Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_bluetooth_with_enhanced_data_rate_software | * |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | * | |
| android | 4.3 | |
| android | 4.0.1 | |
| android | 4.1.2 | |
| android | 4.0.4 | |
| android | 4.0 | |
| lenovo | shareit | * |
| android | 4.0.2 | |
| android | 4.1 | |
| android | 4.2.1 | |
| android | 4.2 | |
| android | 4.0.3 | |
| android | 4.2.2 |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_compute_node_eus | 7.6 |
| redhat | enterprise_linux_compute_node_eus | 7.2 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.3 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | openstack | 5.0 |
| redhat | virtualization | 3.0 |
| redhat | enterprise_linux_server | 7.0 |
| arista | eos | 4.12 |
| arista | eos | 4.14 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.5_ppc64 |
| debian | debian_linux | 7.0 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_for_power_big_endian | 7.0 |
| linux | linux_kernel | * |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_compute_node_eus | 7.4 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.6_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.1_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.4_ppc64 |
| qemu | qemu | * |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_for_scientific_computing | 7.0 |
| redhat | openstack | 6.0 |
| redhat | enterprise_linux_compute_node_eus | 7.5 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_compute_node_eus | 7.1 |
| redhat | enterprise_linux_server_eus | 7.1 |
| redhat | enterprise_linux_compute_node_eus | 7.7 |
| redhat | enterprise_linux_server_from_rhui | 7.0 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.2 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.2_ppc64 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.7_ppc64 |
| arista | eos | 4.15 |
| redhat | enterprise_linux_compute_node_eus | 7.3 |
| redhat | enterprise_linux_for_power_big_endian_eus | 7.3_ppc64 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.6 |
| lenovo | emc_px12-450r_ivx | * |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.6 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.7 |
| arista | eos | 4.13 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 7.4 |
| lenovo | emc_px12-400r_ivx | * |
| redhat | enterprise_linux_server_eus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.6 |
Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | usb_enhanced_performance_keyboard | * |
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | fingerprint_manager | * |
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_td350_firmware | * |
| lenovo | thinkserver_rd450_firmware | * |
| lenovo | thinkserver_rd350 | * |
| lenovo | thinkserver_rd550 | * |
| lenovo | thinkserver_td350 | * |
| lenovo | thinkserver_rd350_firmware | * |
| lenovo | thinkserver_rd650_firmware | * |
| lenovo | thinkserver_rd550_firmware | * |
| lenovo | thinkserver_rd450 | * |
| lenovo | thinkserver_rd650 | * |
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_system_manager_baseboard_management_controller_firmware | * |
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_system_manager_baseboard_management_controller_firmware | 118.71532 |
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | mouse_suite | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | s435_firmware | * |
| lenovo | yoga_3_14_firmware | * |
| lenovo | flex_2_pro-15_firmware | * |
| lenovo | edge_15_firmware | * |
| lenovo | u41-70_firmware | * |
| lenovo | g40-80_firmware | * |
| lenovo | g50-80_firmware | * |
| lenovo | b50-10_firmware | * |
| lenovo | ideapad_100-14iby_firmware | * |
| lenovo | z51-70_firmware | * |
| lenovo | z41-70_firmware | * |
| lenovo | flex_3-1470_firmware | * |
| lenovo | u31-70_firmware | * |
| lenovo | g50-80m_firmware | * |
| lenovo | flex_3-1570_firmware | * |
| lenovo | g50-80_touch_v3000_firmware | * |
| lenovo | yoga_3_11_firmware | * |
| lenovo | z70-80_firmware | * |
| lenovo | ideapad_100-15iby_firmware | * |
| lenovo | g40-80m_firmware | * |
| lenovo | s41-70_firmware | * |
| lenovo | s21e_firmware | * |
| lenovo | m40-35_firmware | * |
| lenovo | g50-80_touch_firmware | * |
| lenovo | flex_3-1120_firmware | * |
| lenovo | g70-80_firmware | * |
| lenovo | y40-80_firmware | * |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | switch_center | * |
| ibm | system_networking_switch_center | * |
The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | switch_center | * |
| ibm | system_networking_switch_center | * |
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | switch_center | * |
| ibm | system_networking_switch_center | * |
Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | switch_center | * |
| ibm | system_networking_switch_center | * |
The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | emc_firmware | 4.1.204.33661 |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_system_update | * |
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_system_update | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.5s_3.5.0s |
| cisco | ios_xe | 3.3xo_3.3.0xo |
| cisco | ios_xe | 3.6e_3.6.3e |
| cisco | ios_xe | 3.8s_3.8.2s |
| cisco | ios_xe | 3.5e_3.5.2e |
| cisco | ios_xe | 3.3sg_3.3.2sg |
| cisco | ios_xe | 3.13s_3.13.2as |
| cisco | ios_xe | 3.14s_3.14.2s |
| cisco | ios_xe | 3.16s_3.16.1s |
| cisco | ios_xe | 3.8e_3.8.1e |
| cisco | ios_xe | 3.6e_3.6.2ae |
| cisco | ios_xe | 3.6s_3.6.2s |
| cisco | ios_xe | 3.7s_3.7.1s |
| cisco | ios_xe | 3.7s_3.7.6s |
| cisco | ios_xe | 3.4sg_3.4.2sg |
| cisco | ios_xe | 3.14s_3.14.0s |
| cisco | ios_xe | 3.11s_3.11.1s |
| cisco | ios_xe | 3.5s_3.5.2s |
| cisco | ios_xe | 3.9s_3.9.1s |
| cisco | ios_xe | 3.10s_3.10.1s |
| cisco | ios_xe | 3.7s_3.7.4as |
| cisco | ios_xe | 3.15s_3.15.1cs |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | ios_xe | 3.14s_3.14.1s |
| cisco | ios_xe | 3.10s_3.10.2s |
| cisco | ios_xe | 3.14s_3.14.3s |
| cisco | ios_xe | 3.7s_3.7.2ts |
| cisco | ios_xe | 3.15s_3.15.2s |
| cisco | ios_xe | 3.4s_3.4.3s |
| cisco | ios_xe | 3.4sg_3.4.7sg |
| cisco | ios_xe | 3.11s_3.11.2s |
| cisco | ios_xe | 3.4s_3.4.0as |
| cisco | ios_xe | 3.9s_3.9.1as |
| cisco | ios_xe | 3.13s_3.13.3s |
| cisco | ios_xe | 3.4sg_3.4.5sg |
| cisco | ios_xe | 3.10s_3.10.3s |
| cisco | ios_xe | 3.7s_3.7.4s |
| cisco | ios_xe | 3.12s_3.12.2s |
| zyxel | gs1900-10hp_firmware | * |
| cisco | ios_xe | 3.10s_3.10.1xbs |
| cisco | ios_xe | 3.5e_3.5.3e |
| cisco | ios_xe | 3.8e_3.8.0e |
| cisco | ios_xe | 3.3s_3.3.0s |
| cisco | ios_xe | 3.10s_3.10.6s |
| cisco | ios_xe | 3.5s_3.5.1s |
| cisco | ios_xe | 3.10s_3.10.5s |
| cisco | ios_xe | 3.7s_3.7.2s |
| cisco | ios_xe | 3.3sg_3.3.1sg |
| cisco | ios_xe | 3.6e_3.6.2e |
| lenovo | thinkcentre_e75s_firmware | * |
| cisco | ios_xe | 3.7s_3.7.3s |
| cisco | ios_xe | 3.8s_3.8.1s |
| cisco | ios_xe | 3.17s_3.17.0s |
| cisco | ios_xe | 3.7e_3.7.3e |
| cisco | ios_xe | 3.16s_3.16.1as |
| cisco | ios_xe | 3.12s_3.12.3s |
| cisco | ios_xe | 3.12s_3.12.1s |
| cisco | ios_xe | 3.3xo_3.3.2xo |
| cisco | ios_xe | 3.13s_3.13.4s |
| cisco | ios_xe | 3.13s_3.13.2s |
| cisco | ios_xe | 3.6e_3.6.1e |
| cisco | ios_xe | 3.12s_3.12.4s |
| cisco | ios_xe | 3.16s_3.16.0s |
| cisco | ios_xe | 3.7e_3.7.0e |
| cisco | ios_xe | 3.4s_3.4.2s |
| cisco | ios_xe | 3.10s_3.10.0s |
| cisco | ios_xe | 3.9s_3.9.0as |
| cisco | ios_xe | 3.3sg_3.3.0sg |
| cisco | ios_xe | 3.4s_3.4.5s |
| cisco | ios_xe | 3.3s_3.3.2s |
| cisco | ios_xe | 3.5e_3.5.0e |
| cisco | ios_xe | 3.7e_3.7.1e |
| cisco | ios_xe | 3.11s_3.11.4s |
| cisco | ios_xe | 3.3xo_3.3.1xo |
| cisco | ios_xe | 3.11s_3.11.3s |
| cisco | ios_xe | 3.15s_3.15.1s |
| zzinc | keymouse_firmware | 3.08 |
| cisco | ios_xe | 3.4s_3.4.4s |
| cisco | ios_xe | 3.4sg_3.4.3sg |
| cisco | ios_xe | 3.8s_3.8.0s |
| cisco | ios_xe | 3.4sg_3.4.6sg |
| cisco | ios_xe | 3.4s_3.4.6s |
| sun | opensolaris | snv_124 |
| cisco | ios_xe | 3.7e_3.7.2e |
| cisco | ios_xe | 3.13s_3.13.0as |
| cisco | ios_xe | 3.13s_3.13.0s |
| cisco | ios_xe | 3.6e_3.6.0e |
| cisco | ios_xe | 3.13s_3.13.1s |
| cisco | ios_xe | 3.6s_3.6.1s |
| cisco | ios_xe | 3.11s_3.11.0s |
| cisco | ios_xe | 3.5e_3.5.1e |
| cisco | ios_xe | 3.10s_3.10.4s |
| cisco | ios_xe | 3.3s_3.3.1s |
| cisco | ios_xe | 3.4sg_3.4.1sg |
| cisco | ios_xe | 3.7s_3.7.0s |
| cisco | ios_xe | 3.12s_3.12.0s |
| cisco | ios_xe | 3.4s_3.4.1s |
| cisco | ios_xe | 3.9s_3.9.2s |
| cisco | ios_xe | 3.4s_3.4.0s |
| cisco | ios_xe | 3.4sg_3.4.0sg |
| cisco | ios_xe | 3.4sg_3.4.4sg |
| cisco | ios_xe | 3.16s_3.16.0cs |
| cisco | ios_xe | 3.7s_3.7.5s |
| cisco | ios_xe | 3.7s_3.7.7s |
| cisco | ios_xe | 3.6s_3.6.0s |
| cisco | ios_xe | 3.15s_3.15.0s |
| cisco | ios_xe | 3.9s_3.9.0s |
| netgear | jr6150_firmware | * |
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.9.2s |
| cisco | ios_xe | 3.10.0s |
| cisco | ios_xe | 3.9.1s |
| cisco | ios_xe | 3.8.0s |
| cisco | ios_xe | 3.9.1as |
| cisco | ios_xe | 3.9.0s |
| cisco | ios_xe | 3.11.0s |
| zzinc | keymouse_firmware | 3.08 |
| lenovo | thinkcentre_e75s_firmware | * |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | ios_xe | 3.10.2s |
| cisco | ios_xe | 3.8.2s |
| cisco | ios_xe | 3.10.1xbs |
| sun | opensolaris | snv_124 |
| zyxel | gs1900-10hp_firmware | * |
| cisco | ios_xe | 3.9.0as |
| cisco | ios_xe | 3.10.1s |
| cisco | ios_xe | 3.8.1s |
Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | * |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | * |
The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | * |
The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.
CVSS 2.0
Severity: LOW
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | 3.0.18_ww |
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | fingerprint_manager | * |
| lenovo | touch_fingerprint | * |
UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | accelerator_application | - |
Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | 3.5.98_ww |
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | shareit | 3.5.98_ww |
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | bios | - |
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | * |
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | 1.5 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | bios_efi_driver | - |
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dell | km714_firmware | * |
| dell | km632_firmware | - |
| amazonbasics | firmware | - |
| logitech | unifying_firmware | * |
| lenovo | ultraslim_firmware | - |
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | ethernet_10gb_4-port_563sfp+ | * |
| intel | ethernet_controller_xl710_firmware | * |
| lenovo | converged_hx7500_appliance | 5.05 |
| lenovo | thinkserver_rd450 | 5.05 |
| lenovo | system_x3500_m5 | 5.05 |
| hp | proliant_xl260a_g9_server | * |
| lenovo | system_x3650_m5 | 5.05 |
| intel | ethernet_controller_x710_firmware | * |
| hp | ethernet_10gb_2-port_562flr-sfp+ | * |
| lenovo | thinkserver_rd350 | 5.05 |
| lenovo | system_x3250_m5 | 5.05 |
| lenovo | thinkserver_td350 | 5.05 |
| lenovo | system_x3750_m4 | 5.05 |
| lenovo | system_x3850_x6 | 5.05 |
| lenovo | converged_hx7510_appliance | 5.05 |
| lenovo | thinkagile_cx4600 | 5.05 |
| lenovo | thinkserver_sd350 | 5.05 |
| lenovo | system_x3950_x6 | 5.05 |
| lenovo | thinkagile_cx4200 | 5.05 |
| lenovo | converged_hx_series | 5.05 |
| lenovo | thinkagile_cx2200 | 5.05 |
| lenovo | converged_hx5510_appliance | 5.05 |
| lenovo | thinkserver_rd650 | 5.05 |
| hp | ethernet_10gb_2-port_562sfp+ | * |
| lenovo | system_x3550_m5 | 5.05 |
| lenovo | thinkserver_rd550 | 5.05 |
| lenovo | nextscale_nx360_m5 | 5.05 |
| lenovo | converged_hx5500_appliance | 5.05 |
Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_yoga_11e_beema_bios | - |
| lenovo | thinkpad_t460p_bios | - |
| lenovo | thinkpad_e555_bios | - |
| lenovo | thinkpad_l560_bios | - |
| lenovo | thinkpad_p50_bios | - |
| lenovo | thinkpad_p50s_bios | - |
| lenovo | thinkpad_s1_yoga_vpro_bios | - |
| lenovo | thinkpad_s3_yoga_14_bios | - |
| lenovo | thinkpad_s1_yoga_non_vpro_bios | - |
| lenovo | thinkpad_e450_bios | - |
| lenovo | thinkpad_x1_tablet_bios | - |
| lenovo | thinkpad_11e_broadwell_bios | - |
| lenovo | thinkpad_s1_yoga_12_bios | - |
| lenovo | thinkpad_s3_s440_bios | - |
| lenovo | thinkpad_x1_yoga_bios | - |
| lenovo | thinkpad_x240_bios | - |
| lenovo | thinkpad_11e_skylake_bios | - |
| lenovo | thinkpad_t440_bios | - |
| lenovo | thinkpad_t460_bios | - |
| lenovo | thinkpad_helix_20ch_bios | - |
| lenovo | thinkpad_l460_bios | - |
| lenovo | thinkpad_tablet_10_bios | - |
| lenovo | thinkpad_w540_bios | - |
| lenovo | thinkpad_e565_bios | - |
| lenovo | thinkpad_yoga_11e_skylake_bios | - |
| lenovo | thinkpad_yoga_260_s1_bios | - |
| lenovo | thinkpad_w541_bios | - |
| lenovo | thinkpad_x250_broadwell_bios | - |
| lenovo | thinkpad_t450s_bios | - |
| lenovo | thinkpad_w550s_bios | - |
| lenovo | thinkpad_t450_bios | - |
| lenovo | thinkpad_t560_bios | - |
| lenovo | thinkpad_t440u_bios | - |
| lenovo | thinkpad_t540_bios | - |
| lenovo | thinkpad_yoga_14_460_s3_bios | - |
| lenovo | thinkpad_e450c_bios | - |
| lenovo | thinkpad_s540_bios | - |
| lenovo | thinkpad_t440s_bios | - |
| lenovo | thinkpad_helix_20cg_bios | - |
| lenovo | thinkpad_l450_bios | - |
| lenovo | thinkpad_x140e_amd_bios | - |
| lenovo | thinkpad_s5_yoga_15_bios | - |
| lenovo | thinkpad_yoga_11e_broadwell_bios | - |
| lenovo | thinkpad_11e_beema_bios | - |
| lenovo | thinkpad_t550_bios | - |
| lenovo | thinkpad_x260_bios | - |
| lenovo | thinkpad_t440p_bios | - |
| lenovo | thinkpad_e560_bios | - |
| lenovo | thinkpad_l440_bios | - |
| lenovo | thinkpad_l540_bios | - |
| lenovo | thinkpad_p70_bios | - |
| lenovo | thinkpad_11e_braswell_bios | - |
| lenovo | thinkpad_yoga_11e_bios | - |
| lenovo | thinkpad_t460s_bios | - |
| lenovo | thinkpad_x1_carbon_20ax_bios | - |
| lenovo | thinkpad_10_ella_2_bios | - |
| lenovo | thinkpad_e465_bios | - |
| lenovo | thinkpad_x250_sharkbay_bios | - |
| lenovo | thinkpad_edge_e540_bios | - |
| lenovo | thinkpad_e550_bios | - |
| lenovo | thinkpad_tablet_8_bios | - |
| lenovo | thinkpad_e455_bios | - |
| lenovo | thinkpad_x240s_bios | - |
| lenovo | thinkpad_edge_e445_bios | - |
| lenovo | thinkpad_edge_e440_bios | - |
| lenovo | thinkpad_x1_carbon_bios | - |
| lenovo | thinkpad_edge_e545_bios | - |
| lenovo | thinkpad_s5_e560p_bios | - |
| lenovo | thinkpad_e460_bios | - |
| lenovo | thinkpad_e550c_bios | - |
| lenovo | thinkpad_x1_carbon_20bx_bios | - |
| lenovo | thinkpad_13e_bios | - |
| lenovo | thinkpad_t540p_bios | - |
| lenovo | thinkpad_yoga_11e_braswell_bios | - |
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | notebook_ideapad_510s_12isk_bios | - |
| lenovo | notebook_ideapad_300_15ibr_bios | - |
| lenovo | notebook_xiaoxin_air_12_bios | - |
| lenovo | notebook_e41_80_bios | - |
| lenovo | notebook_ideapad_300_14isk_bios | - |
| lenovo | notebook_yoga_710_11ikb_bios | - |
| lenovo | notebook_e51_80_bios | - |
| lenovo | notebook_e31_80_bios | - |
| lenovo | thinkserver_ts450_bios | - |
| lenovo | notebook_yoga_900_13isk_bios | - |
| lenovo | notebook_e40_80_bios | - |
| lenovo | bios | - |
| lenovo | notebook_k41_80_bios | - |
| lenovo | notebook_ideapad_300_14ibr_bios | - |
| lenovo | notebook_ideapad_300_17isk_bios | - |
| lenovo | notebook_g40_80_bios | - |
| lenovo | notebook_yoga_510_15isk_bios | - |
| lenovo | notebook_b70_80_bios | - |
| lenovo | notebook_yoga_510_14isk_bios | - |
| lenovo | notebook_110_15ibr_bios | - |
| lenovo | notebook_g50_80_bios | - |
| lenovo | notebook_ideapad_300_15isk_bios | - |
| lenovo | notebook_yoga_900s_12isk_bios | - |
| lenovo | notebook_k21_80_bios | - |
| lenovo | notebook_g50_80_touch_bios | - |
| lenovo | notebook_110_14ibr_bios | - |
| lenovo | notebook_miix_710_12ikb_bios | - |
| lenovo | notebook_yoga_710_11isk_bios | - |
| lenovo | thinkserver_ts150_bios | - |
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | edge_keyboard_driver | * |
| lenovo | slim_usb_keyboard_driver | * |
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_x3250_m6_bios | - |
| lenovo | nextscale_nx360_m5_bios | - |
| lenovo | flex_system_x880_x6_bios | - |
| lenovo | system_x3650_m5_bios | - |
| lenovo | flex_system_x240_m5_bios | - |
| lenovo | system_x3500_m5_bios | - |
| lenovo | system_x3950_x6_bios | - |
| lenovo | flex_system_x280_m6_bios | - |
| lenovo | system_x3550_m5_bios | - |
| lenovo | system_x3850_x6_bios | - |
| lenovo | flex_system_x480_x6_bios | - |
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | transition | - |
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_service_bridge | - |
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_service_bridge | - |
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_service_bridge | - |
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_service_bridge | - |
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | customer_care_software_development_kit | * |
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_firmware | * |
Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | updates | - |
