Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3701

Summary
Assigner-lenovo
Assigner Org ID-da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At-27 Oct, 2023 | 19:38
Updated At-09 Sep, 2024 | 14:54
Rejected At-
Credits

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:lenovo
Assigner Org ID:da227ddf-6e25-4b41-b023-0f976dcaca4b
Published At:27 Oct, 2023 | 19:38
Updated At:09 Sep, 2024 | 14:54
Rejected At:
▼CVE Numbering Authority (CNA)

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

Affected Products
Vendor
Lenovo Group LimitedLenovo
Product
Vantage SystemUpdate Plugin
Default Status
unaffected
Versions
Affected
  • From before 2.0.0.213 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Update the Lenovo Vantage SystemUpdate Plugin to version 2.0.0.213.

Configurations
Workarounds
Exploits
Credits
finder
Lenovo thanks Nils Ole Timm for reporting this issue.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94532
N/A
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94532
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.lenovo.com/us/en/product_security/LEN-94532
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94532
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Lenovo Group Limitedlenovo
Product
vantage_systemupdate_plugin
CPEs
  • cpe:2.3:a:lenovo:vantage_systemupdate_plugin:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 2.0.0.213 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@lenovo.com
Published At:27 Oct, 2023 | 20:15
Updated At:07 Nov, 2023 | 19:47

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Lenovo Group Limited
lenovo
>>system_update_plugin>>Versions before 2.0.0.213(exclusive)
cpe:2.3:a:lenovo:system_update_plugin:*:*:*:*:*:lenovo_vantage:*:*
Lenovo Group Limited
lenovo
>>hardware_scan_plugin>>Versions before 1.3.1.2(exclusive)
cpe:2.3:a:lenovo:hardware_scan_plugin:*:*:*:*:*:lenovo_vantage:*:*
Lenovo Group Limited
lenovo
>>hardware_scan_addin>>Versions before 2.4.1.1(exclusive)
cpe:2.3:a:lenovo:hardware_scan_addin:*:*:*:*:*:lenovo_vantage:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-367Secondarypsirt@lenovo.com
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-367
Type: Secondary
Source: psirt@lenovo.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.lenovo.com/us/en/product_security/LEN-94532psirt@lenovo.com
Mitigation
Vendor Advisory
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-94532
Source: psirt@lenovo.com
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

872Records found
CVE-2022-1892
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 13.66%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 15:31
Updated-02 Apr, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_s730-13imlideapad_3-17ada05_firmwareideapad_s940-14iilthinkbook_14p_g2_ach500w_gen_3ideapad_3-14ada05s145-15api_firmwareideapad_5_15aba7v14_g2-alcyoga_c640-13iml_firmwareideapad_slim_1-11ast-05_firmwareyoga_c940-15irh_firmwarev14_g2-alc_firmwareideapad_5_15aba7_firmware100w_gen_3_firmwareideapad_flex_5_16alc7_firmware14w_gen_2v130-15ikbflex_5-15iil05s145-14ast_firmware300e_2nd_gen_firmwareyoga_s730-13iml_firmwarev14-ada_firmwareideapad_1-14ada05yoga_c940-15irhthinkbook_13s_g2_are_firmwarethinkbook_14s-iml_firmware13w_yoga_firmwareideapad_1-14igl05thinkbook_16p_g2_achflex_5-15iil05_firmwareyoga_c640-13iml_lte_firmwareflex_5-15itl05_firmwareideapad_3-17alc6legion_s7-15arh5s540-13api_firmwarev130-15ikb_firmwares145-15ast_firmwarethinkbook_14-iil_firmwareideapad_3-15alc6ideapad_3-15ada05ideapad_slim_1-14ast-05_firmwareflex_5-15alc05ideapad_3-15ada6100e_2nd_genthinkbook_14s_g2_itl300w_gen_3ideapad_3-17ada6_firmware100e_2nd_gen_firmwareideapad_5-15alc05ideapad_3-17ada05flex_5-14are05s145-15astthinkbook_14-iil300e_2nd_genflex_5-14alc05yoga_c640-13iml_ltelegion_s7-15ach6_firmware730s-13iml_firmwareyoga_slim_7_pro-14ach5_firmwarethinkbook_13s_g3_acn_firmwareyoga_slim_7_pro-14ach5_ov15_g2-alc_firmwarelegion_s7-15arh5_firmwares145-15apiyoga_s940-14iilideapad_slim_1-14ast-05yoga_slim_7_pro-14ach5ideapad_3-14alc6_firmwarethinkbook_14s-imllegion_s7-15imh5thinkbook_14-iml_firmwarethinkbook_15-iml_firmware300w_gen_3_firmwarelegion_s7-15imh5_firmwarethinkbook_13s_g2_itllegion_s7-15ach6500w_gen_3_firmwarethinkbook_13s_g2_areideapad_3-14ada6ideapad_3-15ada6_firmware730s-13imlthinkbook_15-iil_firmwareideapad_3-17ada6ideapad_slim_1-11ast-05v15-ada_firmwareideapad_1-14igl05_firmwarethinkbook_16p_g2_ach_firmwareyoga_slim_7_pro-14arh5ideapad_1-11ada05_firmwarethinkbook_13s-iml_firmwareflex_5-15itl05thinkbook_13s-imlv15-adaideapad_flex_5_16alc714w_gen_2_firmwareideapad_flex_5_14alc7ideapad_1-11ada05ideapad_5-15alc05_firmwareflex_5-14iil05yoga_s940-14iil_firmwares145-14api_firmwarethinkbook_15-imlyoga_slim_7_pro-14ach5_o_firmwareyoga_slim_7_pro-14arh5_firmware100w_gen_3ideapad_3-14alc6thinkbook_14s_g2_itl_firmwarethinkbook_15-iilv15_g2-alcflex_3-11ada05s145-14astthinkbook_13s_g3_acnflex_5-14alc05_firmwareflex_3-11ada05_firmwarethinkbook_14p_g2_ach_firmwareideapad_1-14ada05_firmwareideapad_3-14ada05_firmwareflex_5-15alc05_firmwareflex_5-14itl05_firmwarev14-adaideapad_3-15alc6_firmwareideapad_3-14ada6_firmwareflex_5-14iil05_firmwareideapad_1-11igl05ideapad_3-15ada05_firmwareideapad_3-17alc6_firmwarethinkbook_13s_g2_itl_firmwareyoga_9-15imh5flex_5-14itl05ideapad_1-11igl05_firmwares540-13apiideapad_flex_5_14alc7_firmwarethinkbook_14-imlideapad_s940-14iil_firmwareflex_5-14are05_firmwareyoga_9-15imh5_firmwares145-14api13w_yogayoga_c640-13imlBIOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-0354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.02% / 7.21%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CWE ID-CWE-317
Cleartext Storage of Sensitive Information in GUI
CVE-2023-4706
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.05%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:59
Updated-02 Aug, 2024 | 07:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-preload_directory1Lenovo Preload Directory
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-4632
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.56%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 21:58
Updated-03 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateLenovo System Update
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-42850
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.8||HIGH
EPSS-0.04% / 13.21%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-04 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

