Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3432

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-23 Jan, 2023 | 16:27
Updated At-01 Apr, 2025 | 19:50
Rejected At-
Credits

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:23 Jan, 2023 | 16:27
Updated At:01 Apr, 2025 | 19:50
Rejected At:
▼CVE Numbering Authority (CNA)

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
BIOS
Default Status
unaffected
Versions
Affected
  • various
Problem Types
TypeCWE IDDescription
CWECWE-276CWE-276 Incorrect Default Permissions
Type: CWE
CWE ID: CWE-276
Description: CWE-276 Incorrect Default Permissions
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952

Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Martin Smolár from ESET for reporting these issues.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94952
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94952
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94952
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94952
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:26 Jan, 2023 | 21:15
Updated At:03 Feb, 2023 | 18:24

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Lenovo Group Limited
lenovo
>>ideapad_y700-14isk_firmware>>-
cpe:2.3:o:lenovo:ideapad_y700-14isk_firmware:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>ideapad_y700-14isk>>-
cpe:2.3:h:lenovo:ideapad_y700-14isk:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-276Primarynvd@nist.gov
CWE-276Secondarypsirt@lenovo.com
CWE ID: CWE-276
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-276
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-94952psirt@lenovo.com
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94952
Source: psirt@lenovo.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

111Records found
CVE-2023-43575
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:37
Updated-04 Sep, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOSdesktop_bios
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-43567
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.83%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 22:04
Updated-12 Sep, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m70q_firmwarethinkcentre_m80t_gen_3ideacentre_aio_3-27itl6_firmwarethinkstation_p340_workstationthinkcentre_m70s_firmwarethinkcentre_m90q_gen_2thinkcentre_m70t_gen_3thinkcentre_m90q_tiny_firmwarethinkcentre_neo_30a_27_gen_3_firmwarethinkcentre_m70a_gen_3ideacentre_g5-14imb05_firmwarethinkstation_p330_workstationthinkcentre_m70qideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6thinkstation_p340_workstation_firmwarev55t_gen_2_13acnloq_17irb8_firmwarethinkcentre_m90q_gen_3ideacentre_5_14irb8_firmwarethinkcentre_neo_30a_27_gen_3thinkcentre_m90t_gen_3_firmwarethinkcentre_m630ethinkcentre_m625qideacentre_aio_3-24imb05_firmwareyoga_aio_7_27arh7_firmwarethinkstation_p520_workstation_firmwareyoga_aio_7-27arh6v50t-13imbthinkstation_p360_workstationthinkcentre_m70a_gen_3_firmwarethinkcentre_m90a_pro_gen_3_firmwareloq_17irb8thinkstation_p350_workstationideacentre_mini_5_01iaq7thinkstation_p520c_workstationthinkstation_p350_workstation_firmwareideacentre_5-14iob6v30a-22itlthinkstation_p330_workstation_2nd_genv50a-24imb_firmwareideacentre_gaming_5_17acn7_firmwarethinkcentre_m70c_firmwarev55t_gen_2_13acn_firmwarethinkcentre_m90tthinkstation_p330_workstation_2nd_gen_firmwarethinkcentre_neo_50a_24_gen_4_firmwarethinkcentre_neo_30a_22_gen_4ideacentre_5-14iob6_firmwarelegion_t7_34irz8_firmwareideacentre_aio_3-22itl6_firmwarethinkcentre_m70s_gen_3_firmwarethinkedge_se30_firmwarethinkcentre_m80q_gen_3_firmwarethinkcentre_m920z_all-in-one_firmwarethinkcentre_neo_30a_27_gen_4legion_t5_26irb8v50a-22imbthinkstation_p350_tiny_workstationv50a-24imbthinkcentre_neo_30a_24_gen_3thinkcentre_m90sthinkstation_p358_workstation_firmwarethinkcentre_m70q_gen_2_firmwarev50s-07imbideacentre_creator_5-14iob6thinkcentre_m90a_gen_3thinkcentre_m75s_gen_2ideacentre_5-14acn6_firmwareideacentre_aio_3-24imb05ideacentre_gaming_5-14acn6thinkcentre_m80tthinkcentre_m70tideacentre_5-14imb05thinkcentre_m90a_gen_2_firmwarethinkcentre_m90a_pro_gen_3thinkcentre_m90a_firmwarethinkcentre_m625q_firmwareyoga_aio_7_27arh7ideacentre_aio_5_24iah7ideacentre_aio_3_21itl7ideacentre_aio_5_27iah7_firmwareideacentre_aio_3-27imb05thinkstation_p348_workstation_firmwareideacentre_aio_3-24itl6_firmwarethinkstation_p920_workstationideacentre_aio_3_22iap7_firmwarethinkstation_p330_workstation_firmwarethinkcentre_m75t_gen_2_firmwarethinkstation_p360_ultra_workstationideacentre_aio_3-22iil5yoga_aio_7-27arh6_firmwareideacentre_aio_5_24iah7_firmwarethinkcentre_neo_70t_gen_3_firmwarethinkcentre_m90a_gen_3_firmwareideacentre_aio_3_24iap7_firmwareideacentre_aio_3-24iil5ideacentre_gaming_5-14iob6thinkcentre_m90q_tinythinkcentre_neo_50t_gen_3thinkcentre_m70t_firmwarelegion_t7-34imz5_firmwareideacentre_mini_5_01iaq7_firmwareideacentre_g5-14imb05thinkcentre_neo_30a_27_gen_4_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkcentre_neo_70t_gen_3ideacentre_aio_3-22itl6thinkstation_p358_workstationideacentre_aio_3_27iap7_firmwarethinkstation_p350_tiny_workstation_firmwarethinkstation_p360_ultra_workstation_firmwarethinkcentre_m90t_firmwarev30a-24imlthinkcentre_m80sthinkcentre_m70q_gen_2thinkcentre_m75s_gen_2_firmwarelegion_t7-34iaz7thinkcentre_m80q_firmwarelegion_t5_26iab7_firmwarelegion_t5_26iab7ideacentre_aio_3-27itl6thinkcentre_m90s_firmwarethinkcentre_m630e_firmwareideacentre_aio_3-22imb05v50t-13iob_firmwarethinkcentre_neo_30a_22_gen_3_firmwareideacentre_mini_5-01imh05thinkcentre_m80t_gen_3_firmwareideacentre_aio_3_22iap7ideacentre_gaming_5_17acn7ideacentre_aio_3_21itl7_firmwarethinkstation_p340_tiny_workstationthinkcentre_neo_30a_22_gen_3thinkcentre_m90s_gen_3thinkstation_p320_workstationthinkcentre_neo_50t_gen_3_firmwarethinkstation_p348_workstationideacentre_t540-15ama_g_firmwareideacentre_aio_3_27iap7ideacentre_g5-14amr05_firmwarethinkcentre_m75n_firmwarethinkcentre_m80qthinkedge_se30ideacentre_5_14iab7ideacentre_mini_5-01imh05_firmwarelegion_t7_34irz8thinkcentre_m75nthinkstation_p920_workstation_firmwarelegion_t7-34imz5v30a-24iml_firmwarethinkcentre_m70t_gen_3_firmwarethinkstation_p520_workstationv50t-13imh_firmwarethinkcentre_m920z_all-in-onethinkcentre_neo_30a_24_gen_3_firmwarethinkstation_p520c_workstation_firmwareideacentre_3-07ada05thinkcentre_m70cthinkcentre_neo_30a_24_gen_4v50t-13iobthinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwarethinkstation_p720_workstationthinkcentre_m75q_gen_2thinkcentre_m90q_gen_3_firmwarethinkcentre_m90athinkcentre_neo_50a_24_gen_4thinkcentre_m80s_gen_3v30a-24itl_firmwareideacentre_aio_3-22imb05_firmwareideacentre_c5-14imb05thinkcentre_m90s_gen_3_firmwarethinkcentre_m70s_gen_3ideacentre_aio_3_24iap7thinkcentre_m90q_gen_2_firmwarethinkcentre_m80q_gen_3v30a-24itlv50a-22imb_firmwarethinkstation_p360_tiny_workstationthinkcentre_m70sthinkcentre_neo_50a_24_gen_3_firmwarev50s-07imb_firmwarev30a-22imlthinkcentre_neo_30a_24_gen_4_firmwareideacentre_aio_3-24itl6ideacentre_c5-14imb05_firmwareideacentre_aio_3-27imb05_firmwarethinkcentre_m80s_gen_3_firmwarelegion_t5_26irb8_firmwarev30a-22iml_firmwareideacentre_3-07ada05_firmwarev30a-22itl_firmwarethinkcentre_m75q_gen_2_firmwarethinkstation_p360_workstation_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_5-14imb05_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareideacentre_5_14irb8thinkstation_p720_workstation_firmwareideacentre_g5-14amr05ideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkcentre_m80t_firmwarethinkstation_p320_workstation_firmwarethinkcentre_m90a_gen_2ideacentre_5-14acn6thinkcentre_neo_50a_24_gen_3thinkcentre_neo_30a_22_gen_4_firmwarethinkcentre_m80s_firmwareideacentre_aio_5_27iah7ideacentre_3-07imb05legion_t7-34iaz7_firmwareideacentre_gaming_5_17iab7_firmwareideacentre_gaming_5-14acn6_firmwarethinkcentre_m75t_gen_2ideacentre_creator_5-14iob6_firmwarethinkcentre_m90t_gen_3v50t-13imhDesktop BIOSdesktop_bios
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-4212
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.00%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_5_pro-16ihu6_firmwareideapad_gaming_3-15imh05_firmwarel340-17irh_firmwareideapad_5-14alc05ideapad_5-14alc05_firmwarel340-15iwl_touch_firmwareideapad_5_pro-16ihu6ideapad_gaming_3-15ach6legion_y545_firmwareslim_7-14itl05yoga_creator_7-15imh05e41-50_firmwareyoga_6-13alc6_firmwarel340-15iwl_firmwareflex-14imllegion_y545ideapad_5-15itl05_firmwareyoga_slim_7-15imh05yoga_slim_7-15iil05ideapad_3-14are05s540-14imlslim_7-14itl05_firmwarel340-17iwlyoga_creator_7-15imh05_firmwarelegion_y540-15irh-pg0_firmwareideapad_5-15itl05s340-14imllegion_y7000-2019-pg0ideapad_gaming_3-15imh05slim_7-14are05ideapad_3-17are05_firmwarethinkbook_plus_g2_itgideapad_3-15are05s340-13imlideapad_5_pro-14acn6yoga_slim_7-15imh05_firmwareideapad_5-14are05legion_y540-15irh-pg0ideapad_creator_5-15imh05s340-15apis340-15imlideapad_5_pro-14acn6_firmwareyoga_slim_7-14itl05_firmwareyoga_slim_7-15itl05v140-15iwl_firmwares540-14iml_firmwareideapad_gaming_3-15arh05_firmwares540-14iml_touchslim_7-14are05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7-14are05slim_7-15imh05d330-10igm_firmwarel340-15iwlideapad_5_pro-14itl6_firmwares340-14api_firmwares340-14apilegion_y540-17irhl340-15irhs340-15iml_firmwarelegion_y7000-2019-pg0_firmwareslim_7-15itl05_firmwarelegion_y545-pg0_firmwarev340-17iwls340-14iml_firmwarelegion_y7000-2019_firmwareideapad_gaming_3-15ach6_firmwareyoga_slim_7-14iil05yoga_slim_7_carbon_13itl5legion_y540-17irh_firmwareslim_7-15iil05yoga_6-13alc6ideapad_3-17are05yoga_slim_7-14iil05_firmwarel340-17iwl_firmwareyoga_slim_7_carbon_13itl5_firmwarec340-15imlideapad_5_pro-14itl6d330-10igmlegion_y540-17irh-pg0flex-15iml_firmwarethinkbook_13x_itgduet_3-10igl5thinkbook_13x_itg_firmwares340-13iml_firmwarev14-areyoga_slim_7-15iil05_firmwares340-15api_touchyoga_slim_7-14are05_firmwareflex-15imll340-15iwl_touchthinkbook_plus_g2_itg_firmwarev14-are_firmwarev340-17iwl_firmwares540-14iml_touch_firmwareideapad_creator_5-15imh05_firmwarec340-15iml_firmwareslim_7-15itl05ideapad_gaming_3-15arh05slim_7-15imh05_firmwareflex-14iml_firmwares340-15api_firmwareduet_3-10igl5_firmwarelegion_y540-15irh_firmwares340-15api_touch_firmwareslim_7-15iil05_firmwarelegion_y7000-2019c340-14imls540-15iml_firmwarethinkbook_14_g3_itl_firmwareyoga_slim_7-15itl05_firmwarelegion_y540-15irhe41-50yoga_slim_7-14itl05ideapad_3-14are05_firmwarec340-14iml_firmwares540-15imlideapad_5-14are05_firmwarev140-15iwll340-15irh_firmwarelegion_y545-pg0l340-17irhthinkbook_14_g3_itlBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34419
