g2_itl300w_gen_3ideapad_3-17ada6_firmware100e_2nd_gen_firmwareideapad_5-15alc05ideapad_3-17ada05flex_5-14are05s145-15astthinkbook_14-iil300e_2nd_genflex_5-14alc05yoga_c640-13iml_ltelegion_s7-15ach6_firmware730s-13iml_firmwareyoga_slim_7_pro-14ach5_firmwarethinkbook_13s_g3_acn_firmwareyoga_slim_7_pro-14ach5_ov15_g2-alc_firmwarelegion_s7-15arh5_firmwares145-15apiyoga_s940-14iilideapad_slim_1-14ast-05yoga_slim_7_pro-14ach5ideapad_3-14alc6_firmwarethinkbook_14s-imllegion_s7-15imh5thinkbook_14-iml_firmwarethinkbook_15-iml_firmware300w_gen_3_firmwarelegion_s7-15imh5_firmwarethinkbook_13s_g2_itllegion_s7-15ach6500w_gen_3_firmwarethinkbook_13s_g2_areideapad_3-14ada6ideapad_3-15ada6_firmware730s-13imlthinkbook_15-iil_firmwareideapad_3-17ada6ideapad_slim_1-11ast-05v15-ada_firmwareideapad_1-14igl05_firmwarethinkbook_16p_g2_ach_firmwareyoga_slim_7_pro-14arh5ideapad_1-11ada05_firmwarethinkbook_13s-iml_firmwareflex_5-15itl05thinkbook_13s-imlv15-adaideapad_flex_5_16alc714w_gen_2_firmwareideapad_flex_5_14alc7ideapad_1-11ada05ideapad_5-15alc05_firmwareflex_5-14iil05yoga_s940-14iil_firmwares145-14api_firmwarethinkbook_15-imlyoga_slim_7_pro-14ach5_o_firmwareyoga_slim_7_pro-14arh5_firmware100w_gen_3ideapad_3-14alc6thinkbook_14s_g2_itl_firmwarethinkbook_15-iilv15_g2-alcflex_3-11ada05s145-14astthinkbook_13s_g3_acnflex_5-14alc05_firmwareflex_3-11ada05_firmwarethinkbook_14p_g2_ach_firmwareideapad_1-14ada05_firmwareideapad_3-14ada05_firmwareflex_5-15alc05_firmwareflex_5-14itl05_firmwarev14-adaideapad_3-15alc6_firmwareideapad_3-14ada6_firmwareflex_5-14iil05_firmwareideapad_1-11igl05ideapad_3-15ada05_firmwareideapad_3-17alc6_firmwarethinkbook_13s_g2_itl_firmwareyoga_9-15imh5flex_5-14itl05ideapad_1-11igl05_firmwares540-13apiideapad_flex_5_14alc7_firmwarethinkbook_14-imlideapad_s940-14iil_firmwareflex_5-14are05_firmwareyoga_9-15imh5_firmwares145-14api13w_yogayoga_c640-13imlBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-0354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.68%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CVE-2016-8228
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-03 Jun, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-lenovo_service_bridgeService Bridge
CVE-2016-8223
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.99%
||
7 Day CHG~0.00%
Published-29 Nov, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

Action-Not Available
Vendor-Lenovo Group LimitedMicrosoft Corporation
Product-system_interface_foundationwindows_10All ThinkPad, ThinkCentre, ThinkStation and Lenovo-branded systems preloaded with the Windows 10 operating system, or any system running Lenovo Companion, Lenovo Settings, or Lenovo ID.
CWE ID-CWE-284
Improper Access Control
CVE-2016-8227
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.12%
||
7 Day CHG~0.00%
Published-26 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-transitionTransition application
CWE ID-CWE-284
Improper Access Control
CVE-2016-8235
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.03%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-customer_care_software_development_kitCustomer Care Software Development Kit (CCSDK)
CVE-2016-5247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-22 Sep, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-thinkcentre_m6600t\/sthinkcentre_m8600t\/sthinkstation_p300thinkserver_rq940thinkstation_e32thinkcentre_m93thinkcentre_m6600qthinkstation_p310biosthinkcentre_m73pthinkcentre_m6500t\/sthinkcentre_e93thinkcentre_m800thinkcentre_m83thinkserver_ts540thinkcentre_m8500t\/sthinkcentre_m6600thinkserver_ts240thinkserver_rs140thinkserver_ts140thinkserver_ts440thinkcentre_m93pthinkcentre_m900n/a
CVE-2021-4210
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.04%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkstation_p520_firmwareideacentre_aio_3-27itl6_firmwarethinkcentre_m910zideacentre_aio_3-27itl6ideacentre_aio_3-22ada6ideacentre_aio_3-22ada6_firmwarethinkcentre_m800v410z_firmwarethinkcentre_m900ideacentre_g5-14imb05_firmwarethinkstation_p520thinkcentre_m90a_gen2v50t-13imbthinkcentre_x1thinkcentre_m700thinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkstation_p310thinkedge_se30thinkcentre_m700_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_aio_3-22itl6_firmwarethinkedge_se30_firmwarethinkcentre_m70a_firmwareideacentre_aio_3-24ada6_firmwarethinkcentre_m900_firmwarea540-27icbstadia_ggp-120_firmwareideacentre_aio_3-22iil5_firmwarev410zstadia_ggp-120ideacentre_c5-14imb05thinkcentre_m900x_firmwarea540-27icb_firmwareideacentre_5-14imb05thinkcentre_m700_tinyideacentre_aio_3-24itl6thinkstation_p520c_firmwarethinkcentre_m90a_gen2_firmwareideacentre_c5-14imb05_firmwarea540-24icbthinkcentre_m70aideacentre_aio_3-24ada6thinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev540-24iwl_firmwarea540-24icb_firmwareideacentre_aio_3-22iil5ideacentre_5-14imb05_firmwarev50t-13imb_firmwarethinkcentre_m820zthinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m910z_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05thinkcentre_x1_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarev540-24iwlthinkstation_p520cBIOS
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found