Action-Not Available
Vendor-Lenovo Group Limited
Product-t2prot1_firmwaret2pro_firmwarex1t1x1_firmwaret2t2_firmwarea1_firmwarea1Personal Cloud Storage X1Personal Cloud Storage T1Personal Cloud Storage A1Personal Cloud Storage T2Personal Cloud Storage T2Pro
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-3112
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.80%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:31
Updated-12 Sep, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-ellipticlabsLenovo Group Limited
Product-virtual_lock_sensorai_virtual_presence_sensorthinkpad_t14_gen_3AI Virtual Presence SensorElliptic Labs Virtual Lock Sensorthinkpad_t14_gen_3
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-6198
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-02 Aug, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Managerpcmanager
CWE ID-CWE-287
Improper Authentication
CVE-2019-6197
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.61%
||
7 Day CHG~0.00%
Published-31 Jul, 2024 | 20:30
Updated-31 Jul, 2024 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo PC Manager prior to version 2.8.90.11211 that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Managerpcmanager
CWE ID-CWE-287
Improper Authentication
CVE-2019-6191
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.33%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 01:31
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-paperLenovoPaper
CVE-2019-18619
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.53%
||
7 Day CHG~0.00%
Published-22 Jul, 2020 | 13:15
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

Action-Not Available
Vendor-synapticsn/aHP Inc.Lenovo Group Limited
Product-thinkpad_t480_firmwarethinkpad_t470_\(20hx\)thinkpad_p50_firmwarethinkpad_x1_carbon_firmwareenvy_x360_-_15t-dr100_firmwarethinkpad_25thinkpad_e580_firmwarethinkpad_e490thinkpad_e590_firmwareenvy_17m-bw0xxx_firmwareenvy_13-aq0xxxenvy_17-bw0xxx_firmwarethinkpad_t490thinkpad_t470s_\(20jx\)_firmwarethinkpad_t570\(20jx\)_firmwarethinkpad_x280_firmwarethinkpad_p73_firmwarethinkpad_t590thinkpad_p53envy_15-dr0xxx_x360envy_15m-dr0xxx_x360_\(validity_fps\)thinkpad_p72_firmwarethinkpad_x1_tabletenvy_-_17t-ce000_firmwarethinkpad_p52thinkpad_l480thinkpad_p70thinkpad_x1_carbon_\(20hx\)thinkpad_x390_firmwarethinkpad_r490_firmwareenvy_x360_-_15t-dr100_\(validity_fps\)pavilion_x360_-_14t-cd000_firmwarethinkpad_t570_\(20hx\)_firmwarethinkpad_x270envy_15-dr1xxx_x360_\(validity_fps\)envy_x360_-_15t-dr100thankpad_a485_firmwarethinkpad_t460penvy_13-aq1xxxthinkpad_p1envy_-_17t-ce100thinkpad_l580_firmwareenvy_-_17t-bw000envy_15-dr0xxx_x360_\(validity_fps\)pavilion_x360_14t-dh000thinkpad_x1_tablet_firmwarespectre_x360_firmwarethinkpad_x280thinkpad_x390envy_17-ce0xxx_firmwarepavilion_14-cd2xxx_x360pavilion_x360_14t-dh000_firmwarethinkpad_yoga_370envy_-_13t-ah100_firmwareenvy_17m-bw0xxxthinkpad_s3_firmwareenvy_13-ah0xxx_firmwareenvy_x360_-_15t-cn000_firmwarethinkpad_p71_\(20hx\)_firmwarethinkpad_t470s_\(20hx\)thinkpad_t490_firmwarethinkpad_x390_yoga_firmwareenvy_x360_-_15t-dr000thinkpad_r590_firmwareenvy_15-cn1xxx_x360thinkpad_t580thinkpad_t590_firmwarethinkpad_x1_yoga_firmwarethinkpad_t570\(20jx\)thinkpad_x1_extremethinkpad_x1_yogathinkpad_e485_firmwareenvy_x360_-_15t-cn000envy_13-ah1xxx_firmwarepavilion_14-cd1xxx_x360thinkpad_x1_carbonthinkpad_p1_gen_2_firmwarethinkpad_t460p_firmwarethinkpad_p51s_\(20kx\)pavilion_15thinkpad_p52s_firmwarethinkpad_r490envy_15-dr1xxx_x360_firmwarethinkpad_p51s_\(20hx\)envy_15-cn0xxx_x360_firmwareenvy_-_13t-aq100envy_13-aq0xxx_firmwareenvy_13-ah0xxxthinkpad_a275_firmwarethinkpad_e585pavilion_14m-dh0xxx_x360pavilion_15_firmwarethinkpad_x1_carbon_\(20kx\)envy_17m-ce1xxx_firmwareenvy_17-ce1xxxthinkpad_e590thinkpad_x1_yoga_3rd_genthinkpad_x380_yoga_firmwareenvy_15m-dr1xxx_x360_\(validity_fps\)envy_-_17t-bw000_firmwarepavilion_14-cd1xxx_x360_firmwarethinkpad_e490sthinkpad_t470_\(20jx\)thinkpad_p1_firmwarethinkpad_p51s_\(20jx\)envy_x360_-_15t-dr100_\(validity_fps\)_firmwarethinkpad_x1_carbon_\(20kx\)_firmwarethinkpad_x1_yoga_4th_genpavilion_14-cd2xxx_x360_firmwarethinkpad_t570_\(20hx\)thinkpad_p52_firmwarepavilion_x360_-_14t-cd000thinkpad_t470s_\(20hx\)_firmwareenvy_15-dr1xxx_x360_\(validity_fps\)_firmwarethinkpad_t470_\(20hx\)_firmwarethinkpad_t580_firmwarethinkpad_a275thinkpad_e485thinkpad_x380_yogathinkpad_l480_firmwarethinkpad_yoga_s1_firmwarethinkpad_p53sthinkpad_t480sthankpad_a485envy_15m-dr0xxx_x360thinkpad_p71_\(20hx\)envy_x360_-_15t-dr000_\(validity_fps\)_firmwarethinkpad_x1_extreme_2nd_firmwarethinkpad_p51_firmwarevfs75xxthinkpad_t460spavilion_x360_-_15t-dq000_firmwarethinkpad_x390_yogaenvy_13-aq1xxx_firmwarethinkpad_t25_\(20k7\)_firmwarepavilion_x360_-_15t-dq000pavilion_14-dh0xxx_x360pavilion_x360_14t-cd100_firmwareenvy_-_13t-aq100_firmwarepavilion_14m-dh0xxx_x360_firmwarethinkpad_p43sthinkpad_x1_yoga_4th_gen_firmwarethinkpad_x1_extreme_firmwarethinkpad_x1_yoga_3rd_gen_firmwareenvy_15m-cn0xxx_x360_firmwarepavilion_14m-cd0xxx_x360thinkpad_p51s_\(20kx\)_firmwarethankpad_a475_firmwarethinkpad_t490s_firmwarethinkpad_p51s_\(20hx\)_firmwarepavilion_x360_-_15t-dq100pavilion_14m-cd0xxx_x360_firmwarethinkpad_25_firmwarepavilion_14-dh0xxx_x360_firmwarespectre_x360thinkpad_l580thinkpad_p50thinkpad_r590envy_15-dr0xxx_x360_firmwarethinkpad_e580envy_17-bw0xxxenvy_15m-dr1xxx_x360_firmwareenvy_17-ce0xxxenvy_13-ah1xxxpavilion_x360_-_15t-dq100_firmwareenvy_15-dr0xxx_x360_\(validity_fps\)_firmwarethinkpad_x1_tablet_\(20jx\)thinkpad_e490s_firmwareenvy_15m-dr0xxx_x360_firmwarethinkpad_x1_yoga_\(20jx\)thinkpad_p1_gen_2envy_15-dr1xxx_x360thinkpad_t470p_firmwarethinkpad_e480_firmwareenvy_15m-dr1xxx_x360envy_17m-ce1xxxthinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_s1_3rd_firmwarethinkpad_t460s_firmwareenvy_x360_-_15t-dr000_\(validity_fps\)thinkpad_x1_tablet_\(20jx\)_firmwareenvy_17m-ce0xxx_firmwarethinkpad_p53_firmwarepavilion_x360_14t-cd100thinkpad_x270_firmwareenvy_-_17t-ce100_firmwarethankpad_a475thinkpad_t25_\(20k7\)envy_15m-cn0xxx_x360envy_x360_-_15t-dr000_firmwarevfs75xx_firmwareenvy_15-cn1xxx_x360_firmwarethinkpad_s1_3rdenvy_17-ce1xxx_firmwarethinkpad_e480thinkpad_t480s_firmwarethinkpad_p51thinkpad_yoga_260thinkpad_s3envy_15-cn0xxx_x360thinkpad_t470_\(20jx\)_firmwarethinkpad_e585_firmwarethinkpad_t490sthinkpad_p73thinkpad_p72envy_17m-ce0xxxthinkpad_t470pthinkpad_x1_yoga_\(20jx\)_firmwarethinkpad_yoga_260_firmwarethinkpad_yoga_s1envy_15m-dr0xxx_x360_\(validity_fps\)_firmwarethinkpad_t470s_\(20jx\)thinkpad_yoga_370_firmwareenvy_15m-dr1xxx_x360_\(validity_fps\)_firmwarethinkpad_p53s_firmwareenvy_-_17t-ce000thinkpad_p51s_\(20jx\)_firmwarethinkpad_t480envy_-_13t-ah100thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_p43s_firmwarethinkpad_x1_carbon_\(20hx\)_firmwaren/a