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.72%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:49
Updated-02 Aug, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-legion_pro_7_16irx8hlegion_7-16ithg6legion_5_15arh7_firmwarelegion_pro_7_16irx8h_firmwarelegion_5-17ach6hlegion_5-15ith6hlegion_5_pro_16arh7legion_5-15ach6legion_5-15ach6a_firmwarelegion_7-16ithg6_firmwarelegion_5-15ach6h_firmwarelegion_5_pro_16arh7hlegion_5_pro_16arh7h_firmwarelegion_5-15ith6_firmwarelegion_5-17ith6legion_s7_16arha7legion_5_pro-16ach6hlegion_5-17ach6legion_5-15ith6h_firmwarelegion_5-17ach6_firmwarelegion_7-16arha7thinkbook_15p_g2_ith_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_pro-16ith6legion_5_15iah7hlegion_5-17ith6hlegion_5_pro-16ith6h_firmwarelegion_5-17ith6h_firmwarelegion_5_pro_16iah7legion_5_15arh7h_firmwarelegion_pro_7_16irx8_firmwarelegion_pro_7_16irx8legion_pro_5_16irx8_firmwarethinkbook_16p_g3_arhlegion_5_15iah7h_firmwarelegion_5-15ach6alegion_5-17ith6_firmwarelegion_5_pro-16ach6legion_5_15iah7_firmwarelegion_5_15iah7legion_5_pro_16arh7_firmwarelegion_5-15ith6legion_pro_5_16irx8thinkbook_16p_g3_arh_firmwarethinkbook_15p_g2_ithlegion_5_15arh7legion_5_pro-16ith6hlegion_5_pro-16ach6h_firmwarelegion_5-15ach6_firmwarelegion_s7_16arha7_firmwarelegion_5-17ach6h_firmwarelegion_5_pro_16iah7_firmwarelegion_5_pro_16iah7hlegion_5_pro-16ach6_firmwarelegion_7-16arha7_firmwarelegion_7-16achg6_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_5_15arh7hlegion_7-16achg6Lenovo Notebook
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-1892
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.58%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:31
Updated-02 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_s730-13imlideapad_3-17ada05_firmwareideapad_s940-14iilthinkbook_14p_g2_ach500w_gen_3ideapad_3-14ada05s145-15api_firmwareideapad_5_15aba7v14_g2-alcyoga_c640-13iml_firmwareideapad_slim_1-11ast-05_firmwareyoga_c940-15irh_firmwarev14_g2-alc_firmwareideapad_5_15aba7_firmware100w_gen_3_firmwareideapad_flex_5_16alc7_firmware14w_gen_2v130-15ikbflex_5-15iil05s145-14ast_firmware300e_2nd_gen_firmwareyoga_s730-13iml_firmwarev14-ada_firmwareideapad_1-14ada05yoga_c940-15irhthinkbook_13s_g2_are_firmwarethinkbook_14s-iml_firmware13w_yoga_firmwareideapad_1-14igl05thinkbook_16p_g2_achflex_5-15iil05_firmwareyoga_c640-13iml_lte_firmwareflex_5-15itl05_firmwareideapad_3-17alc6legion_s7-15arh5s540-13api_firmwarev130-15ikb_firmwares145-15ast_firmwarethinkbook_14-iil_firmwareideapad_3-15alc6ideapad_3-15ada05ideapad_slim_1-14ast-05_firmwareflex_5-15alc05ideapad_3-15ada6100e_2nd_genthinkbook_14s_g2_itl300w_gen_3ideapad_3-17ada6_firmware100e_2nd_gen_firmwareideapad_5-15alc05ideapad_3-17ada05flex_5-14are05s145-15astthinkbook_14-iil300e_2nd_genflex_5-14alc05yoga_c640-13iml_ltelegion_s7-15ach6_firmware730s-13iml_firmwareyoga_slim_7_pro-14ach5_firmwarethinkbook_13s_g3_acn_firmwareyoga_slim_7_pro-14ach5_ov15_g2-alc_firmwarelegion_s7-15arh5_firmwares145-15apiyoga_s940-14iilideapad_slim_1-14ast-05yoga_slim_7_pro-14ach5ideapad_3-14alc6_firmwarethinkbook_14s-imllegion_s7-15imh5thinkbook_14-iml_firmwarethinkbook_15-iml_firmware300w_gen_3_firmwarelegion_s7-15imh5_firmwarethinkbook_13s_g2_itllegion_s7-15ach6500w_gen_3_firmwarethinkbook_13s_g2_areideapad_3-14ada6ideapad_3-15ada6_firmware730s-13imlthinkbook_15-iil_firmwareideapad_3-17ada6ideapad_slim_1-11ast-05v15-ada_firmwareideapad_1-14igl05_firmwarethinkbook_16p_g2_ach_firmwareyoga_slim_7_pro-14arh5ideapad_1-11ada05_firmwarethinkbook_13s-iml_firmwareflex_5-15itl05thinkbook_13s-imlv15-adaideapad_flex_5_16alc714w_gen_2_firmwareideapad_flex_5_14alc7ideapad_1-11ada05ideapad_5-15alc05_firmwareflex_5-14iil05yoga_s940-14iil_firmwares145-14api_firmwarethinkbook_15-imlyoga_slim_7_pro-14ach5_o_firmwareyoga_slim_7_pro-14arh5_firmware100w_gen_3ideapad_3-14alc6thinkbook_14s_g2_itl_firmwarethinkbook_15-iilv15_g2-alcflex_3-11ada05s145-14astthinkbook_13s_g3_acnflex_5-14alc05_firmwareflex_3-11ada05_firmwarethinkbook_14p_g2_ach_firmwareideapad_1-14ada05_firmwareideapad_3-14ada05_firmwareflex_5-15alc05_firmwareflex_5-14itl05_firmwarev14-adaideapad_3-15alc6_firmwareideapad_3-14ada6_firmwareflex_5-14iil05_firmwareideapad_1-11igl05ideapad_3-15ada05_firmwareideapad_3-17alc6_firmwarethinkbook_13s_g2_itl_firmwareyoga_9-15imh5flex_5-14itl05ideapad_1-11igl05_firmwares540-13apiideapad_flex_5_14alc7_firmwarethinkbook_14-imlideapad_s940-14iil_firmwareflex_5-14are05_firmwareyoga_9-15imh5_firmwares145-14api13w_yogayoga_c640-13imlBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-1108
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.38%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-4210
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.03%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkstation_p520_firmwareideacentre_aio_3-27itl6_firmwarethinkcentre_m910zideacentre_aio_3-27itl6ideacentre_aio_3-22ada6ideacentre_aio_3-22ada6_firmwarethinkcentre_m800v410z_firmwarethinkcentre_m900ideacentre_g5-14imb05_firmwarethinkstation_p520thinkcentre_m90a_gen2v50t-13imbthinkcentre_x1thinkcentre_m700thinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkstation_p310thinkedge_se30thinkcentre_m700_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_aio_3-22itl6_firmwarethinkedge_se30_firmwarethinkcentre_m70a_firmwareideacentre_aio_3-24ada6_firmwarethinkcentre_m900_firmwarea540-27icbstadia_ggp-120_firmwareideacentre_aio_3-22iil5_firmwarev410zstadia_ggp-120ideacentre_c5-14imb05thinkcentre_m900x_firmwarea540-27icb_firmwareideacentre_5-14imb05thinkcentre_m700_tinyideacentre_aio_3-24itl6thinkstation_p520c_firmwarethinkcentre_m90a_gen2_firmwareideacentre_c5-14imb05_firmwarea540-24icbthinkcentre_m70aideacentre_aio_3-24ada6thinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev540-24iwl_firmwarea540-24icb_firmwareideacentre_aio_3-22iil5ideacentre_5-14imb05_firmwarev50t-13imb_firmwarethinkcentre_m820zthinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m910z_firmwareideacentre_aio_3-22itl6ideacentre_g5-14imb05thinkcentre_x1_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarev540-24iwlthinkstation_p520cBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-4211
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.85%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-a340-24ickthinkcentre_m90a_\(gen_2\)thinkcentre_m90a_\(gen_2\)_firmwarev30a-24imlthinkcentre_m910xideacentre_aio_3-27itl6_firmwarethinkcentre_m720eideacentre_aio_3-22ada6ideacentre_aio_3-27itl6se30_firmwareideacentre_aio_3-22ada6_firmwarethinkstation_p320a340-22icb_firmwarethinkcentre_m800thinkstation_p320_tinyv410z_firmwareideacentre_510s-07icbthinkcentre_m900thinkcentre_m910sthinkcentre_m710q_firmwarethinkstation_p320_firmwarev520thinkcentre_m710ethinkcentre_m710t_firmwarethinkcentre_m75n_firmwarethinkstation_p310_firmwarethinkcentre_m910qthinkstation_p310thinkcentre_m720e_firmwareideacentre_5-14iob6v530-15icb_firmwareideacentre_510s-07ick_firmwarev530s-07icb_firmwarethinkcentre_m810zthinkcentre_m800_firmwarethinkcentre_m75nthinkcentre_m810z_firmwareideacentre_5-14iob6_firmwarethinkcentre_m710qideacentre_aio_3-22itl6_firmwarethinkcentre_m710tv30a-24iml_firmwarethinkcentre_m70a_firmwarea340-22ickv530-15icrideacentre_aio_3-24ada6_firmwarev530s-07icbthinkcentre_m710e_firmwarethinkcentre_m900_firmwarev530-15icba540-27icbv520s_firmwareideacentre_aio_3-22iil5_firmwareideacentre_510s-07icb_firmwarea340-24ick_firmwarev410zthinkstation_p320_tiny_firmwarea340-24icb_firmwareideacentre_creator_5-14iob6se30thinkcentre_m900x_firmwarea540-27icb_firmwarethinkcentre_m700_tinyv30a-22imlv520_firmwareideacentre_aio_3-24itl6thinkcentre_m710q_\(10yc\)ideacentre_aio_3-24ada6a540-24icbthinkcentre_m70av30a-22iml_firmwarethinkcentre_m820z_firmwareideacentre_aio_3-24itl6_firmwarev530s-07icr_firmwarev540-24iwl_firmwareideacentre_510s-07icka540-24icb_firmwarev530s-07icrthinkcentre_m710s_firmwareideacentre_aio_3-22iil5thinkcentre_m910x_firmwarethinkcentre_m910s_firmwarethinkcentre_m820zthinkcentre_m910t_firmwarev50t-13iob_g2_firmwarev50t-13iob_g2a340-22icbthinkcentre_m710sideacentre_gaming_5-14iob6_firmwarethinkcentre_m900xideacentre_aio_3-24iil5thinkcentre_m710q_\(10yc\)_firmwareideacentre_gaming_5-14iob6v520sideacentre_aio_3-22itl6thinkcentre_m910tv530-15icr_firmwareideacentre_aio_3-24iil5_firmwarethinkcentre_m700_tiny_firmwarethinkcentre_m600_firmwareideacentre_creator_5-14iob6_firmwarea340-24icbv540-24iwlthinkcentre_m600thinkcentre_m910q_firmwarea340-22ick_firmwareBIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3970
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.44% / 62.29%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-l340-17irh_firmwareideapad_3-17ada05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hideapad_3-14ada05legion_y545_firmwarelegion_5-15imh6s145-15api_firmwareslim_9-14itl05slim_7_pro-14ihu5legion_y545ideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-17ach6legion_5-15ith6h_firmwarel340-17iwlyoga_c740-14imllegion_5_pro-16ith6legion_5-17ith6hyoga_slim_7_pro-14itl5ideapad_3-17are05_firmwares145-14ast_firmwares145-14iil_firmwarelegion_5-15ach6alegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwarelegion_y540-15irh-pg0ideapad_3-14igl05_firmwarev14-ada_firmwareideapad_3-14itl05_firmwareyoga_slim_7_pro-14ach5_od_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwarev140-15iwl_firmwarev14-iilyoga_c940-14iillegion_5_pro-16ach6h_firmwares145-14igmslim_7_pro-14ihu5_firmwarelegion_5-17ach6h_firmwarev15_g1-imlv17-iils540-13iml_firmwareideapad_3-17alc6v14-iil_firmwarelegion_y540-17irhl340-15irhideapad_3-17iml05ideapad_3-17iil05_firmwares540-13api_firmwarev340-17iwlideapad_3-15igl05s145-14igm_firmwareyoga_slim_7_pro-14itl5_firmwares145-15ast_firmwareideapad_5-15are05_firmwareideapad_3-15itl6ideapad_3-15alc6yoga_7-14acn6_firmwareideapad_3-15ada05legion_y540-17irh_firmwareideapad_3-17are05ideapad_3-15ada6legion_5-15ach6legion_7-16ithg6_firmwarelegion_5-15ach6h_firmwareideapad_3-17ada6_firmwareideapad_3-17ada05l3-15itl6_firmwareideapad_3-14iml05yoga_slim_7_pro-14ihu5_o_firmwarev14-ares145-15astyoga_c740-15imls145-15igmv17_g2-itlideapad_3-15iml05s145-15iill340-15iwl_touchlegion_s7-15ach6_firmwareyoga_slim_7_pro-14ach5_firmwareyoga_slim_7_pro-14ach5_oideapad_3-15iil05_firmwarev15_g2-alc_firmwarelegion_5_pro-16ach6legion_y540-15irh_firmwares145-15apiv15_g2-itl_firmwarev14_g1-imllegion_5_pro-16ith6hl340-17irhyoga_slim_7_pro-14ach5_dyoga_slim_7_pro-14ach5ideapad_3-14are05_firmwareideapad_3-14alc6_firmwarelegion_5_pro-16ach6_firmwarev140-15iwllegion_y545-pg0ideapad_3-14igl05l3_15iml05v15-igl_firmwareideapad_gaming_3-15imh05_firmwareideapad_3-15itl05legion_7-16ithg6ideapad_3-15iml05_firmwarelegion