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_td350_firmware | * |
| openslp | openslp | 1.1.0 |
| lenovo | thinkserver_td340_firmware | * |
| lenovo | storage_n4610_firmware | * |
| lenovo | thinkserver_sd350_firmware | - |
| lenovo | thinkserver_rs160_firmware | * |
| lenovo | fan_power_controller | * |
| lenovo | thinkserver_rd340_firmware | * |
| lenovo | cmm | * |
| lenovo | thinkserver_rd450_firmware | * |
| lenovo | imm2 | * |
| redhat | enterprise_linux_server | 7.0 |
| lenovo | thinkserver_rq750_firmware | * |
| lenovo | thinkserver_rd640_firmware | * |
| debian | debian_linux | 7.0 |
| lenovo | thinkserver_rd650_firmware | * |
| lenovo | thinksystem_sr630_firmware | - |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_server_tus | 7.6 |
| lenovo | imm1 | * |
| lenovo | thinkserver_rd350x_firmware | - |
| redhat | enterprise_linux_server_eus | 7.6 |
| lenovo | thinkserver_rd350_firmware | * |
| lenovo | thinkserver_ts460_firmware | * |
| lenovo | thinkserver_rd550_firmware | * |
| redhat | enterprise_linux_desktop | 7.0 |
| lenovo | storage_n3310_firmware | * |
| redhat | enterprise_linux_server | 6.0 |
| canonical | ubuntu_linux | 14.04 |
| lenovo | thinkserver_rd450x_firmware | - |
| lenovo | bm_nextscale_fan_power_controller | * |
| openslp | openslp | 1.0.2 |
| canonical | ubuntu_linux | 16.04 |
| lenovo | xclarity_administrator | * |
| lenovo | thinkserver_rd350g_firmware | - |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| lenovo | thinksystem_hr650x_firmware | - |
| lenovo | thinkserver_rd540_firmware | * |
| lenovo | thinkserver_rd440_firmware | * |
| redhat | enterprise_linux_workstation | 6.0 |
| lenovo | flex_system_fc3171_8gb_san_switch_firmware | * |
| redhat | enterprise_linux_server_aus | 7.6 |
| lenovo | thinksystem_hr630x_firmware | - |
In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | active_protection_system | 1.77.0.7 |
| lenovo | active_protection_system | 1.77.0.9 |
| lenovo | active_protection_system | 1.80.3.00 |
| lenovo | active_protection_system | 1.82.0.10 |
| lenovo | active_protection_system | 1.34 |
| lenovo | active_protection_system | 1.40 |
| lenovo | active_protection_system | 1.32 |
| lenovo | active_protection_system | 1.30b |
| lenovo | active_protection_system | 1.80.11.00 |
| lenovo | active_protection_system | 1.63 |
| lenovo | active_protection_system | 1.80.1.00 |
| lenovo | active_protection_system | 1.72 |
| lenovo | active_protection_system | 1.23 |
| lenovo | active_protection_system | 1.78.0.09 |
| lenovo | active_protection_system | 1.00b |
| lenovo | active_protection_system | 1.21 |
| lenovo | active_protection_system | 1.73 |
| lenovo | active_protection_system | 1.53 |
| lenovo | active_protection_system | 1.33b |
| lenovo | active_protection_system | 1.82.0.07 |
| lenovo | active_protection_system | 1.71 |
| lenovo | active_protection_system | 1.52 |
| lenovo | active_protection_system | 1.79.0.03 |
| lenovo | active_protection_system | 1.77.0.26 |
| lenovo | active_protection_system | 1.61 |
| lenovo | active_protection_system | 1.50 |
| lenovo | active_protection_system | 1.01b |
| lenovo | active_protection_system | 1.51 |
| lenovo | active_protection_system | 1.20b |
| lenovo | active_protection_system | 1.77.0.20 |
| lenovo | active_protection_system | 1.22 |
| lenovo | active_protection_system | 1.62 |
| lenovo | active_protection_system | 1.74 |
| lenovo | active_protection_system | 1.78.0.11 |
| lenovo | active_protection_system | 1.76 |
| lenovo | active_protection_system | 1.31 |
| lenovo | active_protection_system | 1.82.0.06 |
| lenovo | active_protection_system | 1.70 |
| lenovo | active_protection_system | 1.75 |
| lenovo | active_protection_system | 1.77.0.5 |
| lenovo | active_protection_system | 1.77.0.8 |
| lenovo | active_protection_system | 1.64 |
| lenovo | active_protection_system | 1.78.0.10 |
| lenovo | active_protection_system | 1.80.8.00 |
| lenovo | active_protection_system | 1.54 |
| lenovo | active_protection_system | 1.41 |
| lenovo | active_protection_system | 1.81.0.08 |
| lenovo | active_protection_system | 1.77.0.11 |
| lenovo | active_protection_system | 1.82.0.03 |
In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | power_management | 1.67.12.23 |
| lenovo | power_management | 1.67.12.19 |
In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | connect2 | * |
If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | advanced_settings_utility | * |
| lenovo | toolscenter_dynamic_system_analysis | * |
| lenovo | updatexpress_system_pack_installer | * |
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | integrated_management_module_firmware | * |
| lenovo | integrated_management_module_firmware | * |
In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_usb_3.0_ethernet_adapter_driver | - |
Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | nerve_center | - |
An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_compact_usb_keyboard_driver | - |
An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | g8264t_firmware | * |
| ibm | virtual_fabric_10gb | * |
| ibm | g8264_firmware | * |
| lenovo | g8124e_firmware | * |
| ibm | en2092_1gb_firmware | * |
| ibm | g8264cs_firmware | * |
| ibm | g8124e_firmware | * |
| ibm | g8316_firmware | * |
| lenovo | g8296_firmware | * |
| lenovo | si4091_firmware | * |
| lenovo | fabric_cn4093_10gb_firmware | * |
| lenovo | g8332_firmware | * |
| ibm | g8052_firmware | * |
| lenovo | g8052_firmware | * |
| lenovo | g8264_firmware | * |
| lenovo | g8264cs_firmware | * |
| ibm | layer_2/3_copper_firmware | * |
| lenovo | fabric_en4093r_10gb_firmware | * |
| ibm | g8124_firmware | * |
| ibm | fabric_cn4093_10gb_firmware | * |
| ibm | 1:10g_firmware | * |
| ibm | fabric_en4093/en4093r_10gb_firmware | * |
| ibm | g8332_firmware | * |
| ibm | 1g_l2-7_slb | * |
| lenovo | g8272_firmware | * |
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_ts450_firmware | - |
| lenovo | thinkstation_p900_firmware | a6kt86a |
| lenovo | thinkcentre_m8500t/s_firmware | fbktc5a |
| lenovo | yangtian_mc_h110_firmware | m05kt61a |
| lenovo | thinkcentre_m7300z_firmware | fvkt42a |
| lenovo | thinkcentre_e73z_(aio)_firmware | fgkt49a |
| lenovo | ideacentre_300s-11ish_firmware | - |
| lenovo | thinkcentre_m700_firmware | m05kt54a |
| lenovo | thinkcentre_m93p_firmware | fbktc5a |
| lenovo | thinkstation_s30_(4352)_firmware | a2kt54a |
| lenovo | thinkcentre_e74s_firmware | m05kt54a |
| lenovo | thinkcentre_m4600t/s_firmware | m05kt54a |
| lenovo | thinkserver_rd540_firmware | a1tsb5a |
| lenovo | thinkcentre_e73s_firmware | fckt78a |
| lenovo | thinkstation_e31_firmware | 9skt97a |
| lenovo | yangtian_afq150_firmware | fwkt57a |
| lenovo | thinkcentre_edge_62z_firmware | f8kt40a |
| lenovo | thinkcentre_x1_aio_firmware | m0hkt32a |
| lenovo | yangtian_mc_carrizo-l_firmware | - |
| lenovo | thinkcentre_m8350z_firmware | fvkt42a |
| lenovo | thinkcentre_m7250z_firmware | fgkt46a |
| lenovo | thinkstation_s30_(4351)_firmware | a2kt54a |
| lenovo | thinkcentre_m700z_firmware | fvkt48a |
| lenovo | thinkserver_ts150_firmware | fbktc3a |
| lenovo | thinkcentre_m83_firmware | fbktcga |
| lenovo | thinkcentre_e93_firmware | fbktc5a |
| lenovo | thinkcentre_m715q_firmware | - |
| lenovo | thinkserver_rs140_firmware | fbkt91c |
| lenovo | m4500_id_firmware | fckt78a |
| lenovo | thinkcentre_m910t/s_firmware | - |
| lenovo | thinkcentre_e75_t/s_firmware | - |
| lenovo | m4550_id_firmware | fckt78a |
| lenovo | thinkcentre_m6600q_firmware | fwkt39a |
| lenovo | thinkcentre_m4500q_firmware | fhkt66a |
| lenovo | thinkserver_rd340_firmware | - |
| lenovo | thinkstation_p310_firmware | fwkt57a |
| lenovo | thinkstation_p300_firmware | fbktc6a |
| lenovo | thinkcentre_m83z_(aio)_firmware | fvkt42a |
| lenovo | yangtian_mc_godavari_firmware | m0lkt13a |
| lenovo | s200z_firmware | m09kt33a |
| lenovo | thinkcentre_m910q_firmware | - |
| lenovo | thinkserver_ts140_firmware | fbktc3a |
| lenovo | yangtian_afh81_firmware | fckt80a |
| lenovo | thinkcentre_m8300z_firmware | fvkt42a |
| lenovo | thinkcentre_m800z_firmware | fvkt42a |
| lenovo | thinkserver_ts250_firmware | - |
| lenovo | thinkstation_c30_(1137)_firmware | a1kt57a |
| lenovo | thinkcentre_m92p_firmware | 9skt95a |
| lenovo | thinkserver_rq750_firmware | 7.05 |
| lenovo | thinkserver_rd440_firmware | a0tsb5a |
| lenovo | thinkcentre_m6600t/s_firmware | fwkt39a |
| lenovo | thinkcentre_m8600t/s_firmware | fwkt39a |
| lenovo | thinkstation_p910_firmware | - |
| lenovo | yangtian_s3040_firmware | fgkt49a |
| lenovo | thinkserver_ts240_firmware | fbktc3a |
| lenovo | thinkcentre_e79_firmware | m0lkt12a |
| lenovo | thinkserver_rd640_firmware | a1tsb5a |
| lenovo | thinkcentre_m7200z_firmware | fgkt46a |
| lenovo | yangtian_me/we_h110_firmware | m05kt61a |
| lenovo | thinkcentre_m800_firmware | fwkt39a |
| lenovo | ideacentre_700_firmware | - |
| lenovo | thinkcentre_m4500t/s_firmware | fckt78a |
| lenovo | thinkcentre_m710t/s_firmware | - |
| lenovo | v320-15iap_firmware | - |
| lenovo | thinkstation_d30_(4353)_firmware | a3kt57a |
| lenovo | thinkcentre_m73_firmware | fckt78a |
| lenovo | m4500_firmware | fckt78a |
| lenovo | thinkcentre_m72e_firmware | f1kt71a |
| lenovo | thinkcentre_e93z_(aio)_firmware | ffkt43a |
| lenovo | thinkcentre_m73z_(aio)_firmware | fgkt46a |
| lenovo | ideacentre_510s-23isu_firmware | o2ekt24a |
| lenovo | thinkstation_p410_firmware | - |
| lenovo | yangtian_afh110_firmware | m05kt73a |
| lenovo | h50-30g_firmware | fckt78a |
| lenovo | thinkcentre_m4500k_firmware | fckt78a |
| lenovo | thinkstation_p320_firmware | - |
| lenovo | thinkstation_p500_firmware | a4kt86a |
| lenovo | yangtian_s800_firmware | ffkt43a |
| lenovo | thinkcentre_m6500t/s_firmware | fbktc5a |
| lenovo | thinkstation_p710_firmware | - |
| lenovo | thinkcentre_m8250z_firmware | fgkt46a |
| lenovo | thinkserver_td340_firmware | a3tsb5a |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | thinkcentre_e74_firmware | m05kt54a |
| lenovo | thinkcentre_m600_firmware | m00kt44a |
| lenovo | thinkstation_p700_firmware | a5kt86a |
| lenovo | yangtian_mf/wf_h81_firmware | fckt80a |
| lenovo | thinkcentre_e73_firmware | fckt78a |
| lenovo | thinkcentre_m610_firmware | - |
| lenovo | thinkcentre_m900z_firmware | fukt39a |
| lenovo | thinkcentre_m900_firmware | fwkt39a |
| lenovo | yangtian_mc_h81_firmware | fckt80a |
| lenovo | thinkcentre_e74z_firmware | fvkt48a |
| lenovo | 63_firmware | fckt78a |
| lenovo | thinkstation_d30_(4354)_firmware | a3kt57a |
| lenovo | ideacentre_300-20ish_firmware | - |
| lenovo | thinkserver_ts550_firmware | - |
| lenovo | thinkcentre_m9550z_firmware | fukt44a |
| lenovo | ideacentre_510s-08ish_firmware | - |
| lenovo | thinkcentre_m79_firmware | m0lkt12a |
| lenovo | thinkcentre_m8200z_firmware | fgkt46a |
| lenovo | thinkstation_e32_firmware | fbktc6a |
| lenovo | thinkcentre_m910x_firmware | - |
| lenovo | thinkcentre_m73p_firmware | fbktc5a |
| lenovo | thinkcentre_m9500z_firmware | fukt44a |
| lenovo | thinkcentre_m92_firmware | 9skt95a |
| lenovo | s500_firmware | m0kkt24a |
| lenovo | thinkstation_p510_firmware | - |
| lenovo | thinkcentre_m6600_firmware | fwkt39a |
| lenovo | thinkcentre_m93_firmware | fbktc5a |
| lenovo | thinkstation_c30_(1136)_firmware | a1kt57a |
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | bios | - |
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_t460p_bios | - |
| lenovo | thinkpad_l560_bios | - |
| lenovo | thinkpad_p50_bios | - |
| lenovo | thinkpad_p50s_bios | - |
| lenovo | thinkpad_s1_yoga_vpro_bios | - |
| lenovo | thinkpad_s3_yoga_14_bios | - |
| lenovo | thinkpad_s1_yoga_non_vpro_bios | - |
| lenovo | thinkpad_s1_yoga_non_vpro | - |
| lenovo | thinkpad_e450_bios | - |
| lenovo | thinkpad_t540 | - |
| lenovo | thinkpad_x240 | - |
| lenovo | thinkpad_t450s | - |
| lenovo | thinkpad_11e_broadwell_bios | - |
| lenovo | thinkpad_w550s | - |
| lenovo | thinkpad_s1_yoga_12_bios | - |
| lenovo | thinkpad_s3_s440_bios | - |
| lenovo | thinkpad_x1_yoga_bios | - |
| lenovo | thinkpad_x250_sharkbay | - |
| lenovo | thinkpad_11e_skylake_bios | - |
| lenovo | thinkpad_t440_bios | - |
| lenovo | thinkpad_l460_bios | - |
| lenovo | thinkpad_s1_yoga_vpro | - |
| lenovo | thinkpad_e565_bios | - |
| lenovo | thinkpad_e450c | - |
| lenovo | thinkpad_yoga_260_s1_bios | - |
| lenovo | thinkpad_w541_bios | - |
| lenovo | thinkpad_s3_s440 | - |
| lenovo | thinkpad_x1_carbon_20bx | - |
| lenovo | thinkpad_e450 | - |
| lenovo | thinkpad_t560_bios | - |
| lenovo | thinkpad_t440u_bios | - |
| lenovo | thinkpad_yoga_14_460_s3_bios | - |
| lenovo | thinkpad_e450c_bios | - |
| lenovo | thinkpad_s540_bios | - |
| lenovo | thinkpad_t440s_bios | - |
| lenovo | thinkpad_helix_20cg_bios | - |
| lenovo | thinkpad_t550 | - |
| lenovo | thinkpad_11e_beema_bios | - |
| lenovo | thinkpad_l540 | - |
| lenovo | thinkpad_l440_bios | - |
| lenovo | thinkpad_e460 | - |
| lenovo | thinkpad_p50s | - |
| lenovo | thinkpad_l540_bios | - |
| lenovo | thinkpad_edge_e540 | - |
| lenovo | thinkpad_p70_bios | - |
| lenovo | thinkpad_edge_e445 | - |
| lenovo | thinkpad_yoga_11e_bios | - |
| lenovo | thinkpad_x1_carbon_20ax_bios | - |
| lenovo | thinkpad_10_ella_2 | - |
| lenovo | thinkpad_t460p | - |
| lenovo | thinkpad_e465_bios | - |
| lenovo | thinkpad_tablet_8 | - |
| lenovo | thinkpad_edge_e540_bios | - |
| lenovo | thinkpad_11e_beema | - |
| lenovo | thinkpad_e550_bios | - |
| lenovo | thinkpad_tablet_8_bios | - |
| lenovo | thinkpad_yoga_14_460_s3 | - |
| lenovo | thinkpad_e455_bios | - |
| lenovo | thinkpad_x1_tablet | - |
| lenovo | thinkpad_x240s_bios | - |
| lenovo | thinkpad_x1_carbon_20ax | - |
| lenovo | thinkpad_x1_carbon_bios | - |
| lenovo | thinkpad_e555 | - |
| lenovo | thinkpad_t460s | - |
| lenovo | thinkpad_x1_yoga | - |
| lenovo | thinkpad_13e_bios | - |
| lenovo | thinkpad_yoga_11e_beema | - |
| lenovo | thinkpad_t540p_bios | - |
| lenovo | thinkpad_s5_e560p | - |
| lenovo | thinkpad_helix_20cg | - |
| lenovo | thinkpad_t440s | - |
| lenovo | thinkpad_yoga_11e_beema_bios | - |
| lenovo | thinkpad_helix_20ch | - |
| lenovo | thinkpad_l450 | - |
| lenovo | thinkpad_e555_bios | - |
| lenovo | thinkpad_11e_broadwell | - |
| lenovo | thinkpad_edge_e545 | - |
| lenovo | thinkpad_x1_carbon | - |
| lenovo | thinkpad_p50 | - |
| lenovo | thinkpad_x1_tablet_bios | - |
| lenovo | thinkpad_t440p | - |
| lenovo | thinkpad_t560 | - |
| lenovo | thinkpad_x240_bios | - |
| lenovo | thinkpad_s5_yoga_15 | - |
| lenovo | thinkpad_s3_yoga_14 | - |
| lenovo | thinkpad_x240s | - |
| lenovo | thinkpad_yoga_11e_skylake | - |
| lenovo | thinkpad_t460_bios | - |
| lenovo | thinkpad_helix_20ch_bios | - |
| lenovo | thinkpad_w541 | - |
| lenovo | thinkpad_tablet_10_bios | - |
| lenovo | thinkpad_w540_bios | - |
| lenovo | thinkpad_yoga_11e_skylake_bios | - |
| lenovo | thinkpad_t440 | - |
| lenovo | thinkpad_x250_broadwell | - |
| lenovo | thinkpad_edge_e440 | - |
| lenovo | thinkpad_e465 | - |
| lenovo | thinkpad_l560 | - |
| lenovo | thinkpad_x250_broadwell_bios | - |
| lenovo | thinkpad_e550 | - |
| lenovo | thinkpad_x140e_amd | - |
| lenovo | thinkpad_t450s_bios | - |
| lenovo | thinkpad_w550s_bios | - |
| lenovo | thinkpad_e455 | - |
| lenovo | thinkpad_t450_bios | - |
| lenovo | thinkpad_tablet_10 | - |
| lenovo | thinkpad_e550c | - |
| lenovo | thinkpad_t540_bios | - |
| lenovo | thinkpad_l450_bios | - |
| lenovo | thinkpad_x140e_amd_bios | - |
| lenovo | thinkpad_s5_yoga_15_bios | - |
| lenovo | thinkpad_yoga_11e_broadwell_bios | - |
| lenovo | thinkpad_e565 | - |
| lenovo | thinkpad_t550_bios | - |
| lenovo | thinkpad_x260_bios | - |
| lenovo | thinkpad_t440p_bios | - |
| lenovo | thinkpad_e560_bios | - |
| lenovo | thinkpad_11e_braswell | - |
| lenovo | thinkpad_yoga_11e | - |
| lenovo | thinkpad_13e | - |
| lenovo | thinkpad_11e_braswell_bios | - |
| lenovo | thinkpad_t460s_bios | - |
| lenovo | thinkpad_yoga_260_s1 | - |
| lenovo | thinkpad_e560 | - |
| lenovo | thinkpad_10_ella_2_bios | - |
| lenovo | thinkpad_x250_sharkbay_bios | - |
| lenovo | thinkpad_t540p | - |
| lenovo | thinkpad_yoga_11e_braswell | - |
| lenovo | thinkpad_t450 | - |
| lenovo | thinkpad_l460 | - |
| lenovo | thinkpad_edge_e445_bios | - |
| lenovo | thinkpad_p70 | - |
| lenovo | thinkpad_edge_e440_bios | - |
| lenovo | thinkpad_edge_e545_bios | - |
| lenovo | thinkpad_yoga_11e_broadwell | - |
| lenovo | thinkpad_s5_e560p_bios | - |
| lenovo | thinkpad_e460_bios | - |
| lenovo | thinkpad_t460 | - |
| lenovo | thinkpad_x260 | - |
| lenovo | thinkpad_s1_yoga_12 | - |
| lenovo | thinkpad_w540 | - |
| lenovo | thinkpad_e550c_bios | - |
| lenovo | thinkpad_11e_skylake | - |
| lenovo | thinkpad_t440u | - |
| lenovo | thinkpad_x1_carbon_20bx_bios | - |
| lenovo | thinkpad_l440 | - |
| lenovo | thinkpad_s540 | - |
| lenovo | thinkpad_yoga_11e_braswell_bios | - |
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_framework | - |
The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_framework | - |
The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-354,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_framework | - |