CWE ID-CWE-763
Release of Invalid Pointer or Reference
CVE-2024-2175
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.35%
||
7 Day CHG~0.00%
Published-16 Aug, 2024 | 14:17
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Accessories and Display ManagerDisplay Control Centerdisplay_control_centeraccessories_and_display_manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2019-0135
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.87%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p520_firmwarethinkstation_p520thinkstation_p720_firmwarethinkstation_p720thinkstation_p520c_firmwarerapid_storage_technology_enterprisethinkstation_p520cthinkstation_p920thinkstation_p920_firmwareIntel(R) Accelerated Storage Manager in RSTe Advisory
CWE ID-CWE-264
Not Available
CVE-2015-8535
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 14:05
Updated-06 Aug, 2024 | 08:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-n/aLenovo Group Limited
Product-solution_centern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-2501
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.07% / 20.48%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 19:14
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-2502
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.06% / 18.65%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 19:14
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPC Manager
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2023-6043
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.42%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:08
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-vantageVantage
CWE ID-CWE-295
Improper Certificate Validation
CVE-2023-6338
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.22%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 21:00
Updated-03 Jun, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-universal_device_clientUniversal Device Client (UDC)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-5080
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 20:06
Updated-17 Jun, 2025 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Action-Not Available
Vendor-Lenovo Group Limited
Product-tab_m8_hd_tb8505x_firmwaretab_m8_hd_tb8505fstab_p11_pro_gen_2_tb132fu_firmwaretab_m10_plus_gen_3_tb125futab_m8_hd_tb8505fs_firmwaretab_m8_hd_tb8505ftab_m8_hd_tb8505xstab_m8_hd_tb8505xs_firmwaretab_p11_pro_gen_2_tb132futab_m8_hd_tb8505xtab_m8_hd_tb8505f_firmwaretab_m10_plus_gen_3_tb125fu_firmwareTablet
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2021-3550
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.00%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3462
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.19%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 20:41
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_l15_gen_1thinkpad_x13_yoga_gen_1thinkpad_a275thinkpad_e15thinkpad_x1_yoga_gen_2thinkpad_p17_gen_1thinkpad_x380_yogathinkpad_a485thinkpad_25thinkpad_s2_yoga_gen_5thinkpad_e490thinkpad_s2_gen_2thinkpad_p53sthinkpad_t480sthinkpad_t570thinkpad_s1_gen_4thinkpad_x13_yoga_gen_2thinkpad_t14s_gen_1thinkpad_t490thinkpad_p51sthinkpad_e14_gen2thinkpad_t590thinkpad_x390_yogathinkpad_p53thinkpad_x13_gen_2ithinkpad_e575thinkpad_r14_gen_2thinkpad_e14thinkpad_x1_yoga_gen_6thinkpad_e570thinkpad_l590thinkpad_l13_yoga_gen_2thinkpad_l570thinkpad_x1_carbon_gen_5thinkpad_p14s_gen_1thinkpad_p52thinkpad_p43sthinkpad_a475thinkpad_l480thinkpad_e475power_management_driverthinkpad_x1_titanium_gen_1thinkpad_s5_gen_2thinkpad_e15_gen2thinkpad_t14_gen_2thinkpad_x1_yoga_gen_4thinkpad_13_gen_2thinkpad_e495thinkpad_s2_yoga_gen_6thinkpad_x1_carbon_gen_8thinkpad_x270thinkpad_l580thinkpad_a285thinkpad_e580thinkpad_p1_gen_3thinkpad_p1thinkpad_l14_gen_2thinkpad_x1_tablet_gen_2thinkpad_l13_gen_2thinkpad_x280thinkpad_p71thinkpad_t15_gen_1thinkpad_x390thinkpad_s3_gen_2thinkpad_p1_gen_2thinkpad_t15g_gen_1thinkpad_x1_yoga_gen_3thinkpad_11e_yoga_gen_6thinkpad_r14thinkpad_yoga_370thinkpad_l470thinkpad_x1_carbon_gen_7thinkpad_x395thinkpad_l15_gen_2thinkpad_t470thinkpad_p15v_gen_1thinkpad_l390thinkpad_e570cthinkpad_l380thinkpad_t580thinkpad_l14_gen_1thinkpad_l390_yogathinkpad_r480thinkpad_x1_extremethinkpad_e480thinkpad_l490thinkpad_11e_gen_5thinkpad_l380_yogathinkpad_p51thinkpad_l13thinkpad_t490sthinkpad_p73thinkpad_e470thinkpad_t15p_gen_1thinkpad_s2_gen_5thinkpad_x1_tablet_gen_3thinkpad_x1_extreme_gen_3thinkpad_l13_yoga_gen_1thinkpad_e590thinkpad_t470sthinkpad_p72thinkpad_t14_gen_1thinkpad_t15_gen_2thinkpad_t470pthinkpad_x12thinkpad_l13_gen_1thinkpad_x13_gen_1thinkpad_t14s_gen_2ithinkpad_e470cthinkpad_s2_gen_6thinkpad_x1_nano_gen_1thinkpad_e595thinkpad_x1_carbon_gen_9thinkpad_t495thinkpad_p14s_gen_2thinkpad_l13_yogathinkpad_p15s_gen_2thinkpad_p15_gen_1thinkpad_t480thinkpad_p15s_gen_1thinkpad_x1_extreme_2ndthinkpad_p52sthinkpad_x1_carbon_gen_6thinkpad_yoga_11e_gen_5thinkpad_x1_yoga_gen_5Power Management Driver for Windows 10
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-12673
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.5||HIGH
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 20:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)