_5-17ach6hl340-15iwl_touch_firmwarev15-iillegion_s7-15ach6ideapad_3-15iil05ideapad_3-14ada6ideapad_3-15ada6_firmwareideapad_3-17iml05_firmwarel340-15iwl_firmwarev14-igl_firmwareideapad_3-17ada6legion_5-15ach6a_firmwareyoga_c740-14iml_firmwarev15-ada_firmwareideapad_3-14are05legion_5-17ith6legion_5_pro-16ach6hv14_g2-acllegion_5-17ach6_firmwarelegion_y540-15irh-pg0_firmwareyoga_slim_7_pro-14arh5v15_g2-itlyoga_7-14acn6legion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_y7000-2019-pg0ideapad_3-14itl6ideapad_gaming_3-15imh05ideapad_3-15are05s540-13imlv15-adas14_g2_itls145-15igm_firmwareideapad_creator_5-15imh05yoga_slim_7_pro-14ach5_odv15_g1-iml_firmwarev15-iglideapad_5-15iil05_firmwarelegion_5-15ith6v17-iil_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_gaming_3-15arh05_firmwarelegion_y540-17irh-pg0_firmwareideapad_3-15are05_firmwareyoga_slim_7_pro-14ach5_d_firmwarel340-15iwlideapad_3-15igl05_firmwareideapad_3-15itl05_firmwareideapad_5-15iil05s145-14api_firmwarelegion_y7000-2019-pg0_firmwarelegion_y545-pg0_firmwareyoga_slim_7_pro-14ach5_o_firmwarev14_g1-iml_firmwarelegion_y7000-2019_firmwareyoga_slim_7_pro-14arh5_firmwares145-14iilideapad_3-14alc6s145-15iil_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwarev14_g2-itll340-17iwl_firmwares145-14astv15_g2-alcv15-iil_firmwareyoga_slim_7_pro-14ihu5ideapad_3-14itl6_firmwareideapad_5-15are05legion_y540-17irh-pg0legion_5-15ith6_firmwares14_g2_itl_firmwarel3_15iml05_firmwares145-14apiideapad_3-14ada05_firmwarev14-adav14_g2-acl_firmwareideapad_3-15alc6_firmwarev14-are_firmwareideapad_3-14ada6_firmwarev340-17iwl_firmwareideapad_3-17alc6_firmwareideapad_3-17iil05ideapad_3-15ada05_firmwareideapad_3-14iil05ideapad_3-14iil05_firmwareideapad_creator_5-15imh05_firmwareideapad_gaming_3-15arh05legion_y7000-2019yoga_c940-14iil_firmwareideapad_3-14itl05legion_y540-15irhl3-15itl6legion_5-15ach6_firmwares540-13apilegion_7-16achg6_firmwareyoga_c740-15iml_firmwareyoga_slim_7_pro-14ihu5_firmwarel340-15irh_firmwarelegion_5-15ach6hlegion_5_pro-16ith6_firmwarelegion_7-16achg6Notebook BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2023-25493
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.61%
||
7 Day CHG~0.00%
Published-05 Apr, 2024 | 20:46
Updated-16 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-BIOSbios
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-3719
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkcentre_m4500q_firmwarethinkcentre_m8500t\/sthinkcentre_m83thinkcentre_m800thinkcentre_m6500t\/s_firmwarethinkcentre_m900thinkcentre_m818z_firmwarethinkcentre_m73pthinkstation_p900thinkcentre_m900x_firmwarethinkcentre_m93p_firmwarethinkcentre_m93thinkcentre_m818zthinkcentre_m700_tinythinkstation_p500thinkcentre_m8500t\/s_firmwarethinkcentre_m6500t\/sthinkcentre_m93_firmwarethinkcentre_e93_firmwarethinkstation_p700_firmwarethinkcentre_m73p_firmwarethinkcentre_m73thinkcentre_x1thinkstation_p700thinkstation_p900_firmwarethinkcentre_m4500qthinkcentre_m73_firmwarethinkcentre_m93pthinkstation_p500_firmwarethinkcentre_m800_firmwarethinkcentre_e93thinkcentre_m900xthinkcentre_m83_firmwarethinkcentre_x1_firmwarethinkcentre_m700_tiny_firmwarethinkcentre_m600_firmwarethinkstation_p300thinkstation_p300_firmwarethinkcentre_m600thinkcentre_m900_firmwareThinkCentre and ThinkStation BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3599
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 9.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14sthinkpad_x13_yoga_gen_1thinkpad_l460_firmwarethinkpad_p17_gen_1thinkpad_11e_4th_gen_firmwarethinkpad_e490thinkpad_x1_fold_gen_1thinkpad_p51sthinkpad_p53thinkpad_x1_carbon_3rd_genthinkpad_p72_firmwarethinkpad_x12_detachable_gen_1_firmwarethinkpad_l590thinkpad_l460thinkpad_p52thinkpad_l13_yoga_gen_2_firmwarethinkpad_p70thinkpad_13_gen_2thinkpad_e470_firmwarethinkpad_x1_carbon_gen_8thinkpad_t460pthinkpad_p1thinkpad_e15_firmwarethinkpad_x1_tablet_firmwarethinkpad_t14s_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390thinkpad_s540thinkpad_t15g_gen_1thinkpad_l470_firmwareideapad_yoga_s940-14iwlthinkpad_x1_carbon_3rd_gen_firmwarethinkpad_t490_firmwarethinkpad_l380_firmwarethinkpad_t15_firmwarethinkpad_t560_firmwarethinkpad_t580thinkpad_l390_yogathinkpad_t15p_gen_1_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_carbon_gen_6_firmwarethinkpad_t570_firmwarethinkpad_yoga_11e_5th_genthinkpad_x1_carbon_5th_gen_kabylakethinkpad_t15p_gen_1thinkpad_x1_extreme_gen_3thinkpad_l570_firmwarethinkpad_x380_yoga_firmwarev330-15iskthinkpad_l13_yogathinkpad_11e_yoga_gen_6_firmwarethinkpad_s540_firmwarethinkpad_x1_yoga_4th_genthinkpad_t15g_gen_1_firmwarethinkpad_p52_firmwarethinkpad_x1_carbon_gen_6thinkpad_t580_firmwarethinkpad_e15v130-15igm_firmwarethinkpad_e15_gen_3_firmwarethinkpad_e14_gen_3_firmwarethinkpad_t460sthinkpad_11e_3rd_genthinkpad_x390_yogathinkpad_e570thinkpad_x1_carbon_gen_8_firmwarethinkpad_s5_2nd_genthinkpad_p14s_gen_1thinkpad_x1_yoga_3rd_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_11e_4th_genthinkpad_x13_gen_1_firmwarethinkpad_25_firmwarethinkpad_yoga_11e_5th_gen_firmwarethinkpad_e580thinkpad_p1_gen_3thinkpad_l13_gen_2thinkpad_x1_tablet_gen_3_firmwarethinkpad_p71thinkpad_x1_titanium_firmwarethinkpad_10_firmwarethinkpad_t14s_gen_2_firmwarethinkpad_e480_firmwarethinkpad_p51s_firmwarethinkpad_x250thinkpad_x1_carbon_gen_7ideapad_s940-14iwlthinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_p15s_gen_2_firmwarethinkpad_x270_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_s2_yoga_gen_6_firmwarethinkpad_x12_detachable_gen_1thinkpad_p1_gen_3_firmwarethinkpad_helix_firmwarethinkpad_l490thinkpad_t480s_firmwarethinkpad_p71_firmwarethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_tablet_gen_3thinkpad_l590_firmwarethinkpad_e15_gen_2_firmwarethinkpad_e15_gen_2thinkpad_l15thinkpad_t15_gen_2thinkpad_x1_titaniumthinkpad_l560_firmwarethinkpad_x260thinkpad_x1_nano_gen_1_firmwarethinkpad_11e_3rd_gen_firmwarethinkpad_p14s_gen_2thinkpad_e15_gen_3thinkpad_x250_firmwarethinkpad_p15v_gen_1_firmwarethinkpad_p53s_firmwarethinkpad_p15_gen_1v130-15igmthinkpad_x1_extreme_2ndthinkpad_t470_firmwarethinkpad_p52sthinkpad_13_gen_2_firmwarethinkpad_l13_yoga_firmwarethinkpad_t480_firmwarethinkpad_p50_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560thinkpad_t490thinkpad_x280_firmwarethinkpad_x1_yoga_1st_gen_firmwarethinkpad_t590thinkpad_t550thinkpad_p73_firmwarethinkpad_x1_tabletthinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_w550sthinkpad_l480thinkpad_x1_carbon_gen_7_firmwarethinkpad_t460thinkpad_x390_firmwarethinkpad_l390_yoga_firmwarethinkpad_s2_yoga_gen_6thinkpad_x270thinkpad_x1_yoga_gen_5_firmwarethinkpad_l580_firmwarethinkpad_t14_gen_2_firmwarethinkpad_e14_gen_2thinkpad_10ideapad_s940-14iwl_firmwarethinkpad_p50s_firmwarethinkpad_yoga_370thinkpad_p15s_gen_1_firmwarethinkpad_x13_yoga_gen_1_firmwarethinkpad_t440p_firmwarethinkpad_l470thinkpad_e570_firmwarethinkpad_t440pthinkpad_yoga_15thinkpad_l15_gen_2thinkpad_x390_yoga_firmwarethinkpad_p15v_gen_1thinkpad_l380thinkpad_t590_firmwarethinkpad_yoga_11e_4th_gen_firmwarethinkpad_x1_extremethinkpad_l490_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_x1_tablet_gen_2_firmwarethinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_l13_firmwarethinkpad_p52s_firmwarethinkpad_x13_gen_2thinkpad_l15_gen_2_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l13_gen_2_firmwarethinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_e14_gen_3thinkpad_x13_gen_1thinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_p1_firmwarethinkpad_t15thinkpad_p15_gen_1_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_p15s_gen_1v330-15ikb_firmwarethinkpad_t14s_gen_2thinkpad_x1_yoga_gen_5thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_p53sthinkpad_t480sthinkpad_x13_yoga_gen_2thinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarethinkpad_e14ideapad_yoga_s940-14iwl_firmwarethinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_yoga_4th_gen_firmwarethinkpad_p43sthinkpad_l390_firmwarethinkpad_t490s_firmwarethinkpad_l14_firmwarethinkpad_t14_gen_2thinkpad_x1_extreme_gen_3_firmwarethinkpad_t470s_firmwarethinkpad_p14s_gen_1_firmwarethinkpad_l580thinkpad_p50thinkpad_x1_tablet_gen_2v330-15ikbthinkpad_s2_gen_6_firmwarethinkpad_x13_yoga_gen_2_firmwarethinkpad_p1_gen_2thinkpad_t470p_firmwarethinkpad_11e_yoga_gen_6thinkpad_x13_gen_2_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_t560thinkpad_e14_gen_2_firmwarethinkpad_t470thinkpad_x1_carbon_4th_genthinkpad_p17_gen_1_firmwarethinkpad_yoga_11e_3rd_genthinkpad_l390thinkpad_t15_gen_2_firmwarethinkpad_p53_firmwarethinkpad_p50sthinkpad_x1_yoga_1st_genv330-15isk_firmwarethinkpad_l15_firmwarethinkpad_e480thinkpad_yoga_260thinkpad_p51thinkpad_l380_yogathinkpad_x1_fold_gen_1_firmwarethinkpad_l14thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_yoga_11e_4th_genthinkpad_yoga_15_firmwarethinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_yoga_260_firmwarethinkpad_t470pthinkpad_helixthinkpad_t14_gen_1_firmwarethinkpad_w550s_firmwarethinkpad_e14_firmwarethinkpad_yoga_370_firmwarethinkpad_p15s_gen_2thinkpad_t480thinkpad_p43s_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3452
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.55%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_11e_4th_genthinkpad_x380_yogathinkpad_t460thinkpad_yoga_11e_4th_genthinkpad_13_gen_2thinkpad_yoga_370thinkpad_l15_gen_2thinkpad_e15_gen_2thinkpad_l15thinkpad_l390thinkpad_yoga_11e_3rd_genthinkpad_11e_5th_genthinkpad_l380thinkpad_l14_gen_2thinkpad_l390_yogathinkpad_l13_gen_2thinkpad_11e_3rd_genthinkpad_x260thinkpad_x12_detachable_gen_1thinkpad_e14_gen_2thinkpad_l13_yogathinkpad_l380_yogabiosthinkpad_l13_yogo_gen_2thinkpad_11e_yoga_gen_6thinkpad_l14thinkpad_l13ThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CVE-2024-3100
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.15%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 17:26