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_framework | - |
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | fingerprint_manager_pro | * |
An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | enterprise_network_operating_system | * |
Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m710t_firmware | * |
| lenovo | aio_e95_firmware | * |
| lenovo | thinkcentre_m710s_firmware | * |
A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | integrated_management_module_2 | * |
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | flex_system_x480_x6_bios | * |
| lenovo | flex_system_x880_bios | * |
| lenovo | system_x3850_x6_bios | * |
| lenovo | system_x3650_m5_bios | * |
| lenovo | system_x3950_x6_bios | * |
| lenovo | system_x3500_m5_bios | * |
| lenovo | flex_system_x240_m5_bios | * |
| lenovo | system_x3250_m6_bios | * |
| lenovo | system_x3550_m5_bios | * |
| lenovo | flex_system_x280_x6_bios | * |
| lenovo | nextscale_nx360_m5_bios | * |
Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_help | * |
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-755,CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | struts | 2.5.3 |
| apache | struts | 2.5.1 |
| oracle | weblogic_server | 12.2.1.2.0 |
| apache | struts | 2.3.14.3 |
| apache | struts | 2.3.20 |
| apache | struts | 2.3.20.1 |
| apache | struts | 2.3.11 |
| oracle | weblogic_server | 10.3.6.0.0 |
| apache | struts | 2.3.6 |
| apache | struts | 2.3.31 |
| apache | struts | 2.3.12 |
| apache | struts | 2.3.13 |
| apache | struts | 2.3.14.2 |
| apache | struts | 2.3.15.3 |
| netapp | oncommand_balance | - |
| apache | struts | 2.3.20.2 |
| lenovo | storage_v5030_firmware | 7.8.1.0 |
| apache | struts | 2.3.24.2 |
| apache | struts | 2.5.9 |
| ibm | storwize_v5000_firmware | 7.7.1.6 |
| oracle | weblogic_server | 12.1.3.0.0 |
| apache | struts | 2.3.21 |
| apache | struts | 2.3.16.1 |
| ibm | storwize_v7000_firmware | 7.7.1.6 |
| apache | struts | 2.3.10 |
| apache | struts | 2.5.8 |
| apache | struts | 2.3.26 |
| apache | struts | 2.3.8 |
| apache | struts | 2.3.14.1 |
| apache | struts | 2.3.20.3 |
| apache | struts | 2.3.23 |
| ibm | storwize_v7000_firmware | 7.8.1.0 |
| apache | struts | 2.3.17 |
| apache | struts | 2.3.15.1 |
| apache | struts | 2.3.14 |
| apache | struts | 2.3.16.2 |
| hp | server_automation | 10.0.0 |
| apache | struts | 2.3.28 |
| apache | struts | 2.3.30 |
| hp | server_automation | 10.1.0 |
| apache | struts | 2.5.2 |
| arubanetworks | clearpass_policy_manager | * |
| apache | struts | 2.3.5 |
| apache | struts | 2.3.24 |
| apache | struts | 2.3.27 |
| apache | struts | 2.5 |
| apache | struts | 2.3.19 |
| hp | server_automation | 9.1.0 |
| apache | struts | * |
| apache | struts | 2.5.10 |
| ibm | storwize_v3500_firmware | 7.7.1.6 |
| apache | struts | 2.3.24.3 |
| apache | struts | 2.3.15.2 |
| apache | struts | 2.3.28.1 |
| apache | struts | 2.3.25 |
| apache | struts | 2.3.15 |
| apache | struts | 2.5.4 |
| apache | struts | 2.3.16 |
| apache | struts | 2.3.29 |
| lenovo | storage_v5030_firmware | 7.7.1.6 |
| hp | server_automation | 10.5.0 |
| apache | struts | 2.3.9 |
| apache | struts | 2.3.22 |
| apache | struts | 2.5.7 |
| apache | struts | 2.5.6 |
| apache | struts | 2.3.24.1 |
| oracle | weblogic_server | 12.2.1.1.0 |
| ibm | storwize_v5000_firmware | 7.8.1.0 |
| ibm | storwize_v3500_firmware | 7.8.1.0 |
| apache | struts | 2.3.7 |
| apache | struts | 2.5.5 |
| apache | struts | 2.3.16.3 |
| hp | server_automation | 10.2.0 |
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| intel | core_i7 | 4790 |
| intel | core_i7 | 4950hq |
| intel | core_i5 | 4590t |
| lenovo | thinkpad_p71 | - |
| intel | core_i3 | 4130 |
| lenovo | thinkpad_l480 | - |
| intel | core_i5 | 8350u |
| intel | core_i7 | 4710mq |
| intel | core_i7 | 8500y |
| intel | core_i3 | 5010u |
| intel | core_i7 | 8850h |
| intel | core_i5 | 7y54 |
| intel | core_i7 | 4760hq |
| intel | core_i3 | 4160 |
| intel | core_i7 | 4600u |
| intel | core_i7 | 4785t |
| intel | core_i3 | 4340te |
| intel | core_i7 | 4910mq |
| intel | core_i5 | 8300h |
| lenovo | thinkpad_p52s | - |
| intel | core_i5 | 7200u |
| intel | core_i5 | 4402e |
| intel | core_i7 | 4980hq |
| intel | core_i5 | 4410e |
| intel | core_i3 | 5005u |
| intel | core_i5 | 6442eq |
| intel | core_i5 | 6500t |
| intel | core_i7 | 4790t |
| intel | core_i3 | 4170t |
| intel | core_i5 | 7300hq |
| intel | core_i5 | 5350u |
| intel | core_i3 | 4025u |
| intel | core_i3 | 4330 |
| intel | core_i7 | 4810mq |
| intel | core_i3 | 8300t |
| intel | core_i5 | 5200u |
| intel | core_i3 | 6102e |
| intel | core_i5 | 6260u |
| intel | core_i7 | 4702hq |
| intel | core_i5 | 7600k |
| intel | core_i7 | 6660u |
| intel | core_i5 | 7600 |
| intel | core_i5 | 4422e |
| intel | core_i7 | 4700mq |
| intel | core_i5 | 4200h |
| intel | core_i7 | 6700hq |
| intel | core_i3 | 8100 |
| intel | core_i5 | 7360u |
| intel | core_i5 | 8500 |
| intel | core_i3 | 8300 |
| intel | core_i3 | 7300 |
| intel | core_i7 | 6567u |
| intel | core_i7 | 4790k |
| intel | core_i5 | 5250u |
| intel | core_i5 | 6500te |
| intel | core_i5 | 7500t |
| intel | core_i7 | 6500u |
| intel | core_i3 | 4100m |
| intel | core_i3 | 4370t |
| intel | core_i3 | 7350k |
| intel | core_i3 | 4170 |
| intel | core_i7 | 7y75 |
| intel | core_i7 | 6820eq |
| intel | core_i7 | 4900mq |
| lenovo | thinkpad_e480 | - |
| intel | core_i3 | 4110e |
| intel | core_i3 | 6167u |
| intel | core_i7 | 4870hq |
| intel | core_i5 | 7440hq |
| intel | core_i3 | 6300t |
| intel | core_i7 | 4558u |
| lenovo | thinkpad_x1_tablet | - |
| intel | core_i5 | 6300hq |
| intel | core_i5 | 4260u |
| intel | core_i7 | 4722hq |
| intel | core_i7 | 5775r |
| intel | core_i5 | 4570te |
| intel | core_i7 | 7600u |
| intel | core_i3 | 6157u |
| intel | core_i3 | 4102e |
| intel | core_i7 | 6970hq |
| intel | core_i5 | 6440eq |
| intel | core_i3 | 4020y |
| intel | core_i7 | 5600u |
| intel | core_i3 | 4130t |
| intel | core_i7 | 7660u |
| intel | core_i7 | 8750h |
| intel | core_i5 | 8305g |
| intel | core_i7 | 6820hk |
| intel | core_i7 | 8700t |
| lenovo | thinkpad_x1_carbon | - |
| intel | core_i7 | 8700b |
| lenovo | thinkpad_p72 | - |
| intel | core_i5 | 4690t |
| intel | core_i7 | 6700 |
| intel | core_i3 | 4110m |
| intel | core_i5 | 6402p |
| intel | core_i5 | 8269u |
| intel | core_i7 | 4770 |
| intel | core_i3 | 4000m |
| intel | core_i5 | 4308u |
| intel | core_i5 | 8500t |
| intel | core_i5 | 4300u |
| intel | core_i7 | 6600u |
| intel | core_i3 | 6100t |
| intel | core_i7 | 4750hq |
| intel | core_i5 | 4400e |
| intel | core_i5 | 4302y |
| intel | core_i3 | 4030y |
| intel | core_i5 | 5575r |
| intel | core_i7 | 4770s |
| intel | core_i3 | 4100e |
| intel | core_i7 | 5850hq |
| lenovo | thinkpad_l580 | - |
| intel | core_i3 | 4360t |
| intel | core_i7 | 8565u |
| intel | core_i5 | 5300u |
| intel | core_i7 | 4770te |
| intel | core_i5 | 7260u |
| intel | core_i5 | 8400t |
| intel | core_i7 | 7560u |
| intel | core_i7 | 4765t |
| intel | core_i7 | 4770k |
| intel | core_i7 | 8705g |
| intel | core_i3 | 6100u |
| lenovo | thinkpad_yoga_370 | - |
| intel | core_i5 | 4310m |
| intel | core_i5 | 4330m |
| intel | core_i7 | 7700hq |
| intel | core_i3 | 7100h |
| intel | core_i3 | 4150t |
| lenovo | thinkpad_t470s | - |
| intel | core_i7 | 4610m |
| intel | core_i5 | 7267u |
| intel | core_i7 | 4700ec |
| intel | core_i3 | 4160t |
| intel | core_i3 | 7100e |
| intel | core_i7 | 6560u |
| intel | core_i7 | 6870hq |
| intel | core_i7 | 8559u |
| intel | core_i3 | 7320 |
| intel | core_i7 | 8700k |
| intel | core_i5 | 4430s |
| intel | core_i7 | 8650u |
| intel | core_i7 | 6770hq |
| intel | core_i5 | 6300u |
| intel | core_i7 | 4860hq |
| intel | core_i3 | 6100h |
| intel | core_i5 | 4200m |
| intel | core_i5 | 4300m |
| intel | core_i5 | 6267u |
| intel | core_i5 | 4570r |
| intel | core_i7 | 4702mq |
| intel | core_i3 | 4360 |
| intel | core_i7 | 8550u |
| intel | core_i5 | 4220y |
| intel | core_i3 | 4010u |
| intel | core_i5 | 8265u |
| intel | core_i5 | 4278u |
| lenovo | thinkpad_p52 | - |
| intel | core_i5 | 8250u |
| intel | core_i5 | 7400 |
| intel | core_i3 | 7100t |
| intel | core_i5 | 4202y |
| intel | core_i5 | 5287u |
| intel | core_i7 | 6785r |
| intel | core_i7 | 4771 |
| intel | core_i5 | 5675c |
| lenovo | thinkpad_e580 | - |
| intel | core_i3 | 4100u |
| lenovo | thinkpad_p51 | - |
| lenovo | thinkpad_t480 | - |
| intel | core_i5 | 4310u |
| intel | core_i3 | 4030u |
| intel | core_i7 | 5500u |
| intel | core_i5 | 8259u |
| intel | core_i7 | 5700hq |
| intel | core_i5 | 4670 |
| intel | core_i7 | 7700 |
| intel | core_i7 | 8809g |
| intel | core_i5 | 4460s |
| intel | core_i5 | 6600t |
| intel | core_i5 | 4200u |
| intel | core_i5 | 6287u |
| intel | core_i7 | 4710hq |
| intel | core_i5 | 6585r |
| intel | core_i3 | 7300t |
| intel | core_i5 | 7400t |
| intel | core_i7 | 4770r |
| intel | core_i5 | 7442eq |
| intel | core_i7 | 5700eq |
| intel | core_i3 | 8100t |
| intel | core_i5 | 4570 |
| intel | core_i5 | 4350u |
| intel | core_i5 | 4360u |
| intel | core_i5 | 4590s |
| intel | core_i5 | 4460t |
| intel | core_i5 | 4690k |
| intel | core_i5 | 6350hq |
| intel | core_i7 | 4712hq |
| intel | core_i7 | 7700k |
| intel | core_i5 | 7500 |
| intel | core_i7 | 6700te |
| intel | core_i7 | 4790s |
| intel | core_i7 | 7820hk |
| intel | core_i3 | 6320 |
| intel | core_i7 | 7820eq |
| intel | core_i3 | 7102e |
| intel | core_i3 | 7101e |
| lenovo | thinkpad_t470p | - |
| intel | core_i3 | 4350t |
| lenovo | thinkpad_l380 | - |
| lenovo | thinkpad_t480s | - |
| intel | core_i5 | 8400b |
| intel | core_i3 | 7167u |
| intel | core_i7 | 4800mq |
| intel | core_i3 | 7020u |
| intel | core_i5 | 4340m |
| intel | core_i5 | 4460 |
| intel | core_i5 | 8500b |
| intel | core_i3 | 6300 |
| intel | core_i5 | 8400h |
| intel | core_i3 | 7100u |
| intel | core_i5 | 4430 |
| intel | core_i5 | 4670s |
| intel | core_i5 | 7300u |
| intel | core_i7 | 4600m |
| intel | core_i5 | 6200u |
| intel | core_i7 | 6700k |
| intel | core_i5 | 5675r |
| intel | core_i5 | 5257u |
| intel | core_i7 | 5557u |
| intel | core_i5 | 7440eq |
| intel | core_i3 | 4120u |
| intel | core_i5 | 8600k |
| intel | core_i5 | 4210u |
| intel | core_i7 | 7700t |
| intel | core_i3 | 7100 |
| intel | core_i3 | 4340 |
| intel | core_i5 | 4300y |
| intel | core_i7 | 4712mq |
| lenovo | thinkpad_x280 | - |
| intel | core_i3 | 8350k |
| lenovo | thinkpad_x1_yoga | - |
| intel | core_i3 | 4150 |
| intel | core_i5 | 4210m |
| lenovo | thinkpad_t580 | - |
| intel | core_i5 | 4690s |
| intel | core_i9 | 8950hk |
| intel | core_i5 | 4288u |
| intel | core_i7 | 4500u |
| intel | core_i3 | 8100h |
| intel | core_i5 | 4570s |
| intel | core_i5 | 4590 |
| lenovo | thinkpad_l380_yoga | - |
| intel | core_i5 | 6400 |
| intel | core_i5 | 6600k |
| intel | core_i7 | 4510u |
| intel | core_i7 | 4770hq |
| intel | core_i5 | 4250u |
| intel | core_i5 | 8200y |
| intel | core_i7 | 5950hq |
| intel | core_i7 | 5550u |
| lenovo | thinkpad_t470 | - |
| intel | core_i3 | 6100e |
| intel | core_i7 | 5650u |
| intel | core_i7 | 8700 |
| intel | core_i3 | 6100te |
| intel | core_i5 | 4670k |
| intel | core_i7 | 5750hq |
| lenovo | thinkpad_t25 | - |
| intel | core_i7 | 6650u |
| lenovo | thinkpad_p51s | - |
| intel | core_i3 | 4010y |
| intel | core_i5 | 4258u |
| intel | core_i5 | 6685r |
| intel | core_i3 | 4330t |
| intel | core_i5 | 8400 |
| intel | core_i3 | 7130u |
| intel | core_i7 | 8086k |
| intel | core_i5 | 4210h |
| intel | core_i3 | 4350 |
| intel | core_i7 | 4610y |
| intel | core_i7 | 5775c |
| intel | core_i3 | 5015u |
| intel | core_i3 | 8109u |
| intel | core_i7 | 5820k |
| intel | core_i7 | 6920hq |
| lenovo | thinkpad_x270 | - |
| intel | core_i5 | 4670t |
| intel | core_i7 | 6820hq |
| intel | core_i7 | 4702ec |
| intel | core_i7 | 4720hq |
| intel | core_i5 | 6440hq |
| intel | core_i3 | 4370 |
| intel | core_i7 | 6700t |
| intel | core_i5 | 7287u |
| intel | core_i3 | 6006u |
| intel | core_i7 | 8706g |
| intel | core_i5 | 7600t |
| intel | core_i7 | 5850eq |
| intel | core_i7 | 7820hq |
| intel | core_i3 | 5157u |
| intel | core_i5 | 4570t |
| intel | core_i7 | 7567u |
| intel | core_i7 | 4770t |
| intel | core_i3 | 4330te |
| intel | core_i5 | 6400t |
| intel | core_i7 | 4850hq |
| intel | core_i3 | 8145u |
| lenovo | thinkpad_x380_yoga | - |
| intel | core_i3 | 6098p |
| intel | core_i5 | 4440s |
| intel | core_i5 | 6600 |
| intel | core_i7 | 4550u |
| intel | core_i5 | 4402ec |
| intel | core_i3 | 4158u |
| intel | core_i5 | 4670r |
| lenovo | thinkpad_11e | - |
| intel | core_i3 | 6100 |
| intel | core_i5 | 6500 |
| intel | core_i7 | 4700eq |
| intel | core_i5 | 5350h |
| intel | core_i3 | 5020u |
| intel | core_i7 | 4578u |
| intel | core_i5 | 8600 |
| intel | core_i3 | 4005u |
| intel | core_i5 | 4200y |
| intel | core_i5 | 6360u |
| intel | core_i5 | 7y57 |
| intel | core_i3 | 4112e |
| intel | core_i7 | 4700hq |
| intel | core_i3 | 7101te |
| intel | core_i7 | 7920hq |
| intel | core_i7 | 6822eq |
| intel | core_i7 | 4650u |
| lenovo | thinkpad_t570 | - |
| intel | core_i7 | 4960hq |
| intel | core_i7 | 7500u |
| intel | core_i5 | 4440 |
| intel | core_i3 | 4012y |
| intel | core_i5 | 4210y |
| intel | core_i7 | 8709g |
| intel | core_i5 | 8600t |
| intel | core_i3 | 8130u |
In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_integrator | * |
In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_integrator | * |
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x230_tablet_firmware | - |
| lenovo | thinkpad_twist_firmware | - |
| lenovo | thinkpad_t580_firmware | - |
| lenovo | thiankpad_l530_firmware | - |
| lenovo | thinkpad_x240_firmware | - |
| lenovo | thiankpad_p50s_firmware | - |
| lenovo | thinkpad_t460s_firmware | - |
| lenovo | thinkpad_x240s_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 19.3.4.219 |
| lenovo | thinkpad_x1_carbon_firmware | - |
| lenovo | thiankpad_p52s_firmware | - |
| lenovo | thinkpad_x220i_firmware | - |
| lenovo | thinkpad_t430i_firmware | - |
| lenovo | thinkpad_t440p_firmware | - |
| lenovo | thiankpad_p1_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 18.0.7.119 |
| lenovo | thinkpad_t470s_firmware | - |
| lenovo | thinkpad_t550_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 18.1.27.42 |
| lenovo | thinkpad_x230_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 19.0.17.140 |
| lenovo | thinkpad_t540p_firmware | - |
| lenovo | thinkpad_t540_firmware | - |
| lenovo | thinkpad_t440s_firmware | - |
| lenovo | thinkpad_t560_firmware | - |
| lenovo | thinkpad_w550s_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 16.2.19.23 |
| lenovo | thinkpad_x230i_firmware | - |
| lenovo | synaptics_thinkpad_ultranav_driver | 19.5.19.33 |
| lenovo | thiankpad_s1_yoga_firmware | - |
| lenovo | thinkpad_t440_firmware | - |
| lenovo | thinkpad_t520i_firmware | - |
| lenovo | thinkpad_x280_firmware | - |
| lenovo | thinkpad_x1_hybrid_firmware | - |
| lenovo | thinkpad_x1_firmware | - |
| lenovo | thinkpad_x230i_tablet_firmware | - |
| lenovo | thinkpad_t530_firmware | - |
| lenovo | thiankpad_l430_firmware | - |
| lenovo | thiankpad_t420i_firmware | - |
| lenovo | thinkpad_x1_yoga_firmware | - |
| lenovo | thinkpad_t420s_firmware | - |
| lenovo | thinkpad_yoga_11e_firmware | - |
| lenovo | thinkpad_helix_firmware | - |
| lenovo | thiankpad_t420_firmware | - |
| lenovo | thinkpad_t470_firmware | - |
| lenovo | thinkpad_t431s_firmware | - |
| lenovo | thinkpad_w541_firmware | - |
| lenovo | thinkpad_t530i_firmware | - |
| lenovo | thinkpad_w530_firmware | - |
| lenovo | thinkpad_t420si_firmware | - |
| lenovo | thiankpad_p70_firmware | - |
| lenovo | thinkpad_x220_firmware | - |
| lenovo | thinkpad_x230s_firmware | - |
| lenovo | thiankpad_p51_firmware | - |
| lenovo | thiankpad_x1_extreme_firmware | - |
| lenovo | thinkpad_t570_firmware | - |
| lenovo | thinkpad_x250_firmware | - |
| lenovo | thinkpad_t520_firmware | - |
| lenovo | thinkpad_t430s_firmware | - |
| lenovo | thinkpad_s230u_firmware | - |
| lenovo | thiankpad_s430_firmware | - |
| lenovo | thinkpad_w540_firmware | - |
| lenovo | thinkpad_x220_tablet_firmware | - |
| lenovo | thiankpad_p51s_firmware | - |
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | e42-80_isk_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_s1_firmware | * |
| lenovo | v310-15isk_firmware | * |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | e52-80_isk_firmware | * |
| lenovo | thinkpad_yoga_11e_firmware | * |
| lenovo | v510-14ikb_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | miix_720-12ikb_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | v310-14ikb_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | e42-80_firmware | * |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | v510-15ikb_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | v310-15ikb_firmware | * |
| lenovo | thinkpad_t25_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | e52-80_firmware | * |
| lenovo | v310-14isk_firmware | * |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.