Action-Not Available
Vendor-Lenovo Group Limited
Product-Vantage
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2023-4030
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-8.4||HIGH
EPSS-0.08% / 23.71%
||
7 Day CHG~0.00%
Published-17 Aug, 2023 | 16:48
Updated-08 Oct, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t14_gen_2thinkpad_p14s_gen_2thinkpad_p15s_gen_2thinkpad_t15_gen_2_firmwarethinkpad_p14s_gen_2_firmwarethinkpad_t15_gen_2thinkpad_p15s_gen_2_firmwarethinkpad_t14_gen_2_firmwareThinkPadthinkpad
CWE ID-CWE-636
Not Failing Securely ('Failing Open')
CVE-2026-2640
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 20:23
Updated-12 Mar, 2026 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.

Action-Not Available
Vendor-Lenovo Group Limited
Product-PC Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-3702
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.1||MEDIUM
EPSS-0.02% / 5.54%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 19:42
Updated-09 Sep, 2024 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_update_pluginhardware_scan_pluginhardware_scan_addinVantage HardwareScan Plugin
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-3700
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 2.79%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 19:32
Updated-09 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_update_pluginhardware_scan_pluginhardware_scan_addinVantage SystemUpdate Plugin
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8354
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 9.96%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-notebook_firmwarenotebookBIOS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8332
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 10.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwarebladecenter_hs23e_firmwarebladecenter_hs23esystem_x3630_m4_firmwaresystem_x3630_m4flex_system_x220nextscale_nx360_m4_firmwaresystem_x3650_m4_firmwarenextscale_nx360_m4idataplex_dx360_m4_firmwaresystem_x3650_m4_hd_firmwarebladecenter_hs23system_x3300_m4system_x3650_m4_hdflex_system_x440_firmwaresystem_x3750_m4_firmwaresystem_x3550_m4system_x3650_m4_bd_firmwarecompute_node-x440_firmwareidataplex_dx360_m4flex_system_x220_firmwaresystem_x3650_m4_bdbladecenter_hs23_firmwaresystem_x3750_m4system_x3550_m4_firmwaresystem_x3500_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3530_m4idataplex_dx360_m4_water_cooledflex_system_x240_firmwareflex_system_x240system_x3650_m4compute_node-x440idataplex_dx360_m4_water_cooled_firmwareflex_system_x440System x
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8342
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.03% / 10.54%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 14:20
Updated-17 Sep, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-8320
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 14.89%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:50
Updated-16 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t480_firmwarethinkpad_l460_firmwarethinkpad_p50_firmwarethinkpad_x1_carbon_firmwarethinkpad_s3_3rd_gen_firmwarethinkpad_e580_firmwarethinkpad_e490thinkpad_x260_firmwarethinkpad_e590_firmwarethinkpad_t570thinkpad_l560thinkpad_t490thinkpad_p51sthinkpad_x280_firmwarethinkpad_p73_firmwarethinkpad_t590thinkpad_p53thinkpad_e575thinkpad_p72_firmwarethinkpad_x1_tabletthinkpad_t495_firmwarethinkpad_l460thinkpad_l590thinkpad_p52thinkpad_e560p_firmwarethinkpad_l480thinkpad_e475thinkpad_s2_yoga_4th_genthinkpad_p70thinkpad_t460thinkpad_l390_yoga_firmwarethinkpad_x390_firmwarethinkpad_e470_firmwarethinkpad_r490_firmwarethinkpad_11ethinkpad_x270thinkpad_a285thinkpad_t460pthinkpad_e15_firmwarethinkpad_p1thinkpad_l580_firmwarethinkpad_e460thinkpad_x1_tablet_firmwarethinkpad_l1415_firmwarethinkpad_l380_yoga_firmwarethinkpad_x280thinkpad_x390thinkpad_p50s_firmwarethinkpad_r14thinkpad_yoga_370thinkpad_s3_gen_2_firmwarethinkpad_l470thinkpad_e570_firmwarethinkpad_l470_firmwarethinkpad_s5_firmwarethinkpad_s3_firmwarethinkpad_t490_firmwarethinkpad_x390_yoga_firmwarethinkpad_l380_firmwarethinkpad_r590_firmwarethinkpad_l380thinkpad_t560_firmwarethinkpad_t580thinkpad_t590_firmwarethinkpad_x1_yoga_firmwarethinkpad_l390_yogathinkpad_yoga_11e_4th_gen_firmwarethinkpad_x1_extremethinkpad_x1_yogathinkpad_l490_firmwarethinkpad_e485_firmwarethinkpad_yoga_11e_3rd_gen_firmwarethinkpad_s5_2nd_gen_firmwarethinkpad_x1_carbonthinkpad_e560_firmwarethinkpad_t460p_firmwarethinkpad_t570_firmwarethinkpad_l13_firmwarethinkpad_yoga_11e_5th_genthinkpad_p52s_firmwarethinkpad_r490thinkpad_13_firmwarethinkpad_a275_firmwarethinkpad_e585thinkpad_l570_firmwarethinkpad_e590thinkpad_a475_firmwarethinkpad_x380_yoga_firmwarethinkpad_a485_firmwarethinkpad_e575_firmwarethinkpad_13_2nd_genthinkpad_e490sthinkpad_t25_firmwarethinkpad_p1_firmwarethinkpad_11e_yoga_gen_6_firmwarethinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkpad_a275thinkpad_t580_firmwarethinkpad_e15thinkpad_e485thinkpad_l480_firmwarethinkpad_x380_yogathinkpad_a485thinkpad_s2_yoga_3rd_gen_firmwarethinkpad_t25thinkpad_p53sthinkpad_t480sthinkpad_e465_firmwarethinkpad_t495sthinkpad_p51_firmwarethinkpad_t460sthinkpad_t495s_firmwarethinkpad_x390_yogathinkpad_e460_firmwarethinkpad_e455thinkpad_e14thinkpad_11e_firmwarethinkpad_e570thinkpad_s5_2nd_genthinkpad_l570thinkpad_e560thinkpad_p43sthinkpad_a475thinkpad_e555thinkpad_x1_extreme_firmwarethinkpad_t490s_firmwarethinkpad_e565thinkpad_e475_firmwarethinkpad_e565_firmwarethinkpad_t470s_firmwarethinkpad_l580thinkpad_p50thinkpad_r590thinkpad_yoga_11e_5th_gen_firmwarethinkpad_x395_firmwarethinkpad_e580thinkpad_r14_firmwarethinkpad_e490s_firmwarethinkpad_p71thinkpad_s3_gen_2thinkpad_s5thinkpad_t470p_firmwarethinkpad_e480_firmwarethinkpad_11e_yoga_gen_6thinkpad_p51s_firmwarethinkpad_s1_firmwarethinkpad_e490_firmwarethinkpad_p70_firmwarethinkpad_t560thinkpad_x395thinkpad_s1_3rd_firmwarethinkpad_t460_firmwarethinkpad_t460s_firmwarethinkpad_13thinkpad_t470thinkpad_yoga_11e_3rd_genthinkpad_p50sthinkpad_p53_firmwarethinkpad_x270_firmwarethinkpad_13_2nd_gen_firmwarethinkpad_s2_yoga_3rd_genthinkpad_s1_3rdthinkpad_s1thinkpad_e480thinkpad_l490thinkpad_l380_yogathinkpad_p51thinkpad_t480s_firmwarethinkpad_yoga_260thinkpad_s3thinkpad_s3_3rd_genthinkpad_p71_firmwarethinkpad_l13thinkpad_e585_firmwarethinkpad_t490sthinkpad_p73thinkpad_e555_firmwarethinkpad_e470thinkpad_yoga_11e_4th_genthinkpad_l590_firmwarethinkpad_e560pthinkpad_t470sthinkpad_p72thinkpad_t470pthinkpad_yoga_260_firmwarethinkpad_a285_firmwarethinkpad_e14_firmwarethinkpad_l1415thinkpad_l560_firmwarethinkpad_x260thinkpad_t495thinkpad_yoga_370_firmwarethinkpad_p53s_firmwarethinkpad_e465thinkpad_t480thinkpad_t470_firmwarethinkpad_p52sthinkpad_p43s_firmwarethinkpad_e455_firmwareBIOS
CWE ID-CWE-489
Active Debug Code
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1107
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.91%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_t580_firmwarethinkpad_11e_yoga_firmwarethinkpad_x1_yoga_gen_2thinkpad_t560thinkpad_w541thinkpad_yoga_15thinkpad_x1_carbon_3rd_gen_firmwarethinkpad_x1_carbon_4th_genthinkpad_x1_yoga_gen_2_firmwarethinkpad_t570thinkpad_l560thinkpad_p50sthinkpad_t560_firmwarethinkpad_w541_firmwarethinkpad_t580thinkpad_x1_yoga_firmwarethinkpad_x1_carbon_5th_gen_skylake_firmwarethinkpad_p51sthinkpad_x280_firmwarethinkpad_t550thinkpad_x1_yogathinkpad_x1_carbon_3rd_genthinkpad_11e_yogathinkpad_x1_tablet_gen_2_firmwarethinkpad_helix_firmwarethinkpad_t570_firmwarethinkpad_11e_firmwarethinkpad_x1_carbon_5th_gen_kabylake_firmwarethinkpad_yoga_260thinkpad_l570thinkpad_p52s_firmwarethinkpad_x1_tablet_gen_1_firmwarethinkpad_w550sthinkpad_x1_carbon_5th_gen_kabylakethinkpad_x1_carbon_5th_gen_skylakethinkpad_x1_yoga_gen_3_firmwarethinkpad_x1_carbon_4th_gen_firmwarethinkpad_t550_firmwarethinkpad_l570_firmwarethinkpad_w540_firmwarethinkpad_x390_firmwarethinkpad_yoga_15_firmwarethinkpad_11ethinkpad_yoga_260_firmwarethinkpad_helixthinkpad_x1_tablet_gen_1thinkpad_x1_tablet_gen_2thinkpad_w550s_firmwarethinkpad_l560_firmwarethinkpad_w540thinkpad_x280thinkpad_x250thinkpad_x390thinkpad_p50s_firmwarethinkpad_s540thinkpad_s540_firmwarethinkpad_x250_firmwarethinkpad_x1_yoga_gen_3thinkpad_p51s_firmwarethinkpad_p52sThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1108
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 8.69%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinkpad_x1_fold_gen_1thinkpad_x1_fold_gen_1_firmwareThinkPad BIOS
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-4607
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.24%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:25
Updated-03 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated XCC user can change permissions for any user through a crafted API command.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinkagile_hx5530thinksystem_sr570_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx3721thinksystem_sr158thinksystem_sd665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx630_v3_intergrated_system_firmwarethinksystem_sr850_v3_firmwarethinksystem_sd650_dwc_dual_node_traythinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_mx3331-f_all-flashthinkagile_vx7530_firmwarethinkagile_hx5520thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinksystem_sr860_v2thinkagile_hx_enclosure_firmwarethinkagile_hx3720thinkagile_hx7820_firmwarethinksystem_sd530thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinksystem_st650_v2thinkagile_vx_4u_firmwarethinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_mx3531_h_hybrid_firmwarethinkagile_hx3375thinkagile_vx2320_firmwarethinkagile_mx3530-h_hybridthinkagile_vx3330thinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinkserver_sr590thinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinkagile_vx7520thinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-h_hybridthinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinksystem_sd650_dual_node_traythinkagile_vx5520thinksystem_sr550thinkagile_mx3531-f_all-flash_firmwarethinkagile_mx650_v3_firmwarethinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3330-f_all-flashthinksystem_st250_v2thinkagile_hx2321_firmwarethinksystem_sr860_v2_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinksystem_st258thinkagile_mx3330-f_all-flash_firmwarethinksystem_sr850p_firmwarethinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinksystem_sd650_dwc_dual_node_tray_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx7531_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinksystem_sr670_firmwarethinkagile_mx_edge-_mx1020_thinkagile_vx_2u4n_firmwarethinksystem_sr150thinkagile_mx3531_h_hybridthinksystem_sr850_v2_firmwarethinkagile_vx3720thinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3330-h_hybrid_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinkagile_mx3331-f_all-flash_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx3530_f_all_flashthinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx1021_edgthinkagile_hx3520-gthinksystem_sr635_v3_firmwarethinkagile_vx7320_n_firmwarethinkagile_hx1021_edg_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinkedge_se450thinkagile_mx3530_f_all_flash_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_mx3330-h_hybridthinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_st658_v3_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinksystem_sr250_firmwarethinkagile_hx5521-cthinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530-h_hybrid_firmwarethinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr650_v3_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_mx_edge-_mx1020__firmwarethinkagile_hx2320-ethinkagile_vx5530thinkagile_hx7531_firmwarethinkagile_mx630_v3_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinkagile_mx3531-f_all-flashthinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_mx650_v3_intergrated_system_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_vx5530_firmwarethinkagile_mx3331-h_hybrid_firmwarethinkagile_vx3530-gthinksystem_sr650thinksystem_sr258thinkagile_hx5521thinksystem_sr645_firmwareLenovo XClarity Controller (XCC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-29056
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.51%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 21:07
Updated-30 Jan, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr570_firmwarethinkagile_hx5530thinksystem_sr158thinkagile_hx3721thinksystem_sd630_v2_firmwarethinksystem_sr665_firmwarethinksystem_sd650thinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx3531_h_firmwarethinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_hx5520thinkagile_vx7530_firmwarethinkedge_se450_thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinkagile_hx_enclosure_firmwarethinkagile_hx7820_firmwarethinkagile_hx3720thinksystem_sd530thinksystem_sr860_v2thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinkagile_vx_4u_firmwarethinksystem_st650_v2thinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_hx1021thinkagile_hx3375thinkagile_vx2320_firmwarethinksystem_sr250_v2_firmwarethinkagile_vx3330thinkagile_mx3330-h_firmwarethinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinkagile_vx7520thinkagile_hx3321_firmwarethinksystem_sr670_v2_firmwarethinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-f_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinkagile_vx5520thinksystem_sr550thinkagile_mx3330-hthinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3530-hthinksystem_sd650_firmwarethinksystem_st250_v2thinkagile_hx2321_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinkagile_mx3330-f_firmwarethinksystem_sr860_v2_firmwarethinksystem_sr850p_firmwarethinksystem_st258thinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinkstation_p920_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinkagile_mx3530_f_firmwarethinksystem_st650_v2_firmwarethinkagile_mx3330-fthinksystem_st258_v2_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_vx7531_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinkagile_vx_2u4n_firmwarethinksystem_sr670_firmwarethinksystem_sr150thinkagile_vx3720thinksystem_sr850_v2_firmwarethinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3530-h_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkagile_mx3331-h_firmwarethinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx1020_firmwarethinkagile_mx1020thinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx3520-gthinkagile_vx7320_n_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinksystem_sr645_firmwarethinkagile_hx1021_firmwarethinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinkagile_mx3331-hthinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinkstation_p920thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinkagile_hx5521-cthinksystem_sr250_firmwarethinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530_fthinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530thinkagile_mx3331-fthinkagile_hx7531_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinksystem_sr590thinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_sr665_v3thinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_mx3531_hthinkagile_vx3530-gthinkagile_vx5530_firmwarethinksystem_sr650thinksystem_sr258thinkagile_hx5521thinkagile_mx3531-fthinkagile_mx3531-f_firmwareXClarity Controller
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-6195
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 33.39%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 17:10
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sr150thinksystem_sn550thinkagile_hx_3000thinksystem_st558thinksystem_sr158thinksystem_sr570thinkagile_vx_7000thinksystem_st250thinksystem_sr950_serverthinkagile_mx_sr650thinksystem_sr850thinkagile_vx_2000thinksystem_sr550thinksystem_sn850thinksystem_sd650_dwcthinksystem_sr530thinksystem_sr250thinksystem_sr630thinkagile_hx_7000thinksystem_st258thinkagile_vx_1000xclarity_controllerthinkagile_hx_2000thinkagile_hx_5000thinksystem_sd530thinkagile_vx_3000thinksystem_sr590thinksystem_sr860thinkagile_vx_5000thinkagile_hx_1000thinksystem_st550thinksystem_sr650thinksystem_sr258XClarity Controller (XCC)
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-7556
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.42%
||
7 Day CHG~0.00%
Published-15 Jan, 2020 | 14:57
Updated-06 Aug, 2024 | 07:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.