Updated-17 Sep, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-IdeaPad 3 15ABA7 Laptop BIOSIdeaPad 3-17ALC6 Laptop BIOSIdeaPad Flex 5 14ALC7 Laptop BIOSLenovo V15 G3 ABA Laptop BIOSLenovo Flex 7 14IRU8 BIOSIdeaPad Flex 5 14ABR8 BIOSIdeaPad Slim 3 16ABR8 BIOSLenovo V14 G4 ABP BIOSIdeaPad 1-14IGL05 Laptop BIOS300w Yoga Gen 4 Laptop (Lenovo) BIOSIdeaPad Flex 5 16ALC7 BIOSLenovo V14 G4 AMN BIOS13w Yoga Gen 2 (Type 82YR, 82YS) Laptop (Lenovo) BIOSLenovo V15 G4 ABP BIOS500w Yoga Gen 4 Laptop (Lenovo) BIOSFlex 5-15ITL05 Laptop (ideapad) BIOSIdeaPad Slim 3 15ABR8 BIOS14W Gen 2 Laptop (Lenovo) BIOSThinkBook 14 G6 IRL BIOSIdeaPad Flex 5 16IRU8 BIOSV15 G2-ALC Laptop (Lenovo) BIOS100w Gen 4 Laptop (Lenovo) BIOSIdeaPad Flex 5 14IAU7 Laptop BIOSIdeaPad 3-15ALC6 Laptop BIOSIdeaPad Slim 3 14ABR8 BIOSFlex 5-14ITL05 Laptop (ideapad) BIOSideapad 5-15ALC05 Laptop BIOSLenovo V15 G4 AMN BIOSYoga Slim 7 Pro-14ACH5 Laptop (ideapad) BIOSYoga Slim 7 Pro-14ACH5 O Laptop (ideapad) BIOSIdeaPad Flex 5 14IRU8 BIOSLenovo Flex 7 14IAU7 BIOSIdeaPad Slim 3 15AMN8 BIOSIdeaPad Flex 5 16IAU7 BIOSThinkBook 16 G6 IRL BIOSIdeaPad Slim 5 Light 14ABR8 BIOS100w Gen 3 Laptop (Lenovo) BIOSThinkBook 13s G4 ARB BIOSIdeaPad Slim 3 14AMN8 BIOSIdeaPad 1 15ALC7 Laptop BIOSThinkBook 13s G4 IAP BIOSIdeaPad 1-11IGL05 Laptop BIOSThinkBook 14 G6 ABP BIOSThinkBook 16 G6 ABP BIOSLenovo V14 G3 ABA Laptop BIOSIdeaPad 3 14ABA7 Laptop BIOS300w Gen 3 Laptop (Lenovo) BIOSIdeaPad 1 14ALC7 Laptop BIOSIdeaPad 3 17ABA7 Laptop BIOSK14 G2 IRU BIOSV14 G2-ALC Laptop (Lenovo) BIOS13w Yoga (Type 82S1, 82S2) Laptop (Lenovo) BIOSThinkBook 13x G2 IAP Laptop BIOSIdeaPad Flex 5 16ABR8 BIOSIdeaPad 3-14ALC6 Laptop BIOSv15_g4_abp_firmwareideapad_slim_5_light_14abr8_firmwareyoga_slim_7_pro-14ach5_o_firmwareflex_5-14itl05_firmwareideapad_slim_3_15amn8_firmwareideapad_3-17alc6_firmwarek14_g2_iru_firmware500w_yoga_gen_4_firmware13w_yoga_gen_2_firmwareideapad_flex_5_16iau7_firmware14w_gen_2_firmwareideapad_1-11igl05_firmwarethinkbook_16_g6_abp_firmwareideapad_slim_3_16abr8_firmwarethinkbook_13s_g4_iap_firmwarethinkbook_13x_g2_iap_firmware13w_yoga_firmwareideapad_flex_5_14alc7_firmware100w_gen_3_firmwareideapad_flex_5_16iru8_firmwareideapad_1_15alc7_firmwareideapad_5-15alc05_firmwareideapad_flex_5_16abr8_firmwarethinkbook_13s_g4_arb_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-4435
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:33
Updated-10 Apr, 2025 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-4433
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.42%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 17:32
Updated-10 Apr, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x13s_firmwarethinkpad_x13sThinkPad X13s
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-3744
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:43
Updated-03 Aug, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_1_15igl7legion_5-17imh05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hslim_7_prox_14iah7_firmwarelegion_5-15imh6ideapad_3_15iau7ideapad_1_15iau7slim_9-14itl05slim_7_pro-14ihu5yoga_slim_7_pro_14iah7ideapad_5-15itl05_firmwareideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-15ith6h_firmwareslim_7_carbon_13iap7v17_g3_iap_firmwarelegion_5_pro-16ith6legion_5-17ith6hv15_g3_iapyoga_slim_7_pro-14itl5ideapad_1_14igl7legion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwareideapad_3-14itl05_firmwarev14_g2_ijllegion_5p-15imh05h_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwareideapad_1_14iau7yoga_slim_9_14iap7slim_7_pro-14ihu5_firmwarev15_g1-imllegion_5_pro_16iah7_firmwarev17-iilideapad_1-15ijl7slim_9_14iap7_firmwareyoga_slim_7_carbon_13iap7v17_g3_iapyoga_slim_7_pro_14iap7yoga_slim_7_prox_14iah7_firmwareideapad_3-17iml05ideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwareideapad_3-15igl05yoga_slim_9_14iap7_firmwareideapad_3-15itl6v14_g3_iapideapad_1_14iau7_firmwarelegion_7-16ithg6_firmwareideapad_5_15ial7l3-15itl6_firmwareideapad_3-14iml05v15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_15iah7hv17_g2-itlideapad_3-15iml05legion_5-17imh05ideapad_3-15iil05_firmwarev15_g2_ijllegion_7_16iax7s14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwarev14_g1-imlyoga_7_14ial7_firmwarelegion_5_pro-16ith6hideapad_3_17iau7v15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwareideapad_3_14iau7ideapad_3-14igl05legion_5-15imh05hv15-igl_firmwareideapad_3_17iau7_firmwarelegion_5-15imh05v14_g3_iap_firmwareslim_7_prox_14iah7ideapad_gaming_3-15imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_3-15itl05ideapad_1_15igl7_firmwareyoga_7_16iap7legion_7-16ithg6ideapad_3-15iml05_firmwareideapad_3-15iil05ideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwarelegion_5p-15imh05hlegion_5-17ith6legion_5-17imh05hlegion_5p-15imh05ideapad_5-15itl05v15_g2-itllegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_pro_16iah7slim_7_14iap7yoga_7-15itl5ideapad_3-14itl6ideapad_gaming_3-15imh05s14_g2_itllegion_5p-15imh05_firmwareideapad_creator_5-15imh05yoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwares14_g3_iapv15-iglyoga_7_14ial7ideapad_5-15iil05_firmwarelegion_5_15iah7yoga_7_16iap7_firmwarelegion_5-15ith6s540-13itlyoga_slim_7_prox_14iah7v17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_5_15ial7_firmwarelegion_5_pro_16iah7hideapad_3-15itl05_firmwareideapad_3-15igl05_firmwarethinkbook_15p_g2_ithyoga_7-14itl5yoga_7-14itl5_firmwareideapad_5-15iil05slim_9_14iap7v14_g1-iml_firmwareyoga_7-15itl5_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwares540-13itl_firmwarev14_g2-itlideapad_3-14itl6_firmwareyoga_slim_7_pro-14ihu5ideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwareyoga_9_14iap7legion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-14iil05ideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwareideapad_3-17iil05v14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwareideapad_3-14itl05ideapad_1-14ijl7l3-15itl6yoga_7_16iah7thinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarel3-15iml05thinkbook_15p_imhlegion_5_pro-16ith6_firmwarelegion_5-15imh05_firmwareNotebook
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-3746
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.17%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:43
Updated-03 Aug, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_1_15igl7legion_5-17imh05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hslim_7_prox_14iah7_firmwarelegion_5-15imh6ideapad_3_15iau7ideapad_1_15iau7slim_9-14itl05slim_7_pro-14ihu5yoga_slim_7_pro_14iah7ideapad_5-15itl05_firmwareideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-15ith6h_firmwareslim_7_carbon_13iap7v17_g3_iap_firmwarelegion_5_pro-16ith6legion_5-17ith6hv15_g3_iapyoga_slim_7_pro-14itl5ideapad_1_14igl7legion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwareideapad_3-14itl05_firmwarev14_g2_ijllegion_5p-15imh05h_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwareideapad_1_14iau7yoga_slim_9_14iap7slim_7_pro-14ihu5_firmwarev15_g1-imllegion_5_pro_16iah7_firmwarev17-iilideapad_1-15ijl7slim_9_14iap7_firmwareyoga_slim_7_carbon_13iap7v17_g3_iapyoga_slim_7_pro_14iap7yoga_slim_7_prox_14iah7_firmwareideapad_3-17iml05ideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwareideapad_3-15igl05yoga_slim_9_14iap7_firmwareideapad_3-15itl6v14_g3_iapideapad_1_14iau7_firmwarelegion_7-16ithg6_firmwareideapad_5_15ial7l3-15itl6_firmwareideapad_3-14iml05v15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_15iah7hv17_g2-itlideapad_3-15iml05legion_5-17imh05ideapad_3-15iil05_firmwarev15_g2_ijllegion_7_16iax7s14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwarev14_g1-imlyoga_7_14ial7_firmwarelegion_5_pro-16ith6hideapad_3_17iau7v15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwareideapad_3_14iau7ideapad_3-14igl05legion_5-15imh05hv15-igl_firmwareideapad_3_17iau7_firmwarelegion_5-15imh05v14_g3_iap_firmwareslim_7_prox_14iah7ideapad_gaming_3-15imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_3-15itl05ideapad_1_15igl7_firmwareyoga_7_16iap7legion_7-16ithg6ideapad_3-15iml05_firmwareideapad_3-15iil05ideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwarelegion_5p-15imh05hlegion_5-17ith6legion_5-17imh05hlegion_5p-15imh05ideapad_5-15itl05v15_g2-itllegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_pro_16iah7slim_7_14iap7yoga_7-15itl5ideapad_3-14itl6ideapad_gaming_3-15imh05s14_g2_itllegion_5p-15imh05_firmwareideapad_creator_5-15imh05yoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwares14_g3_iapv15-iglyoga_7_14ial7ideapad_5-15iil05_firmwarelegion_5_15iah7yoga_7_16iap7_firmwarelegion_5-15ith6s540-13itlyoga_slim_7_prox_14iah7v17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_5_15ial7_firmwarelegion_5_pro_16iah7hideapad_3-15itl05_firmwareideapad_3-15igl05_firmwarethinkbook_15p_g2_ithyoga_7-14itl5yoga_7-14itl5_firmwareideapad_5-15iil05slim_9_14iap7v14_g1-iml_firmwareyoga_7-15itl5_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwares540-13itl_firmwarev14_g2-itlideapad_3-14itl6_firmwareyoga_slim_7_pro-14ihu5ideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwareyoga_9_14iap7legion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-14iil05ideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwareideapad_3-17iil05v14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwareideapad_3-14itl05ideapad_1-14ijl7l3-15itl6yoga_7_16iah7thinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarel3-15iml05thinkbook_15p_imhlegion_5_pro-16ith6_firmwarelegion_5-15imh05_firmwareNotebook
CWE ID-CWE-284
Improper Access Control
CVE-2020-8322
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 15.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkbook_13s-iwl_firmwarev130-15igm_firmwarev110-15astv340-iml_firmwarexx-14api_qc_2019_firmwarev730-13ikb340c-15api720s-15ikb_firmware14iwl_firmwares145-15api_firmware330-15astmiix_720-12ikb_firmwarewei5-15ikbs940-14iwl720s_touch-15ikb_firmwarev110-14astv110-14ast_firmware6_pro-14-iwlv130-15ikb14iwle53-80_firmwareyoga_s730-13iwl_firmwarev340-iilv310-15igm_firmwares145-14ast_firmware330-17ast_firmwaree52-80xiaoxin_14-ast_qc_2019e42-80330-14astv330-15igm_firmwaree42-80_firmwarev330-15ikbv110-15ast_firmwarethinkbook_14s-iwlc640-iml_firmwarev730-13iskv540s-13e53-80thinkbook_13s-iwl330-14ast_firmwarev540s-13_firmwares145-14api_firmware6_pro-14-iwl_firmware730s-13iwl_firmwarev340-imlk3_firmwares540-13api_firmwarev310-15igmk3v130-15ikb_firmwares145-15ast_firmware730s-13iwls145-14ast340c-15ast_firmwarek32-80_sklc640-imlv330-15isk_firmwarev730-13isk_firmwareyoga_s940-14iwl_firmwarek32-80_kbl_firmwarek4-iwl6_pro-13-iwlxx-14api_qc_2019s145-14apis145-15ast6_pro-13-iwl_firmwarev730-15ikbmiix_720-12ikb330-15ast_firmware720s_touch-15ikbv720-12_firmwarev730-13ikb_firmwarek32-80_skl_firmwarev110-14ikb_firmware340c-15api_firmwares145-15apik22-80v110-14ikbv340-iil_firmwarek22-80_firmwarethinkbook_14s-iwl_firmwarek4-iwl_firmwarev330-15isks540-13api330-17astv330-15igmwei5-15ikb_firmware340c-15astxiaoxin_14-ast_qc_2019_firmwareyoga_s940-14iwls750-iils940-14iwl_firmwares750-iil_firmware720s-15ikbv730-15ikb_firmwarev720-12v330-15ikb_firmwarek32-80_kblv130-15igmyoga_s730-13iwle52-80_firmwareBIOS
CVE-2018-9085
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.9||MEDIUM
EPSS-0.14% / 34.28%
||
7 Day CHG~0.00%
Published-16 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing System x Flash Memory Write Protection Lock Bit