CVSS 2.0
Severity: LOW
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovo_help | * |
The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | system_x3630_m4_firmware | * |
| ibm | flex_system_x240_m4_firmware | * |
| ibm | system_x3100_m5_firmware | * |
| ibm | system_x3650_m4_firmware | * |
| ibm | flex_system_x880_m4_firmware | * |
| ibm | system_x3250_m4_firmware | * |
| ibm | system_x3300_m4_firmware | * |
| ibm | system_x3530_m4_firmware | * |
| ibm | flex_system_x440_m4_firmware | * |
| ibm | idataplex_dx360_m4_water_cooled_firmware | * |
| ibm | flex_system_x222_m4_firmware | * |
| lenovo | system_x3750_m4_firmware | * |
| lenovo | system_x3950_x6_firmware | * |
| ibm | system_x3650_m4_hd_firmware | * |
| lenovo | flex_system_x280_x6_firmware | * |
| lenovo | flex_system_x880_firmware | * |
| lenovo | system_x3500_m5_firmware | * |
| ibm | bladecenter_hs22_firmware | * |
| ibm | flex_system_x280_m4_firmware | * |
| lenovo | flex_system_x440_m4_firmware | * |
| lenovo | system_x3250_m6_firmware | * |
| lenovo | system_x3850_x6_firmware | * |
| ibm | nextscale_nx360_m4_firmware | * |
| ibm | system_x3550_m4_firmware | * |
| ibm | flex_system_x220_m4_firmware | * |
| ibm | system_x3750_m4_firmware | * |
| ibm | system_x3950_x6_firmware | * |
| ibm | system_x3850_x6_firmware | * |
| lenovo | system_x3650_m5_firmware | * |
| lenovo | system_x3550_m5_firmware | * |
| ibm | bladecenter_hs23_firmware | * |
| lenovo | nextscale_nx360_m5_firmware | * |
| ibm | flex_system_x480_m4_firmware | * |
| ibm | idataplex_dx360_m4_firmware | * |
| ibm | system_x3500_m4_firmware | * |
| lenovo | flex_system_x240_m4_firmware | * |
| ibm | system_x3250_m5_firmware | * |
| lenovo | flex_system_x240_m5_firmware | * |
| lenovo | flex_system_x480_x6_firmware | * |
| ibm | bladecenter_hs23e_firmware | * |
| ibm | system_x3100_m4_firmware | * |
| ibm | system_x3650_m4_bd_firmware | * |
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H | 0.7 | 5.2 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | yoga_510-14isk_firmware | * |
| hp | nano110-14ikb_firmware | - |
| hp | 710s_plus_touch-13ikb_firmware | * |
| hp | 7000_u42_firmware | * |
| lenovo | v310-15isk_firmware | * |
| hp | lenovo_ideapad_flex_5-1570_firmware | * |
| hp | lenovo_ideapad_520s-14ikbr_firmware | - |
| hp | 320s-14ikb | * |
| hp | lenovo_ideapad_320-14ikb(i+a)_firmware | - |
| hp | ideapad_2in1_14_firmware | - |
| hp | lenovo_ideapad_flex_5-1470_firmware | * |
| hp | lenovo_tianyi_310-15ikb_firmware | - |
| hp | 320-17ikbrn | * |
| hp | lenovo_ideapad_320-15abr_firmware | - |
| hp | lenovo_ideapad_320-15ikb(i+n)_firmware | - |
| hp | b320-14ikb_firmware | - |
| hp | y520-15ikba_firmware | * |
| hp | lenovo_tianyi_310-14ikb_firmware | - |
| lenovo | v310-14ikb_firmware | * |
| hp | miix_720-12ikb | * |
| hp | 320-15ikbrn_touch_firmware | * |
| hp | yoga_720-13ikb_firmware | * |
| hp | v330-14isk_firmware | * |
| hp | yoga_720-15ikb_firmware | * |
| lenovo | v510-15ikb_firmware | * |
| hp | flex_5-1570_firmware | * |
| hp | 520s-14ikb_firmware | * |
| hp | 710s_plus-3ikb_firmware | * |
| hp | lenovo_y520-15ikba_firmware | * |
| hp | nano110-15ikb_firmware | * |
| hp | lenovo_v720-14_firmware | * |
| lenovo | e52-80_firmware | * |
| hp | 510s-14isk_firmware | * |
| hp | lenovo_ideapad_720s-14ikb_firmware | * |
| hp | lenovo_ideapad_320s-15ikbr_firmware | - |
| hp | 310s-14isk_firmware | * |
| hp | yoga_310-11iap_firmware | * |
| hp | flex_4-1470_firmware | * |
| hp | lenovo_ideapad_320-14ikb(i+n)_firmware | - |
| hp | v330-14ikb_firmware | * |
| lenovo | v510-14ikb_firmware | * |
| hp | rescuer_y520-15ikbm_firmware | * |
| hp | xiaoxinair13ikbpro_firmware | * |
| hp | r720-15ikbn_firmware | * |
| hp | lenovo_ideapad_y520-15ikbn_firmware | - |
| hp | rescuer_r720-15ikbm_firmware | * |
| hp | lenovo_yoga_520-14ikb_firmware | * |
| hp | lenovo_yoga_520-15ikb_firmware | * |
| hp | 7000-15_u42_firmware | * |
| hp | 320-15ikbra_firmware | * |
| hp | r720-15ikba_firmware | * |
| hp | e43-80_kbl_firmware | * |
| hp | y720-15ikb_firmware | * |
| lenovo | e42-80_firmware | * |
| hp | lenovo_y520-15ikbm_firmware | * |
| hp | y520-15ikbn_firmware | * |
| hp | 710s_plus-13ikb_16g_firmware | * |
| hp | 320-15ikbrn_firmware | * |
| hp | yoga_720-13ikbr_firmware | * |
| hp | lenovo_y720-15ikb_firmware | * |
| lenovo | v310-15ikb_firmware | * |
| hp | lenovo_ideapad_320s-14ikbr_firmware | - |
| hp | 320s-15isk_firmware | * |
| hp | flex_5-1470_firmware | * |
| hp | 520-15ikbrn_firmware | * |
| hp | 320s-15ikb_firmware | * |
| lenovo | v310-14isk_firmware | * |
| hp | 720s-13ikb_firmware | * |
For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_assistant | * |
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | chassis_management_module_firmware | * |
In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_integrator | * |
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | chassis_management_module_firmware | * |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovoemc_firmware | * |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovoemc_firmware | * |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovoemc_firmware | * |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lenovoemc_firmware | * |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storcenter_px12-450r_firmware | 4.1.402.34662 |
| lenovo | px12-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px6-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2_firmware | 4.1.402.34662 |
| lenovo | ez_media_&_backup_center_firmware | 4.1.402.34662 |
| lenovo | px4-400r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix4-300d_firmware | 4.1.402.34662 |
| lenovo | ix4-300d_firmware | 4.1.402.34662 |
| lenovo | px4-400d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px2-300d_firmware | 4.1.402.34662 |
| lenovo | px12-450r_firmware | 4.1.402.34662 |
| lenovo | px4-300r_firmware | 4.1.402.34662 |
| lenovo | storcenter_px4-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_ix2-dl_firmware | 4.1.402.34662 |
| lenovo | px4-300d_firmware | 4.1.402.34662 |
| lenovo | px2-300d_firmware | 4.1.402.34662 |
| lenovo | storcenter_px12-400r_firmware | 4.1.402.34662 |
| lenovo | px6-300d_firmware | 4.1.402.34662 |
| lenovo | ix2_firmware | 4.1.402.34662 |
In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_management_module_firmware | * |
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | system_x3630_m4_firmware | * |
| ibm | flex_system_x240_m4_firmware | * |
| ibm | system_x3100_m5_firmware | * |
| ibm | system_x3650_m4_firmware | * |
| ibm | system_x3250_m4_firmware | * |
| ibm | system_x3300_m4_firmware | * |
| ibm | system_x3530_m4_firmware | * |
| ibm | flex_system_x440_m4_firmware | * |
| ibm | idataplex_dx360_m4_water_cooled_firmware | * |
| ibm | flex_system_x280_x6_firmware | * |
| ibm | flex_system_x222_m4_firmware | * |
| lenovo | system_x3750_m4_firmware | * |
| ibm | flex_system_x880_x6_firmware | * |
| ibm | system_x3650_m4_hd_firmware | * |
| ibm | flex_system_x480_x6_firmware | * |
| lenovo | flex_system_x440_m4_firmware | * |
| ibm | system_x3550_m4_firmware | * |
| ibm | flex_system_x220_m4_firmware | * |
| ibm | system_x3750_m4_firmware | * |
| ibm | system_x3950_x6_firmware | * |
| ibm | system_x3850_x6_firmware | * |
| ibm | bladecenter_hs23_firmware | * |
| ibm | idataplex_dx360_m4_firmware | * |
| ibm | system_x3500_m4_firmware | * |
| lenovo | flex_system_x240_m4_firmware | * |
| ibm | system_x3250_m5_firmware | * |
| ibm | bladecenter_hs23e_firmware | * |
| ibm | system_x3100_m4_firmware | * |
| ibm | system_x3650_m4_bd_firmware | * |
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkserver_rd640_firmware | * |
| lenovo | thinkserver_td340_firmware | * |
| lenovo | thinkserver_rd440_firmware | * |
| lenovo | thinkserver_rd340_firmware | * |
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H | 2.8 | 4.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkstation_p920_firmware | - |
| intel | rapid_storage_technology_enterprise | * |
| lenovo | thinkstation_p520c_firmware | - |
| lenovo | thinkstation_p720_firmware | - |
| lenovo | thinkstation_p520_firmware | - |
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkstation_p920_firmware | - |
| intel | rapid_storage_technology_enterprise | * |
| lenovo | thinkstation_p520c_firmware | - |
| lenovo | thinkstation_p720_firmware | - |
| lenovo | thinkstation_p520_firmware | - |
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkstation_p910_firmware | - |
| lenovo | thinkstation_p410_firmware | - |
| lenovo | thinkstation_p510_firmware | - |
| lenovo | thinkstation_p710_firmware | - |
| intel | turbo_boost_max_technology_3.0 | * |
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | v730-15ikb_firmware | - |
| lenovo | v410z(yt_s4250)_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_l460_firmware | - |
| lenovo | v330-14ikb_firmware | - |
| lenovo | thinkpad_e575_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | b330-15ikbr_firmware | - |
| lenovo | thinkpad_yoga_370_firmware | - |
| lenovo | flex_5-1570(r)_firmware | - |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_a275_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | - |
| lenovo | thinkpad_s1_3rd_firmware | - |
| lenovo | aio310-20iap_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | yoga_730-13ikb_firmware | * |
| lenovo | miix_525-12ikb_firmware | - |
| lenovo | v720-14_firmware | - |
| lenovo | thinkpad_s5_firmware | - |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | v330-15ikb_firmware | - |
| lenovo | yoga_730-15ikb_firmware | * |
| lenovo | aio720-24ikb_firmware | * |
| lenovo | thinkpad_e480_firmware | - |
| lenovo | thinkpad_l480_firmware | - |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_t25_firmware | * |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | yoga_book_c930_firmware | - |
| lenovo | thinkpad_t470p_firmware | - |
| lenovo | 330-14ikbr_firmware | * |
| lenovo | thinkpad_l380_firmware | - |
| lenovo | yoga_520-14ikbr_firmware | - |
| lenovo | thinkpad_s3-s440_firmware | - |
| lenovo | k42-80_firmware | - |
| lenovo | thinkpad_e460_firmware | - |
| lenovo | thinkpad_e485_firmware | - |
| lenovo | thinkpad_e570_firmware | - |
| lenovo | thinkpad_p40_firmware | - |
| lenovo | thinkpad_l580_firmware | - |
| lenovo | thinkpad_e585_firmware | - |
| lenovo | thinkcentre_m800z_firmware | * |
| lenovo | thinkpad_11e_firmware | - |
| lenovo | aio520-24iku_firmware | * |
| lenovo | thinkcentre_m910z_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | 100e_2nd_gen_firmware | - |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_e565_firmware | - |
| lenovo | aio510-22ish_firmware | * |
| lenovo | thinkpad_s3_yoga_14_firmware | - |
| lenovo | thinkpad_e475_firmware | - |
| lenovo | thinkpad_x1_yoga_3rd_firmware | * |
| lenovo | thinkpad_t460_firmware | - |
| lenovo | flex_5-1470(r)_firmware | - |
| lenovo | v330-14isk_firmware | - |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | e43-80_firmware | - |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | thinkpad_e560_firmware | - |
| lenovo | aio510-23ish_firmware | * |
| lenovo | 330-15ikbr_touch_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | aio520-24ikl_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | thinkpad_a475_firmware | - |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | 330-17ikbr_firmware | * |
| lenovo | thinkpad_l470_firmware | - |
| lenovo | thinkpad_yoga_s1_firmware | * |
| lenovo | thinkpad_x260_firmware | - |
| lenovo | aio520-22iku_firmware | * |
| lenovo | thinkpad_e465_firmware | - |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | aio520-22ikl_firmware | * |
| lenovo | aio520-27ikl_firmware | * |
| lenovo | e53-80_firmware | - |
| lenovo | legion_y520t_z370_firmware | * |
| lenovo | thinkpad_e580_firmware | - |
| lenovo | thinkpad_t460p_firmware | - |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_13_firmware | - |
| lenovo | thinkpad_e470_firmware | - |
| lenovo | thinkpad_l380_yoga_firmware | - |
| lenovo | miix_520-12ikb_firmware | - |
| lenovo | yoga_720-12ikb_firmware | - |
| lenovo | yoga_14_firmware | - |
| lenovo | ideacentre_520s-23iku_firmware | * |
| lenovo | thinkpad_11e_yoga_firmware | - |
| lenovo | yoga_c930-13ikb_firmware | - |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | 330-15ikbr_firmware | * |
| lenovo | yoga_c930-13ikb_glass_firmware | - |
| lenovo | thinkpad_e560p_firmware | - |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | 300e_2nd_gen_firmware | - |
| lenovo | k43c-80_firmware | - |
| lenovo | thinkcentre_m700z_firmware | * |
| lenovo | thinkcentre_m900z_firmware | * |
| lenovo | thinkpad_x270_firmware | - |
| lenovo | thinkpad_x1_yoga_firmware | * |
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N | 0.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | probook_640_g5_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.3530.26 |
| synaptics | vfs75xx_firmware | 5.5.2734.1050 |
| lenovo | thinkpad_t480_firmware | * |
| hp | elitebook_x360_1030_g3_firmware | * |
| hp | elitebook_836_g6_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| hp | elitebook_x360_1020_g2_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.524.26 |
| hp | elitebook_840_g5_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | thinkpad_p51s_(20hx)_firmware | * |
| hp | elitebook_840_g6_healthcare_edition_firmware | * |
| hp | eliteone_1000_g2_firmware | * |
| hp | elitebook_x360_830_g6_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.17.1099 |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| hp | zbook_15u_g6_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_t25_(20k7)_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| hp | elitebook_846_g6_firmware | * |
| hp | probook_430_g6_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.35.1058 |
| lenovo | thinkpad_t470_(20jx)_firmware | * |
| hp | elitebook_745_g6_firmware | * |
| hp | pavilion_x360_firmware | * |
| hp | zbook_14u_g5_firmware | * |
| synaptics | vfs75xx_firmware | 5.1.3507.26 |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| hp | elitebook_x360_1040_g5_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| hp | elitebook_x360_830_g5_firmware | * |
| lenovo | thinkpad_t570(20jx)_firmware | * |
| lenovo | thinkpad_t570_(20hx)_firmware | * |
| hp | probook_455_g6_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.502.79 |
| lenovo | thinkpad_p71_(20hx)_firmware | * |
| lenovo | thinkpad_t470_(20hx)_firmware | * |
| hp | zbook_15_g5_firmware | * |
| hp | pro_x2_612_g2_firmware | * |
| hp | zhan_66_pro_13_g2_firmware | * |
| hp | zhan_x_13_g2_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.10.1100 |
| hp | elitebook_735_g5_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.320.26 |
| hp | zbook_17_g5_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.3109.26 |
| hp | probook_450_g6_firmware | * |
| lenovo | thinkpad_p51s_(20jx)_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.5024.26 |
| hp | elitebook_x360_1030_g2_firmware | * |
| hp | eliteone_1000_g1_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.512.1051 |
| lenovo | thinkpad_t470s_(20jx)_firmware | * |
| hp | elitebook_830_g6_firmware | * |
| hp | probook_445_g6_firmware | * |
| hp | elitebook_836_g5_firmware | * |
| hp | elitebook_840_g5_healthcare_edition_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_p51s_(20kx)_firmware | * |
| hp | mt45_firmware | * |
| hp | envy_x360_firmware | * |
| hp | zbook_studio_x360_g5_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| hp | zbook_studio_g5_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
| hp | spectre_x360_firmware | * |
| hp | elitebook_1050_g1_firmware | * |
| hp | zhan_66_pro_15_g2_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| hp | elitebook_846_g6_healthcare_edition_firmware | * |
| hp | probook_440_g6_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| hp | elitebook_846_g5_healthcare_edition_firmware | * |
| hp | zbook_15u_g5_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| lenovo | thinkpad_x1_carbon_(20hx)_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thankpad_a485_firmware | * |
| hp | elitebook_745_g5_firmware | * |
| hp | elitebook_x360_1040_g6_firmware | * |
| lenovo | thinkpad_r490_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| hp | zbook_14u_g6_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_s3_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.4.1116 |
| hp | elitebook_755_g5_firmware | * |
| hp | probook_445r_g6_firmware | * |
| lenovo | thinkpad_s1_3rd_firmware | * |
| lenovo | thinkpad_x1_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_x1_carbon_(20kx)_firmware | * |
| lenovo | thinkpad_x1_carbon_firmware | * |
| hp | elitebook_830_g5_firmware | * |
| hp | zhan_66_pro_14_g2_firmware | * |
| synaptics | vfs75xx_firmware | 5.1.337.26 |
| lenovo | thinkpad_x1_extreme_2nd_firmware | * |
| lenovo | thinkpad_a275_firmware | * |
| lenovo | thinkpad_e485_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.10.1106 |
| lenovo | thinkpad_t470s_(20hx)_firmware | * |
| lenovo | thinkpad_yoga_s1_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| hp | elitebook_846_g5_firmware | * |
| lenovo | thinkpad_x1_yoga_(20jx)_firmware | * |
| hp | elite_x2_1012_g2_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.17.1102 |
| lenovo | thinkpad_p1_firmware | * |
| hp | elite_x2_1013_g3_firmware | * |
| hp | elitebook_x360_1030_g4_firmware | * |
| hp | mt44_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkpad_e585_firmware | * |
| hp | elitebook_840_g6_firmware | * |
| lenovo | thinkpad_p1_gen_2_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| hp | elite_x2_g4_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| hp | probook_650_g5_firmware | * |
| hp | elite_slice_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| hp | elitebook_850_g6_firmware | * |
| synaptics | vfs75xx_firmware | 5.1.5.51 |
| synaptics | vfs75xx_firmware | 5.5.2810.1050 |
| hp | zbook_17_g6_firmware | * |
| hp | elitebook_1040_g4_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | thinkpad_25_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.8.1092 |
| hp | elitebook_850_g5_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| hp | zbook_15_g6_firmware | * |
| lenovo | thankpad_a475_firmware | * |
| synaptics | vfs75xx_firmware | 5.3.3541.26 |
| hp | elitebook_735_g6_firmware | * |
| lenovo | thinkpad_x1_tablet_(20jx)_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| hp | probook_455r_g6_firmware | * |
| lenovo | thinkpad_r590_firmware | * |
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-763,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_p50_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.15.1102 |
| synaptics | vfs75xx_firmware | 5.2.3530.26 |
| synaptics | vfs75xx_firmware | 5.5.2734.1050 |
| lenovo | thinkpad_t480_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.2811.1050 |
| lenovo | thinkpad_e490_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.524.26 |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | thinkpad_p51s_(20hx)_firmware | * |
| hp | envy_17-bw0xxx_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| hp | envy_15m-cn0xxx_x360_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_t25_(20k7)_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_t470_(20jx)_firmware | * |
| hp | envy_15-dr1xxx_x360_(validity_fps)_firmware | * |
| hp | pavilion_x360_14t-cd100_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.11.1106 |
| hp | envy_17-ce1xxx_firmware | * |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_t570(20jx)_firmware | * |
| lenovo | thinkpad_t570_(20hx)_firmware | * |
| hp | envy_-_17t-ce000_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_p71_(20hx)_firmware | * |
| lenovo | thinkpad_t470_(20hx)_firmware | * |
| synaptics | vfs75xx_firmware | 5.6.23.1000 |
| hp | pavilion_x360_-_15t-dq000_firmware | * |
| hp | envy_13-aq0xxx_firmware | * |
| hp | envy_15-cn1xxx_x360_firmware | * |
| hp | envy_13-aq1xxx_firmware | * |
| hp | envy_15-dr0xxx_x360_(validity_fps)_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| synaptics | vfs75xx_firmware | 6.0.32.1104 |
| synaptics | vfs75xx_firmware | 5.2.225.26 |
| synaptics | vfs75xx_firmware | 5.5.38.1058 |
| lenovo | thinkpad_p51s_(20jx)_firmware | * |
| hp | envy_15-cn0xxx_x360_firmware | * |
| lenovo | thinkpad_t470s_(20jx)_firmware | * |
| hp | pavilion_x360_-_15t-dq100_firmware | * |
| hp | envy_15-dr0xxx_x360_firmware | * |
| hp | envy_x360_-_15t-dr100_firmware | * |
| hp | envy_17m-ce0xxx_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| hp | envy_x360_-_15t-dr000_firmware | * |
| lenovo | thinkpad_p51s_(20kx)_firmware | * |
| hp | envy_-_13t-ah100_firmware | * |
| hp | envy_15m-dr1xxx_x360_firmware | * |
| hp | envy_17m-ce1xxx_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
| hp | spectre_x360_firmware | * |
| hp | envy_x360_-_15t-dr000_(validity_fps)_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| hp | envy_17-ce0xxx_firmware | * |
| hp | pavilion_14-dh0xxx_x360_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| synaptics | vfs75xx_firmware | 6.0.42.1107 |
| hp | envy_15m-dr1xxx_x360_(validity_fps)_firmware | * |
| lenovo | thinkpad_x1_carbon_(20hx)_firmware | * |
| hp | pavilion_14m-dh0xxx_x360_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| synaptics | vfs75xx_firmware | 5.2.318.26 |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thankpad_a485_firmware | * |
| hp | envy_15m-dr0xxx_x360_(validity_fps)_firmware | * |
| lenovo | thinkpad_r490_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_s3_firmware | * |
| hp | pavilion_x360_14t-dh000_firmware | * |
| lenovo | thinkpad_s1_3rd_firmware | * |
| lenovo | thinkpad_x1_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_x1_carbon_(20kx)_firmware | * |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | thinkpad_x1_extreme_2nd_firmware | * |
| lenovo | thinkpad_a275_firmware | * |
| lenovo | thinkpad_e485_firmware | * |
| hp | pavilion_15_firmware | * |
| hp | envy_-_17t-bw000_firmware | * |
| lenovo | thinkpad_t470s_(20hx)_firmware | * |
| lenovo | thinkpad_yoga_s1_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| lenovo | thinkpad_x1_yoga_(20jx)_firmware | * |
| lenovo | thinkpad_p1_firmware | * |
| hp | envy_15m-dr0xxx_x360_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkpad_e585_firmware | * |
| lenovo | thinkpad_p1_gen_2_firmware | * |
| hp | pavilion_x360_-_14t-cd000_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| hp | envy_-_17t-ce100_firmware | * |
| synaptics | vfs75xx_firmware | 5.3.3539.26 |
| hp | envy_13-ah1xxx_firmware | * |
| hp | envy_x360_-_15t-dr100_(validity_fps)_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| hp | envy_x360_-_15t-cn000_firmware | * |
| hp | pavilion_14m-cd0xxx_x360_firmware | * |
| lenovo | thinkpad_25_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.8.1096 |
| hp | pavilion_14-cd1xxx_x360_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thankpad_a475_firmware | * |
| lenovo | thinkpad_x1_tablet_(20jx)_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.10.1093 |
| hp | envy_-_13t-aq100_firmware | * |
| hp | pavilion_14-cd2xxx_x360_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| synaptics | vfs75xx_firmware | 6.0.14.1108 |
| hp | envy_15-dr1xxx_x360_firmware | * |
| lenovo | thinkpad_r590_firmware | * |
| hp | envy_17m-bw0xxx_firmware | * |
| synaptics | vfs75xx_firmware | 5.5.3.1116 |
| hp | envy_13-ah0xxx_firmware | * |
Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideacentre_310s-08iap_firmware | * |
| lenovo | legion_y720_tower_firmware | * |
| lenovo | thinkcentre_m8300z_firmware | * |
| lenovo | v410z(yt_s4250)_firmware | * |
| lenovo | thinkpad_l460_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | lenovo_v320-15iap_firmware | * |
| lenovo | thinkcentre_m7300z_firmware | * |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | legion_y920_tower_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkcentre_m6600t/s_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | yangtian_mc_h110_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | ideacentre_310a-15iap_firmware | * |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | * |
| lenovo | aio310-20iap_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | yangtian_mc_h110_pci_firmware | * |
| lenovo | thinkcentre_m910q_firmware | * |
| lenovo | thinkcentre_m9500z_firmware | * |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | aio720-24ikb_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_t25_firmware | * |
| lenovo | ideacentre_620s-03ikl_firmware | * |
| lenovo | ideacentre_610s-02ish_firmware | * |
| lenovo | thinkserver_ts140_firmware | * |
| lenovo | thinkcentre_m8350z_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkcentre_e95z_firmware | * |
| lenovo | thinkcentre_m715q_firmware | * |
| lenovo | aio_910-27ish_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkserver_ts150_firmware | * |
| lenovo | thinkserver_ts550_firmware | * |
| lenovo | thinkcentre_m710t/s_firmware | * |
| lenovo | thinkcentre_m710e_firmware | * |
| lenovo | ideacentre_510s-08ish_firmware | * |
| lenovo | ideacentre_700_firmware | * |
| lenovo | ideacentre_510s-08ikl_firmware | * |
| lenovo | thinkcentre_m9550z_firmware | * |
| lenovo | yangtian_afq150_firmware | * |
| lenovo | thinkcentre_m800z_firmware | * |
| lenovo | thinkcentre_m8600t/s_firmware | * |
| lenovo | thinkpad_l470_firmware | * |
| lenovo | yangtian_tc/wc_h110_pci_firmware | * |
| lenovo | aio520-24iku_firmware | * |
| lenovo | thinkcentre_m910x_firmware | * |
| lenovo | thinkcentre_e74z_firmware | * |
| lenovo | thinkpad_x250_firmware | * |
| lenovo | thinkcentre_m910z_firmware | * |
| lenovo | thinkstation_p310_firmware | * |
| lenovo | thinkserver_ts450_firmware | * |
| lenovo | thinkpad_l450_firmware | * |
| lenovo | thinkcentre_m800_firmware | * |
| lenovo | ideacentre_310-15asr_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | yangtian_me/we_h110_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | aio510-22ish_firmware | * |
| lenovo | thinkcentre_m900_firmware | * |
| lenovo | thinkserver_ts240_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | legion_y720t_amd_firmware | * |
| lenovo | thinkcentre_m700t/s_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | yangtian_mf/wf_h110_pci_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | yangtian_ytm6900e-00_firmware | * |
| lenovo | aio510-23ish_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | aio520-24ikl_firmware | * |
| lenovo | ideacentre_510-15abr_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | sydney_e3_h110_firmware | * |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | ideacentre_300s-11ish_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | thinkpad_s3_3rd_gen_firmware | * |
| lenovo | thinkpad_a275_firmware | * |
| lenovo | thinkstation_p318_firmware | * |
| lenovo | aio520-22iku_firmware | * |
| lenovo | yangtian_afh110_firmware | * |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | thinkpad_l380_firmware | * |
| lenovo | aio300-23isu_firmware | * |
| lenovo | thinkpad_13_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | ideacentre_310-15iap_firmware | * |
| lenovo | v310z(yt_s3150)_firmware | * |
| lenovo | thinkcentre_m710q_firmware | * |
| lenovo | aio520-22ikl_firmware | * |
| lenovo | thinkpad_t450_firmware | * |
| lenovo | thinkcentre_m6600q_firmware | * |
| lenovo | aio520-27ikl_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | legion_y520t_z370_firmware | * |
| lenovo | thinkcentre_m715t/s_firmware | * |
| lenovo | ideacentre_510-15ikl_firmware | * |
| lenovo | thinkpad_t450s_firmware | * |
| lenovo | v510z_(yt_s5250)_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkcentre_m910_t/s_firmware | * |
| lenovo | thinkpad_a475_firmware | * |
| lenovo | ideacentre_720-18asr_firmware | * |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | qt_a7400_firmware | * |
| lenovo | yta8900f_firmware | * |
| lenovo | thinkstation_p320_tiny_firmware | * |
| lenovo | ideacentre_520s-23iku_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkstation_p320_firmware | * |
| lenovo | thinkcentre_e74s_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkcentre_m700q_firmware | * |
| lenovo | thinkserver_ts250_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkcentre_x1_aio_firmware | * |
| lenovo | thinkpad_l13_yoga_firmware | * |
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | * |
| lenovo | thinkcentre_m700z_firmware | * |
| lenovo | thinkcentre_m900z_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| lenovo | thinkcentre_m6600_firmware | * |
| lenovo | yangtian_s4150_firmware | * |
| lenovo | thinkstation_p330_firmware | * |
| lenovo | aio_y910-27ish_firmware | * |
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.9 | HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N | 1.5 | 5.8 |
| nvd@nist.gov | 6.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N | 0.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | 2.6.0 |
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-601,CWE-601,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ez_media_&_backup_center_ix2_firmware | * |
| lenovo | ez_media_&_backup_center_ix2-dl_firmware | * |
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | dynamic_power_reduction | * |
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | bootable_usb | * |
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVSS 2.0
Severity: LOW
Problem Type: CWE-667,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m910s_firmware | * |
| lenovo | v530-24icb(yt_s5350)_firmware | * |
| lenovo | v410z(yt_s4250)_firmware | * |
| lenovo | thinkcentre_e93_(twr)_firmware | * |
| lenovo | thinkcentre_m4500t_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | yangtian_ytm6900e-00_firmware | - |
| lenovo | m4500_id_firmware | - |
| lenovo | thinkcentre_e73_(sff)_firmware | - |
| lenovo | thinkstation_p520_firmware | - |
| lenovo | thinkcentre_m710e_firmware | - |
| lenovo | yangtian_mc_h81_firmware | - |
| lenovo | aio520-22ikl_firmware | - |
| lenovo | thinkpad_e570p_firmware | * |
| lenovo | thinkstation_p920_firmware | - |
| lenovo | thinkcentre_e73_(twr)_firmware | - |
| lenovo | thinkcentre_m4500s_firmware | - |
| lenovo | thinkcentre_m920z_firmware | - |
| lenovo | ideacentre_300s-11ish_firmware | - |
| lenovo | qitian_m4650_firmware | - |
| lenovo | lenovo_63_firmware | - |
| lenovo | thinkstation_p300_firmware | * |
| lenovo | legion_y520t_z370_firmware | - |
| lenovo | aio520-22iku_firmware | - |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | thinkcentre_m93_firmware | * |
| lenovo | thinkcentre_m910q_firmware | * |
| lenovo | yangtian_mf/wf_h110_pci_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | thinkcentre_m710t_firmware | - |
| lenovo | legion_c530-19icb_firmware | * |
| lenovo | thinkcentre_m4500k_firmware | - |
| lenovo | thinkcentre_m700s_firmware | - |
| lenovo | thinkcentre_m73_(sff)_firmware | - |
| lenovo | thinkcentre_m6600s_firmware | * |
| lenovo | thinkcentre_m93p_(sff)_firmware | * |
| lenovo | thinkcentre_e74_firmware | - |
| lenovo | aio520-24ikl_firmware | - |
| lenovo | ideacentre_510a-15icb_firmware | * |
| lenovo | thinkcentre_m6500t_firmware | * |
| lenovo | thinkcentre_e74z_firmware | - |
| lenovo | thinkcentre_m910t_firmware | * |
| lenovo | thinkcentre_m4600s_firmware | - |
| lenovo | thinkstation_s30_refresh_firmware | - |
| lenovo | 530s-07icb_firmware | - |
| lenovo | thinkcentre_e95z_firmware | * |
| lenovo | aio_910-27ish_firmware | * |
| lenovo | thinkcentre_e96z_firmware | * |
| lenovo | thinkcenter_m700z_firmware | - |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkcentre_m800z_firmware | - |
| lenovo | ideacentre_620s-03ikl_firmware | - |
| lenovo | yangtian_me/we_h110_firmware | - |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | qt_m410_firmware | - |
| lenovo | thinkstation_c30_refresh_firmware | - |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkcentre_e93_(sff)_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | qt_a7400_firmware | - |
| lenovo | v530-22icb(yt_s4350)_firmware | * |
| lenovo | thinkcentre_m700t_firmware | - |
| lenovo | thinkcentre_m818z_firmware | - |
| lenovo | thinkpad_e560p_firmware | * |
| lenovo | thinkcentre_m8500s_firmware | * |
| lenovo | ideacentre_700_firmware | * |
| lenovo | qitian_m4550_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | qitian_4500_firmware | - |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkstation_d30_refresh_firmware | - |
| lenovo | thinkstation_p700_firmware | - |
| lenovo | yangtian_afq150_firmware | * |
| lenovo | qt_m415_firmware | - |
| lenovo | thinkcentre_m9500z_firmware | - |
| lenovo | legion_y720_tower_firmware | - |
| lenovo | aio520-24iku_firmware | - |
| lenovo | 330-15igm_firmware | * |
| lenovo | 510s-08ikl_firmware | - |
| lenovo | m4550_id_firmware | - |
| lenovo | thinkcentre_m6600t_firmware | * |
| lenovo | thinkcentre_m73_(twr)_firmware | - |
| lenovo | thinkcentre_m910z_firmware | - |
| lenovo | thinkcentre_m700z_firmware | - |
| lenovo | thinkstation_p520c_firmware | - |
| lenovo | qt_b415_firmware | - |
| lenovo | thinkcentre_m910x_firmware | * |
| lenovo | thinkstation_p720_firmware | - |
| lenovo | thinkcentre_m83_(tiny)_firmware | * |
| lenovo | thinkcentre_m7300z_firmware | - |
| lenovo | thinkcentre_m8500t_firmware | * |
| lenovo | thinkstation_p910_firmware | - |
| lenovo | thinkcentre_m900z_firmware | - |
| lenovo | thinkcentre_e75s_firmware | - |
| lenovo | thinkcentre_m8350z_firmware | - |
| lenovo | qitian_b4650_firmware | - |
| lenovo | qitian_b4550_firmware | - |
| lenovo | thinkpad_e480_firmware | * |
| lenovo | thinkcentre_m83z_(aio)_firmware | - |
| lenovo | thinkcentre_m800_firmware | * |
| lenovo | qitian_m4600_firmware | - |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | aio520-27ikl_firmware | - |
| lenovo | thinkcentre_m900_firmware | * |
| lenovo | thinkcentre_m8600t_firmware | * |
| lenovo | 510-15ikl_firmware | - |
| lenovo | yangtian_ms/ws_h81_firmware | - |
| lenovo | thinkcentre_m93p_tiny_firmware | * |
| lenovo | ideacentre_720-18icb_firmware | * |
| lenovo | thinkcentre_e74s_firmware | - |
| lenovo | yangtian_tc/wc_h110_pci_firmware | - |
| lenovo | yangtian_mf/wf_h81_pci_firmware | - |
| lenovo | legion_t530-28icb_firmware | * |
| lenovo | thinkstation_p500_firmware | - |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | yangtian_tc/wcc_h81_pci_firmware | - |
| lenovo | thinkstation_p410_firmware | - |
| lenovo | thinkcentre_m8600s_firmware | * |
| lenovo | aio_y910-27ish_firmware | - |
| lenovo | thinkstation_e32_firmware | * |
| lenovo | legion_c730-19ico_firmware | * |
| lenovo | thinkcentre_m710s_firmware | - |
| lenovo | yangtian_afh110_firmware | - |
| lenovo | thinkstation_p318_firmware | * |
| lenovo | thinkcentre_m4500q_firmware | - |
| lenovo | thinkstation_p710_firmware | - |
| lenovo | thinkcentre_s510_firmware | - |
| lenovo | ideacentre_510-15icb_firmware | * |
| lenovo | v520t-15ikl_firmware | - |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | v310z(yt_s3150)_firmware | * |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | yangtian_afh81_firmware | - |
| lenovo | legion_t730-28ico_firmware | * |
| lenovo | thinkcentre_m710q_firmware | * |
| lenovo | ideacentre_730s-24ikb_firmware | * |
| lenovo | 330-14igm_firmware | * |
| lenovo | thinkcentre_m6600q_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkcentre_x1_aio_firmware | - |
| lenovo | v510z_(yt_s5250)_firmware | * |
| lenovo | thinkcentre_e75t_firmware | - |
| lenovo | thinkcentre_m9550z_firmware | - |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkcentre_m73_tiny_firmware | - |
| lenovo | yangtian_mc_h110_pci_firmware | - |
| lenovo | yta8900f_firmware | * |
| lenovo | thinkstation_p320_tiny_firmware | * |
| lenovo | v520s-08ikl_firmware | - |
| lenovo | thinkcentre_m610_firmware | * |
| lenovo | ideacentre_520s-23iku_firmware | * |
| lenovo | thinkcenter_m800z_firmware | - |
| lenovo | legion_y920_tower_firmware | - |
| lenovo | thinkcentre_m6500s_firmware | * |
| lenovo | thinkcentre_m4600t_firmware | - |
| lenovo | thinkcentre_m83_(twr)_firmware | * |
| lenovo | yangtian_mc_h110_firmware | - |
| lenovo | ideacentre_300-20ish_firmware | - |
| lenovo | thinkcentre_m93p_(twr)_firmware | * |
| lenovo | thinkstation_p320_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkcentre_e73s_firmware | - |
| lenovo | aio300-23isu(c5130)_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkcentre_m700q_firmware | * |