Action-Not Available
Vendor-delegateNational Institute of Advanced Industrial Science and Technology
Product-delegateDeleGate
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-36765
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.42%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Microsoft Office Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office 2019
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-21360
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.29% / 53.20%
||
7 Day CHG+0.08%
Published-14 Jan, 2025 | 18:04
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-autoupdateMicrosoft AutoUpdate for Mac
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-21485
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 05:53
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100psm8735_firmwarefastconnect_6900_firmwaresw5100p_firmwarewsa8845_firmwarewcn7880_firmwarewsa8832_firmwaresm8750p_firmwarewcd9390wsa8835sw5100_firmwarewsa8830_firmwarewcd9395wsa8845wsa8840sxr2330pfastconnect_7800wsa8845h_firmwarefastconnect_7800_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresm8750wsa8830snapdragon_w5\+_gen_1_wearable_platform_firmwarewcn7880wsa8832snapdragon_w5\+_gen_1_wearable_platformsw5100wcd9378wsa8835_firmwarewcn7860fastconnect_6900wcd9385wcd9385_firmwaresm8735sxr2230psm8750psnapdragon_8_gen_3_mobile_platformsxr2250pwcn7861_firmwarewsa8840_firmwarewcn7750sxr2230p_firmwareqmp1000wcn7881sxr2250p_firmwarewcn7860_firmwaresm8750_firmwareqmp1000_firmwarewcd9378_firmwarewsa8845hsxr2330p_firmwarewcd9390_firmwarewcd9380_firmwarewcd9395_firmwarewcn7861wcn7750_firmwarewcd9380wcn7881_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-49156
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7||HIGH
EPSS-0.08% / 24.07%
||
7 Day CHG~0.00%
Published-17 Jun, 2025 | 18:42
Updated-09 Sep, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex One as a ServiceTrend Micro Apex One
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-35667
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.76%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 20:09
Updated-26 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34488
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.76%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Console Driver Elevation of Privilege Vulnerability