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwarebladecenter_hs23e_firmwareflex_system_x880_x6_firmwaresystem_x3100_m5_firmwaresystem_x3630_m4_firmwareflex_system_x222_m4_firmwaresystem_x3630_m4flex_system_x220flex_system_x220_m4_firmwaresystem_x3850_x6_firmwareflex_system_x280_x6system_x3650_m4_firmwareidataplex_dx360_m4_firmwarebladecentersystem_x3650_m4_hd_firmwaresystem_x3300_m4system_x3100_m4_firmwaresystem_x3250_m5system_x3650_m4_hdsystem_x3250_m4flex_system_x240_m4_firmwaresystem_x3750_m4_firmwareidataplex_dx360_m4_water_cooled_firmwareflex_system_x880_x6system_x3550_m4system_x3850_x6system_x3650_m4_bd_firmwaresystem_x3950_x6system_x3650_m4_bdbladecenter_hs23_firmwaresystem_x3750_m4system_x3550_m4_firmwareflex_system_x480_x6_firmwareidataplex_dx360_m4_flex_system_x222_m4system_x3950_x6_firmwaresystem_x3250_m4_firmwareflex_system_x480_x6system_x3100_m5system_x3500_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3100_m4system_x3250_m5_firmwaresystem_x3530_m4flex_system_x440_m4system_x3650_m4flex_system_x240_m4flex_system_x280_x6_firmwareflex_system_x440_m4_firmwareSystem x UEFI
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-8098
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.51%
||
7 Day CHG~0.00%
Published-18 Aug, 2025 | 20:05
Updated-20 Aug, 2025 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4568
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7||HIGH
EPSS-0.05% / 14.52%
||
7 Day CHG~0.00%
Published-01 May, 2023 | 14:36
Updated-30 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3451
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.11%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 15:27
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-2502
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.84%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 19:14
Updated-03 Jun, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-0886
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.01% / 1.31%
||
7 Day CHG~0.00%
Published-17 Jul, 2025 | 19:16
Updated-17 Jul, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 4 (Type 21K5, 21K6)Elliptic Human Presence Detection Device Driver for ThinkPad P16s Gen 2 (Type 21K9, 21KA)lliptic Human Presence Detection Driver for P16s Gen 3 (Type 21KS, 21KT)Elliptic Virtual Lock Sensor Service for T14 Gen 4 (Type 21HD, 21HE)Elliptic Virtual Lock Sensor Service for ThinkPad X1 Carbon 12th Gen (Type 21KC, 21KD)Elliptic Virtual Lock Sensor Service for P16s Gen 2 (Type 21HK, 21HL)Elliptic Human Presence Detection Device Driver for ThinkPad P14s Gen 5 (Type 21ME, 21MF)lliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21MC, 21MD)Elliptic Human Presence detection Device Driver for ThinkPad P16 Gen 2 (Type 21FA, 21FB)Elliptic Human Presence Detection Driver for ThinkPad P14s Gen 5 (Type 21G2, 21G3)Elliptic Human Presence Detection Device Driver for T16 Gen 3 (Type 21MN, 21MQ)Elliptic Virtual Lock Sensor for ThinkPad X13 Gen 4 (Type 21EX, 21EY)Elliptic Human Presence Detection Driver for ThinkPad P16v Gen 1 (Type 21FE, 21FF)Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 2 (Type 21KX, 21KY)Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW)Elliptic Human Presence Detection Device Driver for T14 Gen 4 (Type 21K3, 21K4)Elliptic Virtual Lock Sensor for X13 Yoga Gen 4 (Type 21F2, 21F3)Elliptic Human Presence Detection driver for ThinkPad T14s Gen 6 (Type 21M1, 21M2)Elliptic Virtual Lock Sensor Service for P14s Gen 4 (Type 21HF, 21HG)Elliptic Human Presence Detection Device Driver for ThinkPad P16v Gen 1 (Type 21FC, 21FD)Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21CF, 21CG))Elliptic Virtual Lock Sensor Service for T14s Gen 4 (Type 21F6, 21F7)Elliptic Human Presence Detection Device Driver for T16 Gen 2 (Type 21K7 21K8)Elliptic Human Presence Detection Device Driver for T14 Gen 5 (Type 21ML, 21MM)Elliptic Human Presence Detection Driver for ThinkPad X13 Gen 4 (Type 21J3, 21J4)Elliptic Human Presence Detection Device Driver for X13 Gen 5 (Type 21LU, 21LV)Elliptic Human Presence Detection Device Driver for X13 2-in-1 Gen 5 (Type 21LW, 21LX)Elliptic Human Presence Detection Device Driver for T14s Gen 5 (Type 21LS, 21LT)Elliptic Human Presence Detection Driver for ThinkPad P1 Gen 7 (Type 21KV, 21KW)Elliptic Virtual Lock Sensor Service for X1 2-in-1 Gen 9 (Type 21KE, 21KF)Elliptic Virtual Lock Sensor Service for T16 Gen 2 (Type 21HH, 21HJ)Elliptic Virtual Lock Sensor Service for ThinkPad T14 Gen 3 (Type 21AH, 21AJ)Elliptic Human Presence Detection Device Driver for ThinkPad T14s Gen 4 (Type 21F8, 21F9)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-5474
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.95%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 15:15
Updated-15 Nov, 2024 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.