| lenovo | m4500_firmware | - |
| lenovo | ideacentre_510s-08ish_firmware | - |
| lenovo | thinkstation_p900_firmware | - |
| lenovo | thinkcentre_m8300z_firmware | - |
| lenovo | thinkcentre_m6600_firmware | * |
| lenovo | thinkpad_s5_firmware | * |
| lenovo | h50-30g_desktop_firmware | - |
| lenovo | thinkstation_p330_firmware | * |
| lenovo | thinkstation_p510_firmware | - |
| lenovo | thinkcentre_m83_(sff)_firmware | * |
| lenovo | thinkcentre_m73p_firmware | * |
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | system_x3630_m4_firmware | * |
| ibm | flex_system_x240_m4_firmware | * |
| ibm | system_x3100_m5_firmware | * |
| ibm | system_x3650_m4_firmware | * |
| ibm | flex_system_x880_m4_firmware | * |
| ibm | system_x3250_m4_firmware | * |
| ibm | system_x3300_m4_firmware | * |
| ibm | system_x3530_m4_firmware | * |
| ibm | flex_system_x440_m4_firmware | * |
| ibm | idataplex_dx360_m4_water_cooled_firmware | * |
| ibm | flex_system_x222_m4_firmware | * |
| lenovo | system_x3750_m4_firmware | * |
| lenovo | system_x3950_x6_firmware | * |
| ibm | system_x3650_m4_hd_firmware | * |
| lenovo | flex_system_x280_x6_firmware | * |
| lenovo | flex_system_x880_firmware | * |
| lenovo | system_x3500_m5_firmware | * |
| ibm | bladecenter_hs22_firmware | * |
| ibm | flex_system_x280_m4_firmware | * |
| lenovo | flex_system_x440_m4_firmware | * |
| lenovo | system_x3250_m6_firmware | * |
| lenovo | system_x3850_x6_firmware | * |
| ibm | nextscale_nx360_m4_firmware | * |
| ibm | system_x3550_m4_firmware | * |
| ibm | flex_system_x220_m4_firmware | * |
| ibm | system_x3750_m4_firmware | * |
| ibm | system_x3950_x6_firmware | * |
| ibm | system_x3850_x6_firmware | * |
| lenovo | system_x3650_m5_firmware | * |
| lenovo | system_x3550_m5_firmware | * |
| ibm | bladecenter_hs23_firmware | * |
| lenovo | nextscale_nx360_m5_firmware | * |
| ibm | flex_system_x480_m4_firmware | * |
| ibm | idataplex_dx360_m4_firmware | * |
| ibm | system_x3500_m4_firmware | * |
| lenovo | flex_system_x240_m4_firmware | * |
| ibm | system_x3250_m5_firmware | * |
| lenovo | flex_system_x240_m5_firmware | * |
| lenovo | flex_system_x480_x6_firmware | * |
| ibm | bladecenter_hs23e_firmware | * |
| ibm | system_x3100_m4_firmware | * |
| ibm | system_x3650_m4_bd_firmware | * |
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_x3400_m3_firmware | - |
| lenovo | system_x3690_x5_firmware | - |
| lenovo | system_x3500_m2_firmware | - |
| lenovo | system_x3950_x5_firmware | - |
| lenovo | system_x3500_m3_firmware | - |
| lenovo | system_x_idataplex_dx360_m3_firmware | - |
| lenovo | bladecenter_hs22v_firmware | - |
| lenovo | system_x3850_x5_firmware | - |
| lenovo | bladecenter_hx5_firmware | - |
| lenovo | system_x3630_m3_firmware | - |
| lenovo | system_x_idataplex_dx360_m2_firmware | - |
| lenovo | system_x3560_m2_firmware | - |
| lenovo | bladecenter_hs22_firmware | - |
| lenovo | system_x3650_m3_firmware | - |
| lenovo | system_x3550_m3_firmware | - |
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ix12-300r_firmware | * |
| lenovo | px12-350r_firmware | * |
| lenovo | storcenter_ix4-200rl_firmware | * |
| lenovo | storcenter_ix2-200_firmware | * |
| lenovo | storcenter_ix4-200d_firmware | * |
| lenovo | home_media_network_hard_drive_firmware | * |
An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | cp_storage_block_firmware | * |
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | yoga_700-14isk_firmware | - |
| lenovo | yoga_700-11isk_firmware | - |
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_bridge | * |
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_bridge | * |
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_bridge | * |
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | service_bridge | * |
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | - |
| lenovo | yangtian_ytm6900e-00_firmware | - |
| lenovo | v330-14ikb_firmware | - |
| lenovo | thinkpad_t440s_firmware | * |
| lenovo | thinkpad_tablet_8_firmware | - |
| lenovo | aio520-22ikl_firmware | - |
| lenovo | legion_t730-28ico_firmware | - |
| lenovo | legion_y7000p-1060_firmware | - |
| lenovo | rescuer_y7000(1060)_firmware | - |
| lenovo | flex_5-1570(r)_firmware | - |
| lenovo | thinkcentre_m910s_firmware | - |
| lenovo | thinkpad_e490_firmware | - |
| lenovo | thinkpad_s3_3rd_gen_firmware | - |
| lenovo | thinkpad_x1_extreme_firmware | - |
| lenovo | thinkpad_l450_firmware | - |
| lenovo | thinkcentre_m920s_firmware | - |
| lenovo | thinkcentre_m710t_firmware | - |
| lenovo | l340-15iwl_firmware | - |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | thinkpad_t440_firmware | * |
| lenovo | thinkcentre_e74z_firmware | - |
| lenovo | thinkcentre_m715q_firmware | - |
| lenovo | thinkcentre_m800z_firmware | - |
| lenovo | thinkpad_s531_firmware | * |
| lenovo | thinkcentre_m6600_firmware | - |
| lenovo | thinkcentre_m920x_firmware | - |
| lenovo | rescuer_y7000p(1060)_firmware | - |
| lenovo | s340-14iwl_firmware | - |
| lenovo | a340-24_iwl_firmware | - |
| lenovo | 510s-08ikl_firmware | - |
| lenovo | thinkcentre_m700z_firmware | - |
| lenovo | s540-15iwl_firmware | - |
| lenovo | qt_b415_firmware | - |
| lenovo | thinkpad_p51s_firmware | - |
| lenovo | thinkpad_yoga_260-s1_firmware | - |
| lenovo | thinkpad_t570_firmware | - |
| lenovo | thinkcentre_m900z_firmware | - |
| lenovo | thinkcentre_m93z_(aio)_firmware | - |
| lenovo | yoga530-14ikb_firmware | - |
| lenovo | thinkpad_t450_firmware | - |
| lenovo | aio520-27ikl_firmware | - |
| lenovo | 330-17ikbr_firmware | - |
| lenovo | thinkpad_t460_firmware | - |
| lenovo | thinkpad_e550_firmware | - |
| lenovo | thinkcentre_e73_firmware | - |
| lenovo | s145-14iwl_firmware | - |
| lenovo | thinkstation_p318_firmware | - |
| lenovo | thinkpad_e560_firmware | - |
| lenovo | thinkpad_t480s_firmware | - |
| lenovo | legion_y730-15ich_firmware | - |
| lenovo | thinkcentre_m715t_firmware | - |
| lenovo | ideacentre_730s-24ikb_firmware | - |
| lenovo | s145-15ikb_firmware | - |
| lenovo | aio_330-20ast_firmware | - |
| lenovo | 330-14ikbr_firmware | - |
| lenovo | thinkpad_p72_firmware | - |
| lenovo | thinkstation_p300_firmware | - |
| lenovo | thinkcentre_m90n-1_firmware | - |
| lenovo | thinkstation_p320_firmware | - |
| lenovo | miix_720-12ikb_firmware | - |
| lenovo | thinkpad_l470_firmware | - |
| lenovo | thinkcentre_m4500q_firmware | - |
| lenovo | zhaoyang_e43-80_kbl_firmware | - |
| lenovo | aio_520-24ast_firmware | - |
| lenovo | yangtian_mf_h81_pci_firmware | - |
| lenovo | 530s-15ikb_firmware | - |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | a340-22_iwl_firmware | - |
| lenovo | thinkpad_p53s_firmware | - |
| lenovo | a340-22icb_firmware | - |
| lenovo | v110-15ikb_firmware | - |
| lenovo | flex-14iwl_firmware | - |
| lenovo | thinkcentre_m8600t_firmware | - |
| lenovo | xiaoxin_air_13iwl_firmware | - |
| lenovo | thinkcentre_m610_firmware | - |
| lenovo | thinkpad_t460p_firmware | - |
| lenovo | thinkpad_e490s_firmware | - |
| lenovo | thinkpad_13_firmware | - |
| lenovo | thinkpad_x1_tablet_firmware | - |
| lenovo | thinkpad_r590_firmware | - |
| lenovo | yoga_730-15iwl_firmware | - |
| lenovo | yangtian_me_h110_firmware | - |
| lenovo | ideacentre_510a-15icb_firmware | - |
| lenovo | lenovo_v720-14ikb_firmware | - |
| lenovo | l340-15irh_firmware | - |
| lenovo | thinkcentre_m710q_firmware | - |
| lenovo | ideacentre_300-20ish_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | thinkpad_t490s_firmware | - |
| lenovo | thinkpad_x240_firmware | * |
| lenovo | ideacentre_510s-08ish_firmware | - |
| lenovo | v530-22icb(yt_s4350)_firmware | - |
| lenovo | rescuer_y7000p_firmware | - |
| lenovo | yoga_730-15ikb_firmware | - |
| lenovo | 730s-13iwl_firmware | - |
| lenovo | thinkpad_l390_yoga_firmware | - |
| lenovo | thinkpad_w540_firmware | * |
| lenovo | thinkcentre_m4500t_firmware | - |
| lenovo | thinkcentre_m720q_firmware | - |
| lenovo | s145-15iwl_firmware | - |
| lenovo | thinkpad_x140e_firmware | - |
| lenovo | v410z(yt_s4250)_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | thinkpad_x240s_firmware | * |
| lenovo | yangtian_mc_h81_firmware | - |
| lenovo | thinkpad_s540_firmware | - |
| lenovo | thinkpad_t480_firmware | - |
| lenovo | 330-15ikb_firmware | - |
| lenovo | v310-15ikb_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u22_firmware | - |
| lenovo | aio520-22iku_firmware | - |
| lenovo | thinkpad_t490_firmware | - |
| lenovo | legion_t530-28icb_firmware | - |
| lenovo | thinkcentre_m73p_firmware | - |
| lenovo | yangtian_wc_h110_pci_firmware | - |
| lenovo | thinkpad_e480_firmware | - |
| lenovo | v310-14ikb_firmware | - |
| lenovo | thinkpad_p51_firmware | - |
| lenovo | thinksystem_hr650x_(skl)_firmware | - |
| lenovo | thinkcentre_m4600s_firmware | - |
| lenovo | l340-15iwltouch_firmware | - |
| lenovo | 130-15ikb_firmware | - |
| lenovo | c340-14iwl_firmware | - |
| lenovo | 330c-14ikb_firmware | - |
| lenovo | qt_a7400_firmware | - |
| lenovo | thinkpad_l380_firmware | - |
| lenovo | thinkcentre_m818z_firmware | - |
| lenovo | 330-15ich_firmware | - |
| lenovo | xiaoxin-14_2019iwl_firmware | - |
| lenovo | thinkcentre_m910q_firmware | - |
| lenovo | e42-80_firmware | - |
| lenovo | legion_y530-15ich_firmware | - |
| lenovo | thinkpad_e570_firmware | - |
| lenovo | v320-17ikbr_firmware | - |
| lenovo | wei5-15ikb_firmware | - |
| lenovo | thinkpad_l580_firmware | - |
| lenovo | yangtian_we_h110_firmware | - |
| lenovo | thinkpad_x131e_firmware | - |
| lenovo | 340c-15iwl_firmware | - |
| lenovo | thinkpad_11e_firmware | - |
| lenovo | yoga_730-13iwl_firmware | - |
| lenovo | thinkcentre_m910z_firmware | - |
| lenovo | thinkcentre_m8500s_firmware | - |
| lenovo | yangtian_wf_h110_pci_firmware | - |
| lenovo | thinkpad_p52_firmware | - |
| lenovo | yangtian_tc_h81_pci_firmware | - |
| lenovo | thinkpad_tablet_10_firmware | - |
| lenovo | thinkcentre_m6600q_firmware | - |
| lenovo | legion_y740-17ichg_firmware | - |
| lenovo | ideacentre_700_firmware | - |
| lenovo | v510-15ikb_firmware | - |
| lenovo | xx_chao5000-ikbra_firmware | - |
| lenovo | thinkpad_t460s_firmware | - |
| lenovo | v330-14isk_firmware | - |
| lenovo | 530s-15iwl_firmware | - |
| lenovo | v510-14ikb_firmware | - |
| lenovo | xiaoxin-15_2019iwl_firmware | - |
| lenovo | thinkcentre_e74s_firmware | - |
| lenovo | thinkpad_s5_2nd_generation_firmware | - |
| lenovo | e52-80_firmware | - |
| lenovo | v330-15igm_firmware | - |
| lenovo | 330-17ikb_firmware | - |
| lenovo | thinkpad_x260_firmware | - |
| lenovo | thinkcentre_m900_firmware | - |
| lenovo | thinkpad_t540p_firmware | * |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | - |
| lenovo | zhaoyang_k42-80_firmware | - |
| lenovo | yangtian_afh81_firmware | - |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | s530-13iwl_firmware | - |
| lenovo | thinkcentre_m8500t_firmware | - |
| lenovo | thinkpad_e590_firmware | - |
| lenovo | thinkcentre_m715s_firmware | - |
| lenovo | thinkcentre_e93_firmware | - |
| lenovo | thinkcentre_m9550z_firmware | - |
| lenovo | 530s-14iwl_firmware | - |
| lenovo | legion_t530-28apr_reflash_firmware | - |
| lenovo | k43c-80_firmware | - |
| lenovo | legion_y740-17irhg_firmware | - |
| lenovo | legion_y9000p_2019_firmware | - |
| lenovo | thinkcentre_m8300z_firmware | - |
| lenovo | thinkpad_x270_firmware | - |
| lenovo | legion_c530-19icb_firmware | - |
| lenovo | 720s-14ikbr_firmware | - |
| lenovo | 330c-15ikbr_firmware | - |
| lenovo | yoga_730-13ikb_firmware | - |
| lenovo | thinkpad_p1_firmware | - |
| lenovo | thinkpad_x390_firmware | - |
| lenovo | v530-24icb(yt_s5350)_firmware | - |
| lenovo | thinkpad_yoga_370_firmware | - |
| lenovo | ideacentre_300s-11ish_firmware | - |
| lenovo | legion_y520t_z370_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | - |
| lenovo | thinkpad_s1_3rd_firmware | - |
| lenovo | legion_y530-15ich(1060)_firmware | - |
| lenovo | thinkpad_p43s_(20rx)_firmware | - |
| lenovo | thinkpad_s5_firmware | - |
| lenovo | qitian_b5900_firmware | - |
| lenovo | thinkcentre_m715q_rr_firmware | - |
| lenovo | 330c-15ikb_firmware | - |
| lenovo | thinkcentre_m720t_firmware | - |
| lenovo | thinkcentre_m4500k_firmware | - |
| lenovo | 330-15ikbr_touch_firmware | - |
| lenovo | thinkpad_l570_firmware | - |
| lenovo | legion_c730-19ico_firmware | - |
| lenovo | thinkpad_t560_firmware | - |
| lenovo | 130-14ikb_firmware | - |
| lenovo | s340-15iwl_firmware | - |
| lenovo | xiaoxin_air-14iwl_2019_firmware | - |
| lenovo | yoga_520-14ikb_firmware | - |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m700s_firmware | - |
| lenovo | thinkcentre_m600_firmware | - |
| lenovo | thinkcentre_e74_firmware | - |
| lenovo | thinkpad_t590_firmware | - |
| lenovo | thinkpad_r490_firmware | - |
| lenovo | xiaoxin_air_15ikbr_firmware | - |
| lenovo | s145-14ikb_firmware | - |
| lenovo | qitian_a815_firmware | - |
| lenovo | thinkpad_e450c_firmware | - |
| lenovo | rescuer_y7000_firmware | - |
| lenovo | legion_y740-15ichg_firmware | - |
| lenovo | qitian_4500_firmware | - |
| lenovo | thinkcentre_m6500t_firmware | - |
| lenovo | thinkcentre_m720s_firmware | - |
| lenovo | qt_m415_firmware | - |
| lenovo | thinkcentre_m9500z_firmware | - |
| lenovo | aio520-24iku_firmware | - |
| lenovo | thinkpad_s1_yoga_firmware | - |
| lenovo | thinkcentre_e95z_firmware | - |
| lenovo | thinkcentre_m73_firmware | - |
| lenovo | yta8900f_firmware | - |
| lenovo | thinkpad_x250_firmware | - |
| lenovo | thinkcentre_e75s_firmware | - |
| lenovo | thinkcentre_m8350z_firmware | - |
| lenovo | legion_y740-15irhg_firmware | - |
| lenovo | wei5-14ikb_firmware | - |
| lenovo | qitian_m4600_firmware | - |
| lenovo | yoga_11e_4th_gen_firmware | - |
| lenovo | thinkcentre_m9350z_firmware | - |
| lenovo | a340-24icb_firmware | - |
| lenovo | thinkpad_t470s_firmware | - |
| lenovo | thinkpad_p71_firmware | - |
| lenovo | thinkstation_p330_firmware | - |
| lenovo | ideacentre_720-18apr_firmware | - |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | v320-15ikb_firmware | - |
| lenovo | l340-17irh_firmware | - |
| lenovo | xiaoxin-14iwl_qc_2019_firmware | - |
| lenovo | thinkpad_l590_firmware | - |
| lenovo | v510z_(yt_s5250)_firmware | - |
| lenovo | thinkcentre_m700q_firmware | - |
| lenovo | ideacentre_720-18icb_firmware | - |
| lenovo | xiaoxin_air_14iwl_firmware | - |
| lenovo | thinkpad_s5_yoga_15_firmware | - |
| lenovo | thinkpad_e580_firmware | - |
| lenovo | thinkstation_e32_firmware | - |
| lenovo | thinkpad_e470_firmware | - |
| lenovo | thinkpad_s3_firmware | - |
| lenovo | thinkpad_p53_firmware | - |
| lenovo | thinkpad_l380_yoga_firmware | - |
| lenovo | v310-14isk_firmware | - |
| lenovo | flex_6-1470_firmware | - |
| lenovo | yangtian_mc_h110_pci_firmware | - |
| lenovo | v520s-08ikl_firmware | - |
| lenovo | flex-15iwl_firmware | - |
| lenovo | yangtian_mc_h110_firmware | - |
| lenovo | thinkcentre_e73s_firmware | - |
| lenovo | m4500_firmware | - |
| lenovo | legion_y9000k_2019_firmware | - |
| lenovo | yangtian_wf_h81_pci_firmware | - |
| lenovo | thinkcentre_m910x_firmware | - |
| lenovo | legion_t530-28icb_reflash_firmware | - |
| lenovo | yangtian_ms_h81_firmware | - |
| lenovo | yangtian_afq150_firmware | - |
| lenovo | thinkcentre_m920q_firmware | - |
| lenovo | v730-15ikb_firmware | - |
| lenovo | 330-17ich_firmware | - |
| lenovo | c340-15iwl_firmware | - |
| lenovo | thinkpad_l460_firmware | - |
| lenovo | m4500_id_firmware | - |
| lenovo | thinkcentre_m710e_firmware | - |
| lenovo | 530s-14ikb_firmware | - |
| lenovo | legion_y730-17ich_firmware | - |
| lenovo | thinkcentre_m4500s_firmware | - |
| lenovo | v130-14ikb_firmware | - |
| lenovo | thinkcentre_m920z_firmware | - |
| lenovo | thinkpad_t550_firmware | - |
| lenovo | qitian_m4650_firmware | - |
| lenovo | s540-14iwl_firmware | - |
| lenovo | thinkpad_e550c_firmware | - |
| lenovo | y7000_2019_1050_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | ideacentre_310s-08igm_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | thinkpad_w541_firmware | * |
| lenovo | thinkpad_l480_firmware | - |
| lenovo | thinkpad_w550s_firmware | - |
| lenovo | xiaoxin_air_14ikbr_firmware | - |
| lenovo | aio520-24ikl_firmware | - |
| lenovo | thinkpad_p50s_firmware | - |
| lenovo | ideacentre_310s-08asr_firmware | - |
| lenovo | a340-22ast_firmware | - |
| lenovo | yogo_a940-27icb_firmware | - |
| lenovo | thinkcentre_m83_firmware | - |
| lenovo | legion_t530-28apr_firmware | - |
| lenovo | thinkpad_x1_yoga_firmware | - |
| lenovo | qt_m410_firmware | - |
| lenovo | thinkpad_t470p_firmware | - |
| lenovo | thinkpad_yoga_11e_firmware | - |
| lenovo | thinkcentre_m800_firmware | - |
| lenovo | xiaoxin_air-15iwl_2019_firmware | - |
| lenovo | thinksystem_odc5200-cn650s_firmware | - |
| lenovo | thinkcentre_m700t_firmware | - |
| lenovo | 330-15ikbr_firmware | - |
| lenovo | thinkpad_p73_firmware | - |
| lenovo | qitian_m4550_firmware | - |
| lenovo | thinkpad_e460_firmware | - |
| lenovo | thinkpad_t25_firmware | - |
| lenovo | m4550_id_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u42_firmware | - |
| lenovo | thinkcentre_m725s_firmware | - |
| lenovo | thinkcentre_m910t_firmware | - |
| lenovo | thinkcentre_m7300z_firmware | - |
| lenovo | yangtian_mf_h110_pci_firmware | - |
| lenovo | thinkcentre_m8600s_firmware | - |
| lenovo | thinkstation_p320_tiny_firmware | - |
| lenovo | yangtian_tc_h110_pci_firmware | - |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | qitian_b4650_firmware | - |
| lenovo | qitian_b4550_firmware | - |
| lenovo | thinkcentre_m83z_(aio)_firmware | - |
| lenovo | thinkpad_t580_firmware | - |
| lenovo | thinkcentre_m79_firmware | - |
| lenovo | 510-15ikl_firmware | - |
| lenovo | thinkpad_x1_carbon_firmware | - |
| lenovo | thinkcentre_e96z_firmware | - |
| lenovo | thinkpad_e450_firmware | - |
| lenovo | zhaoyang_e53-80_firmware | - |
| lenovo | ideacentre_510-15icb_firmware | - |
| lenovo | s540-14iwl_touch_firmware | - |
| lenovo | aio_330-20igm_firmware | - |
| lenovo | aio520-24arr_firmware | - |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | thinkcentre_m93_firmware | - |
| lenovo | v530s-07icb_firmware | - |
| lenovo | thinkcentre_m6600s_firmware | - |
| lenovo | flex_6-14ikb_firmware | - |
| lenovo | thinkpad_t450s_firmware | - |
| lenovo | thinkcentre_m710s_firmware | - |