Windows Console Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-21473
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.28%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 07:25
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux

Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-34146
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.45%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 21:58
Updated-04 Dec, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Onetrend_micro_apex_one
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-33154
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.16% / 78.94%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 17:03
Updated-01 Jan, 2025 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Partition Management Driver Elevation of Privilege Vulnerability

Windows Partition Management Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows 10 Version 1607Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-32451
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-0.03% / 9.24%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 07:46
Updated-07 Nov, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Display Manager application, version 2.1.1.17, contains a vulnerability that low privilege user can execute malicious code during installation and uninstallation

Action-Not Available
Vendor-Dell Inc.
Product-display_managerDell Display Manager
CWE ID-CWE-272
Least Privilege Violation
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-33046
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.85%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 05:46
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment

Memory corruption in Trusted Execution Environment while deinitializing an object used for license validation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwarewsa8845_firmwarewsa8832wsa8840qam8295p_firmwareqca6595qcs8550_firmwareqca8081_firmwarear8035_firmwareqca6696qrb5165mqca6698aq_firmwarewcd9385qcn9012wcd9395_firmwareqcn6024snapdragon_8_gen_2_mobile_platformqcs7230_firmwaresxr1230p_firmwarewcd9390_firmwaresg8275pwsa8832_firmwareqca8337_firmwaresnapdragon_x70_modem-rf_system_firmwareqca8337wcd9395ssg2125psg8275p_firmwareqca6574au_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwareqam8295pqcs8250_firmwareqca6574auwcd9390sa8540p_firmwareflight_rb5_5g_platformvideo_collaboration_vc5_platformwsa8845h_firmwaresm8550p_firmwareqcm8550sa9000p_firmwaresnapdragon_x65_5g_modem-rf_systemqcn9024snapdragon_x65_5g_modem-rf_system_firmwareqrb5165n_firmwarewsa8835wsa8840_firmwaresxr2230p_firmwareqca6391_firmwareqcn9011snapdragon_ar2_gen_1_platformsa8295p_firmwareqca6696_firmwareqcn9024_firmwaresnapdragon_8cx_gen_3_compute_platformqcn6024_firmwarewsa8845hwcd9380_firmwareqca8081wsa8830sm8550pssg2115pqcn9011_firmwareflight_rb5_5g_platform_firmwarear8035sa8540pqrb5165m_firmwareqca6595_firmwareqcs7230fastconnect_6900fastconnect_7800_firmwarerobotics_rb5_platformqca6391snapdragon_x70_modem-rf_systemqcn9012_firmwareqca6698aqssg2125p_firmwarewcd9385_firmwareqrb5165nfastconnect_6900_firmwaresa8295psnapdragon_8_gen_2_mobile_platform_firmwarerobotics_rb5_platform_firmwarewcd9380qcs8550sxr2230pfastconnect_7800snapdragon_ar2_gen_1_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewsa8845wsa8835_firmwaresxr1230pssg2115p_firmwarevideo_collaboration_vc5_platform_firmwareqcs8250sa9000psnapdragon_8\+_gen_2_mobile_platformwsa8830_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-48645
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-21 Apr, 2026 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-3160
Matching Score-4
Assigner-ESET, spol. s r.o.
ShareView Details
Matching Score-4
Assigner-ESET, spol. s r.o.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.63%
||
7 Day CHG~0.00%
Published-14 Aug, 2023 | 09:27
Updated-09 Oct, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local privilege escalation in security products for Windows

The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.

Action-Not Available
Vendor-ESET, spol. s r. o.
Product-securitynod32server_securityinternet_securityendpoint_antivirusendpoint_securitysmart_securitymail_securityESET Server Security for Windows Server (File Security)ESET NOD32 AntivirusESET Internet SecurityESET Endpoint SecurityESET Mail Security for IBM DominoESET Endpoint AntivirusESET Smart Security PremiumESET Security for Microsoft SharePoint ServerESET Mail Security for Microsoft Exchange Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31432
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.08%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 23:58
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege issues in multiple commands

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_fabric_operating_systemFabric OS
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-48613
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.09%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 18:42
Updated-21 Apr, 2026 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 17
  • 18
  • Next
Details not found