Action-Not Available
Vendor-Lenovo Group Limited
Product-dolby_vision_provisioningDolby Vision Provisioning softwaredolby_vision_provisioning_software
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-4763
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.60%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-19 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Centerdisplay_control_centeraccessories_and_display_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8357
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.11%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 16:15
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4706
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.46%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-3112
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.54%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-29058
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.06% / 18.58%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 20:47
Updated-30 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinkagile_hx5530thinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd650thinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkedge_se450_thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinkagile_hx_enclosure_firmwarethinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sr860_v2thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_sd650_firmwarethinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkagile_mx3331-h_firmwarethinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkagile_hx1021_firmwarethinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_hx7531_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_sr665_v3thinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_mx3531_hthinkagile_vx3530-gthinkagile_vx5530_firmwarethinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareXClarity Controller
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-29057
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 20:53
Updated-30 Jan, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinkagile_hx5530thinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd650thinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkedge_se450_thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinkagile_hx_enclosure_firmwarethinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sr860_v2thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_sd650_firmwarethinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkagile_mx3331-h_firmwarethinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkagile_hx1021_firmwarethinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_hx7531_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_sr665_v3thinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_mx3531_hthinkagile_vx3530-gthinkagile_vx5530_firmwarethinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareXClarity Controller
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-1109
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.43%
||
7 Day CHG~0.00%
Published-20 Jan, 2023 | 19:23
Updated-02 Apr, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.