| lenovo | yoga_s730-13iwl_firmware | - |
| lenovo | yangtian_afh110_firmware | - |
| lenovo | thinkpad_p50_firmware | - |
| lenovo | thinkcentre_s510_firmware | - |
| lenovo | thinkpad_x280_firmware | - |
| lenovo | v520t-15ikl_firmware | - |
| lenovo | thinkcentre_m93p_firmware | - |
| lenovo | thinkcentre_m6600t_firmware | - |
| lenovo | l340-17iwl_firmware | - |
| lenovo | v310z(yt_s3150)_firmware | - |
| lenovo | thinkpad_p70_firmware | - |
| lenovo | v310-15isk_firmware | - |
| lenovo | v540-24iwl(yt_s5430)_firmware | - |
| lenovo | v320-14ikb_firmware | - |
| lenovo | yangtian_wcc_h81_pci_firmware | - |
| lenovo | thinkpad_l490_firmware | - |
| lenovo | 330-14ikb_firmware | - |
| lenovo | s340-15iwl_touch_firmware | - |
| lenovo | s940-14iwl_firmware | - |
| lenovo | thinkpad_x390_yoga_firmware | - |
| lenovo | thinkpad_t470_firmware | - |
| lenovo | thinkcentre_x1_aio_firmware | - |
| lenovo | thinkcentre_e75t_firmware | - |
| lenovo | 340c-15ikb_firmware | - |
| lenovo | thinkpad_10_firmware | - |
| lenovo | thinkcentre_m73_tiny_firmware | - |
| lenovo | xiaoxin_air_15iwl_firmware | - |
| lenovo | thinkstation_p330_tiny_firmware | - |
| lenovo | thinkcentre_m4600t_firmware | - |
| lenovo | yoga_11e_3rd_gen_firmware | - |
| lenovo | 63_firmware | - |
| lenovo | v110-14ikb_firmware | - |
| lenovo | thinkpad_e560p_firmware | - |
| lenovo | thinkpad_l560_firmware | - |
| lenovo | thinkcentre_m920t_firmware | - |
| lenovo | s340-14iwl_touch_firmware | - |
| lenovo | thinksystem_hr630x_(skl)_firmware | - |
| lenovo | thinkpad_p52s_firmware | - |
| lenovo | thinkcentre_m6500s_firmware | - |
| lenovo | h50-30g_desktop_firmware | - |
| lenovo | yangtian_ws_h81_firmware | - |
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | 20m5_firmware | - |
| lenovo | 20da_firmware | - |
| lenovo | 20mv_firmware | - |
| lenovo | 20h1_firmware | - |
| lenovo | 20ku_firmware | - |
| lenovo | 20lx_firmware | - |
| lenovo | 20mu_firmware | - |
| lenovo | 20h4_firmware | - |
| lenovo | 20fv_firmware | - |
| lenovo | 20b7_firmware | - |
| lenovo | 20aq_firmware | - |
| lenovo | 20g5_firmware | - |
| lenovo | 20hv_firmware | - |
| lenovo | 20hu_firmware | - |
| lenovo | 20kc_firmware | - |
| lenovo | 20mw_firmware | - |
| lenovo | 20h8_firmware | - |
| lenovo | 20lj_firmware | - |
| lenovo | 20g4_firmware | - |
| lenovo | 20al_firmware | - |
| lenovo | 20ab_firmware | - |
| lenovo | 20dd_firmware | - |
| lenovo | 20bf_firmware | - |
| lenovo | 20hm_firmware | - |
| lenovo | 20k5_firmware | - |
| lenovo | 20an_firmware | - |
| lenovo | 20bg_firmware | - |
| lenovo | 20j7_firmware | - |
| lenovo | 246x_firmware | - |
| lenovo | 20bm_firmware | - |
| lenovo | 20m6_firmware | - |
| lenovo | 20ak_firmware | - |
| lenovo | 20ln_firmware | - |
| lenovo | 20fm_firmware | - |
| lenovo | 20g8_firmware | - |
| lenovo | 20mx_firmware | - |
| lenovo | 232x_firmware | - |
| lenovo | 20h6_firmware | - |
| lenovo | 20jr_firmware | - |
| lenovo | 20m8_firmware | - |
| lenovo | 20df_firmware | - |
| lenovo | 34xx_firmware | - |
| lenovo | 20a7_firmware | - |
| lenovo | 336x_firmware | - |
| lenovo | 242x_firmware | - |
| lenovo | 20k6_firmware | - |
| lenovo | 20bx_firmware | - |
| lenovo | 20a8_firmware | - |
| lenovo | 20ja_firmware | - |
| lenovo | 20aa_firmware | - |
| lenovo | 20j6_firmware | - |
| lenovo | 20ey_firmware | - |
| lenovo | 20eg_firmware | - |
| lenovo | 20l2_firmware | - |
| lenovo | 30eh_firmware | - |
| lenovo | 3xxx_firmware | - |
| lenovo | 20kn_firmware | - |
| lenovo | 20et_firmware | - |
| lenovo | 20ju_firmware | - |
| lenovo | 20j2_firmware | - |
| lenovo | 20aj_firmware | - |
| lenovo | 20m7_firmware | - |
| lenovo | 20b0_firmware | - |
| lenovo | 20b3_firmware | - |
| lenovo | 20bw_firmware | - |
| lenovo | 20n8_firmware | - |
| lenovo | 248x_firmware | - |
| lenovo | 20am_firmware | - |
| lenovo | 20ht_firmware | - |
| lenovo | 20dc_firmware | - |
| lenovo | 20jj_firmware | - |
| lenovo | 20fw_firmware | - |
| lenovo | 20ds_firmware | - |
| lenovo | 20ga_firmware | - |
| lenovo | 235x_firmware | - |
| lenovo | 20dg_firmware | - |
| lenovo | 20hn_firmware | - |
| lenovo | 20aw_firmware | - |
| lenovo | 239x_firmware | - |
| lenovo | 20ns_firmware | - |
| lenovo | 20a9_firmware | - |
| lenovo | 230x_firmware | - |
| lenovo | 20ks_firmware | - |
| lenovo | 20ng_firmware | - |
| lenovo | 234x_firmware | - |
| lenovo | 247x_firmware | - |
| lenovo | 20d9_firmware | - |
| lenovo | 20nn_firmware | - |
| lenovo | 20nt_firmware | - |
| lenovo | 233x_firmware | - |
| lenovo | 20b6_firmware | - |
| lenovo | 20lm_firmware | - |
| lenovo | 20ac_firmware | - |
| lenovo | 20e0_firmware | - |
| lenovo | 20kd_firmware | - |
| lenovo | 20ev_firmware | - |
| lenovo | 20nq_firmware | - |
| lenovo | 20nr_firmware | - |
| lenovo | 20be_firmware | - |
| lenovo | 243x_firmware | - |
| lenovo | 20dt_firmware | - |
| lenovo | 20ar_firmware | - |
| lenovo | 20kq_firmware | - |
| lenovo | 20nu_firmware | - |
| lenovo | 20j5_firmware | - |
| lenovo | 20lr_firmware | - |
| lenovo | 20lq_firmware | - |
| lenovo | 20kv_firmware | - |
| lenovo | 20f2_firmware | - |
| lenovo | 20kt_firmware | - |
| lenovo | 20f5_firmware | - |
| lenovo | 20n9_firmware | - |
| lenovo | 20bl_firmware | - |
| lenovo | 20dq_firmware | - |
| lenovo | 337x_firmware | - |
| lenovo | 20f1_firmware | - |
| lenovo | 20h5_firmware | - |
| lenovo | 20g9_firmware | - |
| lenovo | 20jv_firmware | - |
| lenovo | 20j1_firmware | - |
| lenovo | 20ex_firmware | - |
| lenovo | 20ls_firmware | - |
| lenovo | 20fn_firmware | - |
| lenovo | 344x_firmware | - |
| lenovo | 20dh_firmware | - |
| lenovo | 20f6_firmware | - |
| lenovo | 20h2_firmware | - |
| lenovo | 20fx_firmware | - |
| lenovo | 20de_firmware | - |
| lenovo | 20lt_firmware | - |
| lenovo | 20dj_firmware | - |
| lenovo | 20j4_firmware | - |
| lenovo | 20kl_firmware | - |
| lenovo | 20jh_firmware | - |
| lenovo | 20hs_firmware | - |
| lenovo | 20eu_firmware | - |
| lenovo | 343x_firmware | - |
| lenovo | 20gb_firmware | - |
| lenovo | 20dr_firmware | - |
| lenovo | 20bu_firmware | - |
| lenovo | 20bv_firmware | - |
| lenovo | 20lh_firmware | - |
| lenovo | 20ew_firmware | - |
| lenovo | 20ef_firmware | - |
| lenovo | 20fu_firmware | - |
| lenovo | 244x_firmware | - |
| lenovo | 20jq_firmware | - |
| lenovo | 20km_firmware | - |
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | - |
| lenovo | yangtian_ytm6900e-00_firmware | - |
| lenovo | v330-14ikb_firmware | - |
| lenovo | thinkpad_t440s_firmware | * |
| lenovo | thinkpad_tablet_8_firmware | - |
| lenovo | aio520-22ikl_firmware | - |
| lenovo | legion_t730-28ico_firmware | - |
| lenovo | legion_y7000p-1060_firmware | - |
| lenovo | rescuer_y7000(1060)_firmware | - |
| lenovo | flex_5-1570(r)_firmware | - |
| lenovo | thinkcentre_m910s_firmware | - |
| lenovo | thinkpad_e490_firmware | - |
| lenovo | thinkpad_s3_3rd_gen_firmware | - |
| lenovo | thinkpad_x1_extreme_firmware | - |
| lenovo | thinkpad_l450_firmware | - |
| lenovo | thinkcentre_m920s_firmware | - |
| lenovo | thinkcentre_m710t_firmware | - |
| lenovo | l340-15iwl_firmware | - |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | thinkpad_t440_firmware | * |
| lenovo | thinkcentre_e74z_firmware | - |
| lenovo | thinkcentre_m715q_firmware | - |
| lenovo | thinkcentre_m800z_firmware | - |
| lenovo | thinkpad_s531_firmware | * |
| lenovo | thinkcentre_m6600_firmware | - |
| lenovo | thinkcentre_m920x_firmware | - |
| lenovo | rescuer_y7000p(1060)_firmware | - |
| lenovo | s340-14iwl_firmware | - |
| lenovo | a340-24_iwl_firmware | - |
| lenovo | 510s-08ikl_firmware | - |
| lenovo | thinkcentre_m700z_firmware | - |
| lenovo | s540-15iwl_firmware | - |
| lenovo | qt_b415_firmware | - |
| lenovo | thinkpad_p51s_firmware | - |
| lenovo | thinkpad_yoga_260-s1_firmware | - |
| lenovo | thinkpad_t570_firmware | - |
| lenovo | thinkcentre_m900z_firmware | - |
| lenovo | thinkcentre_m93z_(aio)_firmware | - |
| lenovo | yoga530-14ikb_firmware | - |
| lenovo | thinkpad_t450_firmware | - |
| lenovo | aio520-27ikl_firmware | - |
| lenovo | 330-17ikbr_firmware | - |
| lenovo | thinkpad_t460_firmware | - |
| lenovo | thinkpad_e550_firmware | - |
| lenovo | thinkcentre_e73_firmware | - |
| lenovo | s145-14iwl_firmware | - |
| lenovo | thinkstation_p318_firmware | - |
| lenovo | thinkpad_e560_firmware | - |
| lenovo | thinkpad_t480s_firmware | - |
| lenovo | legion_y730-15ich_firmware | - |
| lenovo | thinkcentre_m715t_firmware | - |
| lenovo | ideacentre_730s-24ikb_firmware | - |
| lenovo | s145-15ikb_firmware | - |
| lenovo | aio_330-20ast_firmware | - |
| lenovo | 330-14ikbr_firmware | - |
| lenovo | thinkpad_p72_firmware | - |
| lenovo | thinkstation_p300_firmware | - |
| lenovo | thinkcentre_m90n-1_firmware | - |
| lenovo | thinkstation_p320_firmware | - |
| lenovo | miix_720-12ikb_firmware | - |
| lenovo | thinkpad_l470_firmware | - |
| lenovo | thinkcentre_m4500q_firmware | - |
| lenovo | zhaoyang_e43-80_kbl_firmware | - |
| lenovo | aio_520-24ast_firmware | - |
| lenovo | yangtian_mf_h81_pci_firmware | - |
| lenovo | 530s-15ikb_firmware | - |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | a340-22_iwl_firmware | - |
| lenovo | thinkpad_p53s_firmware | - |
| lenovo | a340-22icb_firmware | - |
| lenovo | v110-15ikb_firmware | - |
| lenovo | flex-14iwl_firmware | - |
| lenovo | thinkcentre_m8600t_firmware | - |
| lenovo | xiaoxin_air_13iwl_firmware | - |
| lenovo | thinkcentre_m610_firmware | - |
| lenovo | thinkpad_t460p_firmware | - |
| lenovo | thinkpad_e490s_firmware | - |
| lenovo | thinkpad_13_firmware | - |
| lenovo | thinkpad_x1_tablet_firmware | - |
| lenovo | thinkpad_r590_firmware | - |
| lenovo | yoga_730-15iwl_firmware | - |
| lenovo | yangtian_me_h110_firmware | - |
| lenovo | ideacentre_510a-15icb_firmware | - |
| lenovo | lenovo_v720-14ikb_firmware | - |
| lenovo | l340-15irh_firmware | - |
| lenovo | thinkcentre_m710q_firmware | - |
| lenovo | ideacentre_300-20ish_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | thinkpad_t490s_firmware | - |
| lenovo | thinkpad_x240_firmware | * |
| lenovo | ideacentre_510s-08ish_firmware | - |
| lenovo | v530-22icb(yt_s4350)_firmware | - |
| lenovo | rescuer_y7000p_firmware | - |
| lenovo | yoga_730-15ikb_firmware | - |
| lenovo | 730s-13iwl_firmware | - |
| lenovo | thinkpad_l390_yoga_firmware | - |
| lenovo | thinkpad_w540_firmware | * |
| lenovo | thinkcentre_m4500t_firmware | - |
| lenovo | thinkcentre_m720q_firmware | - |
| lenovo | s145-15iwl_firmware | - |
| lenovo | thinkpad_x140e_firmware | - |
| lenovo | v410z(yt_s4250)_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | thinkpad_x240s_firmware | * |
| lenovo | yangtian_mc_h81_firmware | - |
| lenovo | thinkpad_s540_firmware | - |
| lenovo | thinkpad_t480_firmware | - |
| lenovo | 330-15ikb_firmware | - |
| lenovo | v310-15ikb_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u22_firmware | - |
| lenovo | aio520-22iku_firmware | - |
| lenovo | thinkpad_t490_firmware | - |
| lenovo | legion_t530-28icb_firmware | - |
| lenovo | thinkcentre_m73p_firmware | - |
| lenovo | yangtian_wc_h110_pci_firmware | - |
| lenovo | thinkpad_e480_firmware | - |
| lenovo | v310-14ikb_firmware | - |
| lenovo | thinkpad_p51_firmware | - |
| lenovo | thinksystem_hr650x_(skl)_firmware | - |
| lenovo | thinkcentre_m4600s_firmware | - |
| lenovo | l340-15iwltouch_firmware | - |
| lenovo | 130-15ikb_firmware | - |
| lenovo | c340-14iwl_firmware | - |
| lenovo | 330c-14ikb_firmware | - |
| lenovo | qt_a7400_firmware | - |
| lenovo | thinkpad_l380_firmware | - |
| lenovo | thinkcentre_m818z_firmware | - |
| lenovo | 330-15ich_firmware | - |
| lenovo | xiaoxin-14_2019iwl_firmware | - |
| lenovo | thinkcentre_m910q_firmware | - |
| lenovo | e42-80_firmware | - |
| lenovo | legion_y530-15ich_firmware | - |
| lenovo | thinkpad_e570_firmware | - |
| lenovo | v320-17ikbr_firmware | - |
| lenovo | wei5-15ikb_firmware | - |
| lenovo | thinkpad_l580_firmware | - |
| lenovo | yangtian_we_h110_firmware | - |
| lenovo | thinkpad_x131e_firmware | - |
| lenovo | 340c-15iwl_firmware | - |
| lenovo | thinkpad_11e_firmware | - |
| lenovo | yoga_730-13iwl_firmware | - |
| lenovo | thinkcentre_m910z_firmware | - |
| lenovo | thinkcentre_m8500s_firmware | - |
| lenovo | yangtian_wf_h110_pci_firmware | - |
| lenovo | thinkpad_p52_firmware | - |
| lenovo | yangtian_tc_h81_pci_firmware | - |
| lenovo | thinkpad_tablet_10_firmware | - |
| lenovo | thinkcentre_m6600q_firmware | - |
| lenovo | legion_y740-17ichg_firmware | - |
| lenovo | ideacentre_700_firmware | - |
| lenovo | v510-15ikb_firmware | - |
| lenovo | xx_chao5000-ikbra_firmware | - |
| lenovo | thinkpad_t460s_firmware | - |
| lenovo | v330-14isk_firmware | - |
| lenovo | 530s-15iwl_firmware | - |
| lenovo | v510-14ikb_firmware | - |
| lenovo | xiaoxin-15_2019iwl_firmware | - |
| lenovo | thinkcentre_e74s_firmware | - |
| lenovo | thinkpad_s5_2nd_generation_firmware | - |
| lenovo | e52-80_firmware | - |
| lenovo | v330-15igm_firmware | - |
| lenovo | 330-17ikb_firmware | - |
| lenovo | thinkpad_x260_firmware | - |
| lenovo | thinkcentre_m900_firmware | - |
| lenovo | thinkpad_t540p_firmware | * |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | - |
| lenovo | zhaoyang_k42-80_firmware | - |
| lenovo | yangtian_afh81_firmware | - |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | s530-13iwl_firmware | - |
| lenovo | thinkcentre_m8500t_firmware | - |
| lenovo | thinkpad_e590_firmware | - |
| lenovo | thinkcentre_m715s_firmware | - |
| lenovo | thinkcentre_e93_firmware | - |
| lenovo | thinkcentre_m9550z_firmware | - |
| lenovo | 530s-14iwl_firmware | - |
| lenovo | legion_t530-28apr_reflash_firmware | - |
| lenovo | k43c-80_firmware | - |
| lenovo | legion_y740-17irhg_firmware | - |
| lenovo | legion_y9000p_2019_firmware | - |
| lenovo | thinkcentre_m8300z_firmware | - |
| lenovo | thinkpad_x270_firmware | - |
| lenovo | legion_c530-19icb_firmware | - |
| lenovo | 720s-14ikbr_firmware | - |
| lenovo | 330c-15ikbr_firmware | - |
| lenovo | yoga_730-13ikb_firmware | - |
| lenovo | thinkpad_p1_firmware | - |
| lenovo | thinkpad_x390_firmware | - |
| lenovo | v530-24icb(yt_s5350)_firmware | - |
| lenovo | thinkpad_yoga_370_firmware | - |
| lenovo | ideacentre_300s-11ish_firmware | - |
| lenovo | legion_y520t_z370_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | - |
| lenovo | thinkpad_s1_3rd_firmware | - |
| lenovo | legion_y530-15ich(1060)_firmware | - |
| lenovo | thinkpad_p43s_(20rx)_firmware | - |
| lenovo | thinkpad_s5_firmware | - |
| lenovo | qitian_b5900_firmware | - |
| lenovo | thinkcentre_m715q_rr_firmware | - |
| lenovo | 330c-15ikb_firmware | - |
| lenovo | thinkcentre_m720t_firmware | - |
| lenovo | thinkcentre_m4500k_firmware | - |
| lenovo | 330-15ikbr_touch_firmware | - |
| lenovo | thinkpad_l570_firmware | - |
| lenovo | legion_c730-19ico_firmware | - |
| lenovo | thinkpad_t560_firmware | - |
| lenovo | 130-14ikb_firmware | - |
| lenovo | s340-15iwl_firmware | - |
| lenovo | xiaoxin_air-14iwl_2019_firmware | - |
| lenovo | yoga_520-14ikb_firmware | - |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m700s_firmware | - |
| lenovo | thinkcentre_m600_firmware | - |
| lenovo | thinkcentre_e74_firmware | - |
| lenovo | thinkpad_t590_firmware | - |
| lenovo | thinkpad_r490_firmware | - |
| lenovo | xiaoxin_air_15ikbr_firmware | - |
| lenovo | s145-14ikb_firmware | - |
| lenovo | qitian_a815_firmware | - |
| lenovo | thinkpad_e450c_firmware | - |
| lenovo | rescuer_y7000_firmware | - |
| lenovo | legion_y740-15ichg_firmware | - |
| lenovo | qitian_4500_firmware | - |
| lenovo | thinkcentre_m6500t_firmware | - |
| lenovo | thinkcentre_m720s_firmware | - |
| lenovo | qt_m415_firmware | - |
| lenovo | thinkcentre_m9500z_firmware | - |
| lenovo | aio520-24iku_firmware | - |
| lenovo | thinkpad_s1_yoga_firmware | - |
| lenovo | thinkcentre_e95z_firmware | - |
| lenovo | thinkcentre_m73_firmware | - |
| lenovo | yta8900f_firmware | - |
| lenovo | thinkpad_x250_firmware | - |
| lenovo | thinkcentre_e75s_firmware | - |
| lenovo | thinkcentre_m8350z_firmware | - |
| lenovo | legion_y740-15irhg_firmware | - |
| lenovo | wei5-14ikb_firmware | - |
| lenovo | qitian_m4600_firmware | - |
| lenovo | yoga_11e_4th_gen_firmware | - |
| lenovo | thinkcentre_m9350z_firmware | - |
| lenovo | a340-24icb_firmware | - |
| lenovo | thinkpad_t470s_firmware | - |
| lenovo | thinkpad_p71_firmware | - |
| lenovo | thinkstation_p330_firmware | - |
| lenovo | ideacentre_720-18apr_firmware | - |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | v320-15ikb_firmware | - |
| lenovo | l340-17irh_firmware | - |
| lenovo | xiaoxin-14iwl_qc_2019_firmware | - |
| lenovo | thinkpad_l590_firmware | - |
| lenovo | v510z_(yt_s5250)_firmware | - |
| lenovo | thinkcentre_m700q_firmware | - |
| lenovo | ideacentre_720-18icb_firmware | - |
| lenovo | xiaoxin_air_14iwl_firmware | - |
| lenovo | thinkpad_s5_yoga_15_firmware | - |
| lenovo | thinkpad_e580_firmware | - |
| lenovo | thinkstation_e32_firmware | - |
| lenovo | thinkpad_e470_firmware | - |
| lenovo | thinkpad_s3_firmware | - |
| lenovo | thinkpad_p53_firmware | - |
| lenovo | thinkpad_l380_yoga_firmware | - |
| lenovo | v310-14isk_firmware | - |
| lenovo | flex_6-1470_firmware | - |
| lenovo | yangtian_mc_h110_pci_firmware | - |
| lenovo | v520s-08ikl_firmware | - |
| lenovo | flex-15iwl_firmware | - |
| lenovo | yangtian_mc_h110_firmware | - |
| lenovo | thinkcentre_e73s_firmware | - |
| lenovo | m4500_firmware | - |
| lenovo | legion_y9000k_2019_firmware | - |
| lenovo | yangtian_wf_h81_pci_firmware | - |
| lenovo | thinkcentre_m910x_firmware | - |
| lenovo | legion_t530-28icb_reflash_firmware | - |
| lenovo | yangtian_ms_h81_firmware | - |
| lenovo | yangtian_afq150_firmware | - |
| lenovo | thinkcentre_m920q_firmware | - |
| lenovo | v730-15ikb_firmware | - |
| lenovo | 330-17ich_firmware | - |
| lenovo | c340-15iwl_firmware | - |
| lenovo | thinkpad_l460_firmware | - |
| lenovo | m4500_id_firmware | - |
| lenovo | thinkcentre_m710e_firmware | - |
| lenovo | 530s-14ikb_firmware | - |
| lenovo | legion_y730-17ich_firmware | - |
| lenovo | thinkcentre_m4500s_firmware | - |
| lenovo | v130-14ikb_firmware | - |
| lenovo | thinkcentre_m920z_firmware | - |
| lenovo | thinkpad_t550_firmware | - |
| lenovo | qitian_m4650_firmware | - |