Action-Not Available
Vendor-Lenovo Group Limited
Product-leyunLeyun
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3720
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.43%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 22:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.

Action-Not Available
Vendor-Lenovo Group Limited
Product-legion_phone2_pro_\(l70081\)legion_phone_pro_\(l79031\)firmwarelegion_phone_pro_\(l79031\)legion_phone2_pro_\(l70081\)_firmwareLegion Phone Pro (L79031)Legion Phone2 Pro (L70081)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3722
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-3462
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 20:41
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x13_yoga_gen_1thinkpad_a275thinkpad_e15thinkpad_x1_yoga_gen_2thinkpad_p17_gen_1thinkpad_x380_yogathinkpad_a485thinkpad_25thinkpad_s2_yoga_gen_5thinkpad_e490thinkpad_s2_gen_2thinkpad_p53sthinkpad_t480sthinkpad_t570thinkpad_s1_gen_4thinkpad_x13_yoga_gen_2thinkpad_t14s_gen_1thinkpad_t490thinkpad_p51sthinkpad_e14_gen2thinkpad_t590thinkpad_x390_yogathinkpad_p53thinkpad_x13_gen_2ithinkpad_e575thinkpad_r14_gen_2thinkpad_e14thinkpad_x1_yoga_gen_6thinkpad_e570thinkpad_l590thinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_carbon_gen_5thinkpad_p14s_gen_1thinkpad_p52thinkpad_p43sthinkpad_a475thinkpad_l480thinkpad_e475power_management_driverthinkpad_x1_titanium_gen_1thinkpad_s5_gen_2thinkpad_e15_gen2thinkpad_t14_gen_2thinkpad_x1_yoga_gen_4thinkpad_13_gen_2thinkpad_e495thinkpad_s2_yoga_gen_6thinkpad_x1_carbon_gen_8thinkpad_x270thinkpad_l580thinkpad_a285thinkpad_e580thinkpad_p1_gen_3thinkpad_p1thinkpad_l14_gen_2thinkpad_x1_tablet_gen_2thinkpad_l13_gen_2thinkpad_x280thinkpad_p71thinkpad_t15_gen_1thinkpad_x390thinkpad_s3_gen_2thinkpad_p1_gen_2thinkpad_t15g_gen_1thinkpad_x1_yoga_gen_3thinkpad_11e_yoga_gen_6thinkpad_r14thinkpad_yoga_370thinkpad_l470thinkpad_x1_carbon_gen_7thinkpad_x395thinkpad_l15_gen_2thinkpad_t470thinkpad_p15v_gen_1thinkpad_l390thinkpad_e570cthinkpad_l380thinkpad_t580thinkpad_l14_gen_1thinkpad_l390_yogathinkpad_r480thinkpad_x1_extremethinkpad_e480thinkpad_l490thinkpad_11e_gen_5thinkpad_l380_yogathinkpad_p51thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_t15p_gen_1thinkpad_s2_gen_5thinkpad_x1_tablet_gen_3thinkpad_x1_extreme_gen_3thinkpad_l13_yoga_gen_1thinkpad_e590thinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_t470pthinkpad_x12thinkpad_l13_gen_1thinkpad_x13_gen_1thinkpad_t14s_gen_2ithinkpad_e470cthinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_e595thinkpad_x1_carbon_gen_9thinkpad_t495thinkpad_p14s_gen_2thinkpad_l13_yogathinkpad_p15s_gen_2thinkpad_p15_gen_1thinkpad_t480thinkpad_p15s_gen_1thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_gen_6thinkpad_yoga_11e_gen_5thinkpad_x1_yoga_gen_5Power Management Driver for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-4569
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.89%
||
7 Day CHG~0.00%
Published-05 Jun, 2023 | 20:59
Updated-08 Jan, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_hybrid_usb-c_with_usb-a_dockthinkpad_hybrid_usb-c_with_usb-a_dock_firmwareThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8346
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.01%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 14:20
Updated-17 Sep, 2024 | 04:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationSystem Interface Foundation
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-2175
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.24%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-19 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Centerdisplay_control_centeraccessories_and_display_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-20043
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 16.82%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 01:36
Updated-02 Aug, 2024 | 08:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-cx_cloud_agentCisco CX Cloud Agent
CWE ID-CWE-708
Incorrect Ownership Assignment
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-45853
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.72%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 10:02
Updated-10 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-8hp_firmwaregs1900-16gs1900-48hpv2gs1900-8hpgs1900-24epgs1900-8gs1900-24e_firmwaregs1900-10hp_firmwaregs1900-48hpv2_firmwaregs1900-24_firmwaregs1900-8_firmwaregs1900-24egs1900-24gs1900-24hpv2gs1900-24hpv2_firmwaregs1900-48gs1900-48_firmwaregs1900-16_firmwaregs1900-24ep_firmwaregs1900-10hpGS1900-8HP firmwareGS1900-8 firmware
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-3152
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.73%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 16:16
Updated-13 Nov, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, an attacker would need to have valid administrative credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-connected_mobile_experiencesCisco Connected Mobile Experiences
CWE ID-CWE-275
Not Available
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-55930
Matching Score-4
Assigner-Xerox Corporation
ShareView Details
Matching Score-4
Assigner-Xerox Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.86%
||
7 Day CHG~0.00%
Published-23 Jan, 2025 | 17:36
Updated-24 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak default folder permissions

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

Action-Not Available
Vendor-Xerox Corporation
Product-Xerox Workplace Suite
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-42133
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.22%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 12:01
Updated-15 Oct, 2024 | 12:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability. A patch addressing this issue was included in firmware version PayDroid_8.1.0_Sagittarius_V11.1.61_20240226.

Action-Not Available
Vendor-PAXpaxtechnology
Product-POS terminalspaydroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-8765
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:57
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-realsense_camera_f200realsense_camera_sr300realsense_camera_r200realsense_depth_camera_managerIntel(R) RealSense(TM) DCM
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-49721
Matching Score-4
Assigner-Canonical Ltd.
ShareView Details
Matching Score-4
Assigner-Canonical Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG-0.00%
Published-14 Feb, 2024 | 21:57
Updated-26 Aug, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

Action-Not Available
Vendor-tianocoreCanonical Ltd.
Product-edk2lxdLXDlxd
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-29489
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.43%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 21:40
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in a system file. A local authenticated attacker with access to the system files may use the exposed password to gain access with the privileges of the compromised user.

Action-Not Available
Vendor-Dell Inc.
Product-emc_unity_vsa_operating_environmentemc_unity_operating_environmentemc_unity_xt_operating_environmentUnity
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-25593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-15 Jul, 2021 | 14:07
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.

Action-Not Available
Vendor-n/aAcronis (Acronis International GmbH)
Product-true_imagen/a
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2020-0122
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.92%
||
7 Day CHG~0.00%
Published-17 Jul, 2020 | 20:09
Updated-04 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147247775

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-19792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.10% / 27.69%
||
7 Day CHG~0.00%
Published-03 Mar, 2020 | 14:32
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files.

Action-Not Available
Vendor-n/aESET, spol. s r. o.
Product-cyber_securityn/a
CWE ID-CWE-276
Incorrect Default Permissions
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found