| lenovo | s540-14iwl_firmware | - |
| lenovo | thinkpad_e550c_firmware | - |
| lenovo | y7000_2019_1050_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | ideacentre_310s-08igm_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | thinkpad_w541_firmware | * |
| lenovo | thinkpad_l480_firmware | - |
| lenovo | thinkpad_w550s_firmware | - |
| lenovo | xiaoxin_air_14ikbr_firmware | - |
| lenovo | aio520-24ikl_firmware | - |
| lenovo | thinkpad_p50s_firmware | - |
| lenovo | ideacentre_310s-08asr_firmware | - |
| lenovo | a340-22ast_firmware | - |
| lenovo | yogo_a940-27icb_firmware | - |
| lenovo | thinkcentre_m83_firmware | - |
| lenovo | legion_t530-28apr_firmware | - |
| lenovo | thinkpad_x1_yoga_firmware | - |
| lenovo | qt_m410_firmware | - |
| lenovo | thinkpad_t470p_firmware | - |
| lenovo | thinkpad_yoga_11e_firmware | - |
| lenovo | thinkcentre_m800_firmware | - |
| lenovo | xiaoxin_air-15iwl_2019_firmware | - |
| lenovo | thinksystem_odc5200-cn650s_firmware | - |
| lenovo | thinkcentre_m700t_firmware | - |
| lenovo | 330-15ikbr_firmware | - |
| lenovo | thinkpad_p73_firmware | - |
| lenovo | qitian_m4550_firmware | - |
| lenovo | thinkpad_e460_firmware | - |
| lenovo | thinkpad_t25_firmware | - |
| lenovo | m4550_id_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u42_firmware | - |
| lenovo | thinkcentre_m725s_firmware | - |
| lenovo | thinkcentre_m910t_firmware | - |
| lenovo | thinkcentre_m7300z_firmware | - |
| lenovo | yangtian_mf_h110_pci_firmware | - |
| lenovo | thinkcentre_m8600s_firmware | - |
| lenovo | thinkstation_p320_tiny_firmware | - |
| lenovo | yangtian_tc_h110_pci_firmware | - |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | qitian_b4650_firmware | - |
| lenovo | qitian_b4550_firmware | - |
| lenovo | thinkcentre_m83z_(aio)_firmware | - |
| lenovo | thinkpad_t580_firmware | - |
| lenovo | thinkcentre_m79_firmware | - |
| lenovo | 510-15ikl_firmware | - |
| lenovo | thinkpad_x1_carbon_firmware | - |
| lenovo | thinkcentre_e96z_firmware | - |
| lenovo | thinkpad_e450_firmware | - |
| lenovo | zhaoyang_e53-80_firmware | - |
| lenovo | ideacentre_510-15icb_firmware | - |
| lenovo | s540-14iwl_touch_firmware | - |
| lenovo | aio_330-20igm_firmware | - |
| lenovo | aio520-24arr_firmware | - |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | thinkcentre_m93_firmware | - |
| lenovo | v530s-07icb_firmware | - |
| lenovo | thinkcentre_m6600s_firmware | - |
| lenovo | flex_6-14ikb_firmware | - |
| lenovo | thinkpad_t450s_firmware | - |
| lenovo | thinkcentre_m710s_firmware | - |
| lenovo | yoga_s730-13iwl_firmware | - |
| lenovo | yangtian_afh110_firmware | - |
| lenovo | thinkpad_p50_firmware | - |
| lenovo | thinkcentre_s510_firmware | - |
| lenovo | thinkpad_x280_firmware | - |
| lenovo | v520t-15ikl_firmware | - |
| lenovo | thinkcentre_m93p_firmware | - |
| lenovo | thinkcentre_m6600t_firmware | - |
| lenovo | l340-17iwl_firmware | - |
| lenovo | v310z(yt_s3150)_firmware | - |
| lenovo | thinkpad_p70_firmware | - |
| lenovo | v310-15isk_firmware | - |
| lenovo | v540-24iwl(yt_s5430)_firmware | - |
| lenovo | v320-14ikb_firmware | - |
| lenovo | yangtian_wcc_h81_pci_firmware | - |
| lenovo | thinkpad_l490_firmware | - |
| lenovo | 330-14ikb_firmware | - |
| lenovo | s340-15iwl_touch_firmware | - |
| lenovo | s940-14iwl_firmware | - |
| lenovo | thinkpad_x390_yoga_firmware | - |
| lenovo | thinkpad_t470_firmware | - |
| lenovo | thinkcentre_x1_aio_firmware | - |
| lenovo | thinkcentre_e75t_firmware | - |
| lenovo | 340c-15ikb_firmware | - |
| lenovo | thinkpad_10_firmware | - |
| lenovo | thinkcentre_m73_tiny_firmware | - |
| lenovo | xiaoxin_air_15iwl_firmware | - |
| lenovo | thinkstation_p330_tiny_firmware | - |
| lenovo | thinkcentre_m4600t_firmware | - |
| lenovo | yoga_11e_3rd_gen_firmware | - |
| lenovo | 63_firmware | - |
| lenovo | v110-14ikb_firmware | - |
| lenovo | thinkpad_e560p_firmware | - |
| lenovo | thinkpad_l560_firmware | - |
| lenovo | thinkcentre_m920t_firmware | - |
| lenovo | s340-14iwl_touch_firmware | - |
| lenovo | thinksystem_hr630x_(skl)_firmware | - |
| lenovo | thinkpad_p52s_firmware | - |
| lenovo | thinkcentre_m6500s_firmware | - |
| lenovo | h50-30g_desktop_firmware | - |
| lenovo | yangtian_ws_h81_firmware | - |
A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | 0.6 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | installation_package | * |
A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_usb-c_dock_firmware | 3.7.2 |
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | solution_center | 03.12.003 |
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | storecenter_ix2-200_firmware | 3.2.16.30221 |
| lenovo | storecenter_ix4-200d_firmware | 3.2.16.30221 |
| lenovo | home_media_network_hard_drive_firmware | 3.2.16.30221 |
| lenovo | storecenter_ix4-200rl_firmware | 2.1.50.30227 |
| lenovo | ix12-300r_firmware | 4.0.24.34808 |
| lenovo | px12-350r_firmware | 4.0.24.34808 |
| lenovo | storecenter_ix4-200d_firmware | 2.1.50.30227 |
| lenovo | storecenter_ix2-200_firmware | 2.1.50.30227 |
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_integrator | * |
| lenovo | xclarity_administrator | * |
A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | 1.7 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | energy_management | * |
A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | customer_engagement_service | 2.0.21.1 |
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_controller | * |
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | - |
| lenovo | yangtian_ytm6900e-00_firmware | - |
| lenovo | v330-14ikb_firmware | - |
| lenovo | thinkpad_t440s_firmware | * |
| lenovo | thinkpad_tablet_8_firmware | - |
| lenovo | aio520-22ikl_firmware | - |
| lenovo | legion_t730-28ico_firmware | - |
| lenovo | legion_y7000p-1060_firmware | - |
| lenovo | rescuer_y7000(1060)_firmware | - |
| lenovo | flex_5-1570(r)_firmware | - |
| lenovo | thinkcentre_m910s_firmware | - |
| lenovo | thinkpad_e490_firmware | - |
| lenovo | thinkpad_s3_3rd_gen_firmware | - |
| lenovo | thinkpad_x1_extreme_firmware | - |
| lenovo | thinkpad_l450_firmware | - |
| lenovo | thinkcentre_m920s_firmware | - |
| lenovo | thinkcentre_m710t_firmware | - |
| lenovo | l340-15iwl_firmware | - |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | thinkpad_t440_firmware | * |
| lenovo | thinkcentre_e74z_firmware | - |
| lenovo | thinkcentre_m715q_firmware | - |
| lenovo | thinkcentre_m800z_firmware | - |
| lenovo | thinkpad_s531_firmware | * |
| lenovo | thinkcentre_m6600_firmware | - |
| lenovo | thinkcentre_m920x_firmware | - |
| lenovo | rescuer_y7000p(1060)_firmware | - |
| lenovo | s340-14iwl_firmware | - |
| lenovo | a340-24_iwl_firmware | - |
| lenovo | 510s-08ikl_firmware | - |
| lenovo | thinkcentre_m700z_firmware | - |
| lenovo | s540-15iwl_firmware | - |
| lenovo | qt_b415_firmware | - |
| lenovo | thinkpad_p51s_firmware | - |
| lenovo | thinkpad_yoga_260-s1_firmware | - |
| lenovo | thinkpad_t570_firmware | - |
| lenovo | thinkcentre_m900z_firmware | - |
| lenovo | thinkcentre_m93z_(aio)_firmware | - |
| lenovo | yoga530-14ikb_firmware | - |
| lenovo | thinkpad_t450_firmware | - |
| lenovo | aio520-27ikl_firmware | - |
| lenovo | 330-17ikbr_firmware | - |
| lenovo | thinkpad_t460_firmware | - |
| lenovo | thinkpad_e550_firmware | - |
| lenovo | thinkcentre_e73_firmware | - |
| lenovo | s145-14iwl_firmware | - |
| lenovo | thinkstation_p318_firmware | - |
| lenovo | thinkpad_e560_firmware | - |
| lenovo | thinkpad_t480s_firmware | - |
| lenovo | legion_y730-15ich_firmware | - |
| lenovo | thinkcentre_m715t_firmware | - |
| lenovo | ideacentre_730s-24ikb_firmware | - |
| lenovo | s145-15ikb_firmware | - |
| lenovo | aio_330-20ast_firmware | - |
| lenovo | 330-14ikbr_firmware | - |
| lenovo | thinkpad_p72_firmware | - |
| lenovo | thinkstation_p300_firmware | - |
| lenovo | thinkcentre_m90n-1_firmware | - |
| lenovo | thinkstation_p320_firmware | - |
| lenovo | miix_720-12ikb_firmware | - |
| lenovo | thinkpad_l470_firmware | - |
| lenovo | thinkcentre_m4500q_firmware | - |
| lenovo | zhaoyang_e43-80_kbl_firmware | - |
| lenovo | aio_520-24ast_firmware | - |
| lenovo | yangtian_mf_h81_pci_firmware | - |
| lenovo | 530s-15ikb_firmware | - |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | a340-22_iwl_firmware | - |
| lenovo | thinkpad_p53s_firmware | - |
| lenovo | a340-22icb_firmware | - |
| lenovo | v110-15ikb_firmware | - |
| lenovo | flex-14iwl_firmware | - |
| lenovo | thinkcentre_m8600t_firmware | - |
| lenovo | xiaoxin_air_13iwl_firmware | - |
| lenovo | thinkcentre_m610_firmware | - |
| lenovo | thinkpad_t460p_firmware | - |
| lenovo | thinkpad_e490s_firmware | - |
| lenovo | thinkpad_13_firmware | - |
| lenovo | thinkpad_x1_tablet_firmware | - |
| lenovo | thinkpad_r590_firmware | - |
| lenovo | yoga_730-15iwl_firmware | - |
| lenovo | yangtian_me_h110_firmware | - |
| lenovo | ideacentre_510a-15icb_firmware | - |
| lenovo | lenovo_v720-14ikb_firmware | - |
| lenovo | l340-15irh_firmware | - |
| lenovo | thinkcentre_m710q_firmware | - |
| lenovo | ideacentre_300-20ish_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | thinkpad_t490s_firmware | - |
| lenovo | thinkpad_x240_firmware | * |
| lenovo | ideacentre_510s-08ish_firmware | - |
| lenovo | v530-22icb(yt_s4350)_firmware | - |
| lenovo | rescuer_y7000p_firmware | - |
| lenovo | yoga_730-15ikb_firmware | - |
| lenovo | 730s-13iwl_firmware | - |
| lenovo | thinkpad_l390_yoga_firmware | - |
| lenovo | thinkpad_w540_firmware | * |
| lenovo | thinkcentre_m4500t_firmware | - |
| lenovo | thinkcentre_m720q_firmware | - |
| lenovo | s145-15iwl_firmware | - |
| lenovo | thinkpad_x140e_firmware | - |
| lenovo | v410z(yt_s4250)_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | thinkpad_x240s_firmware | * |
| lenovo | yangtian_mc_h81_firmware | - |
| lenovo | thinkpad_s540_firmware | - |
| lenovo | thinkpad_t480_firmware | - |
| lenovo | 330-15ikb_firmware | - |
| lenovo | v310-15ikb_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u22_firmware | - |
| lenovo | aio520-22iku_firmware | - |
| lenovo | thinkpad_t490_firmware | - |
| lenovo | legion_t530-28icb_firmware | - |
| lenovo | thinkcentre_m73p_firmware | - |
| lenovo | yangtian_wc_h110_pci_firmware | - |
| lenovo | thinkpad_e480_firmware | - |
| lenovo | v310-14ikb_firmware | - |
| lenovo | thinkpad_p51_firmware | - |
| lenovo | thinksystem_hr650x_(skl)_firmware | - |
| lenovo | thinkcentre_m4600s_firmware | - |
| lenovo | l340-15iwltouch_firmware | - |
| lenovo | 130-15ikb_firmware | - |
| lenovo | c340-14iwl_firmware | - |
| lenovo | 330c-14ikb_firmware | - |
| lenovo | qt_a7400_firmware | - |
| lenovo | thinkpad_l380_firmware | - |
| lenovo | thinkcentre_m818z_firmware | - |
| lenovo | 330-15ich_firmware | - |
| lenovo | xiaoxin-14_2019iwl_firmware | - |
| lenovo | thinkcentre_m910q_firmware | - |
| lenovo | e42-80_firmware | - |
| lenovo | legion_y530-15ich_firmware | - |
| lenovo | thinkpad_e570_firmware | - |
| lenovo | v320-17ikbr_firmware | - |
| lenovo | wei5-15ikb_firmware | - |
| lenovo | thinkpad_l580_firmware | - |
| lenovo | yangtian_we_h110_firmware | - |
| lenovo | thinkpad_x131e_firmware | - |
| lenovo | 340c-15iwl_firmware | - |
| lenovo | thinkpad_11e_firmware | - |
| lenovo | yoga_730-13iwl_firmware | - |
| lenovo | thinkcentre_m910z_firmware | - |
| lenovo | thinkcentre_m8500s_firmware | - |
| lenovo | yangtian_wf_h110_pci_firmware | - |
| lenovo | thinkpad_p52_firmware | - |
| lenovo | yangtian_tc_h81_pci_firmware | - |
| lenovo | thinkpad_tablet_10_firmware | - |
| lenovo | thinkcentre_m6600q_firmware | - |
| lenovo | legion_y740-17ichg_firmware | - |
| lenovo | ideacentre_700_firmware | - |
| lenovo | v510-15ikb_firmware | - |
| lenovo | xx_chao5000-ikbra_firmware | - |
| lenovo | thinkpad_t460s_firmware | - |
| lenovo | v330-14isk_firmware | - |
| lenovo | 530s-15iwl_firmware | - |
| lenovo | v510-14ikb_firmware | - |
| lenovo | xiaoxin-15_2019iwl_firmware | - |
| lenovo | thinkcentre_e74s_firmware | - |
| lenovo | thinkpad_s5_2nd_generation_firmware | - |
| lenovo | e52-80_firmware | - |
| lenovo | v330-15igm_firmware | - |
| lenovo | 330-17ikb_firmware | - |
| lenovo | thinkpad_x260_firmware | - |
| lenovo | thinkcentre_m900_firmware | - |
| lenovo | thinkpad_t540p_firmware | * |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | - |
| lenovo | zhaoyang_k42-80_firmware | - |
| lenovo | yangtian_afh81_firmware | - |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | s530-13iwl_firmware | - |
| lenovo | thinkcentre_m8500t_firmware | - |
| lenovo | thinkpad_e590_firmware | - |
| lenovo | thinkcentre_m715s_firmware | - |
| lenovo | thinkcentre_e93_firmware | - |
| lenovo | thinkcentre_m9550z_firmware | - |
| lenovo | 530s-14iwl_firmware | - |
| lenovo | legion_t530-28apr_reflash_firmware | - |
| lenovo | k43c-80_firmware | - |
| lenovo | legion_y740-17irhg_firmware | - |
| lenovo | legion_y9000p_2019_firmware | - |
| lenovo | thinkcentre_m8300z_firmware | - |
| lenovo | thinkpad_x270_firmware | - |
| lenovo | legion_c530-19icb_firmware | - |
| lenovo | 720s-14ikbr_firmware | - |
| lenovo | 330c-15ikbr_firmware | - |
| lenovo | yoga_730-13ikb_firmware | - |
| lenovo | thinkpad_p1_firmware | - |
| lenovo | thinkpad_x390_firmware | - |
| lenovo | v530-24icb(yt_s5350)_firmware | - |
| lenovo | thinkpad_yoga_370_firmware | - |
| lenovo | ideacentre_300s-11ish_firmware | - |
| lenovo | legion_y520t_z370_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | - |
| lenovo | thinkpad_s1_3rd_firmware | - |
| lenovo | legion_y530-15ich(1060)_firmware | - |
| lenovo | thinkpad_p43s_(20rx)_firmware | - |
| lenovo | thinkpad_s5_firmware | - |
| lenovo | qitian_b5900_firmware | - |
| lenovo | thinkcentre_m715q_rr_firmware | - |
| lenovo | 330c-15ikb_firmware | - |
| lenovo | thinkcentre_m720t_firmware | - |
| lenovo | thinkcentre_m4500k_firmware | - |
| lenovo | 330-15ikbr_touch_firmware | - |
| lenovo | thinkpad_l570_firmware | - |
| lenovo | legion_c730-19ico_firmware | - |
| lenovo | thinkpad_t560_firmware | - |
| lenovo | 130-14ikb_firmware | - |
| lenovo | s340-15iwl_firmware | - |
| lenovo | xiaoxin_air-14iwl_2019_firmware | - |
| lenovo | yoga_520-14ikb_firmware | - |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m700s_firmware | - |
| lenovo | thinkcentre_m600_firmware | - |
| lenovo | thinkcentre_e74_firmware | - |
| lenovo | thinkpad_t590_firmware | - |
| lenovo | thinkpad_r490_firmware | - |
| lenovo | xiaoxin_air_15ikbr_firmware | - |
| lenovo | s145-14ikb_firmware | - |
| lenovo | qitian_a815_firmware | - |
| lenovo | thinkpad_e450c_firmware | - |
| lenovo | rescuer_y7000_firmware | - |
| lenovo | legion_y740-15ichg_firmware | - |
| lenovo | qitian_4500_firmware | - |
| lenovo | thinkcentre_m6500t_firmware | - |
| lenovo | thinkcentre_m720s_firmware | - |
| lenovo | qt_m415_firmware | - |
| lenovo | thinkcentre_m9500z_firmware | - |
| lenovo | aio520-24iku_firmware | - |
| lenovo | thinkpad_s1_yoga_firmware | - |
| lenovo | thinkcentre_e95z_firmware | - |
| lenovo | thinkcentre_m73_firmware | - |
| lenovo | yta8900f_firmware | - |
| lenovo | thinkpad_x250_firmware | - |
| lenovo | thinkcentre_e75s_firmware | - |
| lenovo | thinkcentre_m8350z_firmware | - |
| lenovo | legion_y740-15irhg_firmware | - |
| lenovo | wei5-14ikb_firmware | - |
| lenovo | qitian_m4600_firmware | - |
| lenovo | yoga_11e_4th_gen_firmware | - |
| lenovo | thinkcentre_m9350z_firmware | - |
| lenovo | a340-24icb_firmware | - |
| lenovo | thinkpad_t470s_firmware | - |
| lenovo | thinkpad_p71_firmware | - |
| lenovo | thinkstation_p330_firmware | - |
| lenovo | ideacentre_720-18apr_firmware | - |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | v320-15ikb_firmware | - |
| lenovo | l340-17irh_firmware | - |
| lenovo | xiaoxin-14iwl_qc_2019_firmware | - |
| lenovo | thinkpad_l590_firmware | - |
| lenovo | v510z_(yt_s5250)_firmware | - |
| lenovo | thinkcentre_m700q_firmware | - |
| lenovo | ideacentre_720-18icb_firmware | - |
| lenovo | xiaoxin_air_14iwl_firmware | - |
| lenovo | thinkpad_s5_yoga_15_firmware | - |
| lenovo | thinkpad_e580_firmware | - |
| lenovo | thinkstation_e32_firmware | - |
| lenovo | thinkpad_e470_firmware | - |
| lenovo | thinkpad_s3_firmware | - |
| lenovo | thinkpad_p53_firmware | - |
| lenovo | thinkpad_l380_yoga_firmware | - |
| lenovo | v310-14isk_firmware | - |
| lenovo | flex_6-1470_firmware | - |
| lenovo | yangtian_mc_h110_pci_firmware | - |
| lenovo | v520s-08ikl_firmware | - |
| lenovo | flex-15iwl_firmware | - |
| lenovo | yangtian_mc_h110_firmware | - |
| lenovo | thinkcentre_e73s_firmware | - |
| lenovo | m4500_firmware | - |
| lenovo | legion_y9000k_2019_firmware | - |
| lenovo | yangtian_wf_h81_pci_firmware | - |
| lenovo | thinkcentre_m910x_firmware | - |
| lenovo | legion_t530-28icb_reflash_firmware | - |
| lenovo | yangtian_ms_h81_firmware | - |
| lenovo | yangtian_afq150_firmware | - |
| lenovo | thinkcentre_m920q_firmware | - |
| lenovo | v730-15ikb_firmware | - |
| lenovo | 330-17ich_firmware | - |
| lenovo | c340-15iwl_firmware | - |
| lenovo | thinkpad_l460_firmware | - |
| lenovo | m4500_id_firmware | - |
| lenovo | thinkcentre_m710e_firmware | - |
| lenovo | 530s-14ikb_firmware | - |
| lenovo | legion_y730-17ich_firmware | - |
| lenovo | thinkcentre_m4500s_firmware | - |
| lenovo | v130-14ikb_firmware | - |
| lenovo | thinkcentre_m920z_firmware | - |
| lenovo | thinkpad_t550_firmware | - |
| lenovo | qitian_m4650_firmware | - |
| lenovo | s540-14iwl_firmware | - |
| lenovo | thinkpad_e550c_firmware | - |
| lenovo | y7000_2019_1050_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | ideacentre_310s-08igm_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | thinkpad_w541_firmware | * |
| lenovo | thinkpad_l480_firmware | - |
| lenovo | thinkpad_w550s_firmware | - |
| lenovo | xiaoxin_air_14ikbr_firmware | - |
| lenovo | aio520-24ikl_firmware | - |
| lenovo | thinkpad_p50s_firmware | - |
| lenovo | ideacentre_310s-08asr_firmware | - |
| lenovo | a340-22ast_firmware | - |
| lenovo | yogo_a940-27icb_firmware | - |
| lenovo | thinkcentre_m83_firmware | - |
| lenovo | legion_t530-28apr_firmware | - |
| lenovo | thinkpad_x1_yoga_firmware | - |
| lenovo | qt_m410_firmware | - |
| lenovo | thinkpad_t470p_firmware | - |
| lenovo | thinkpad_yoga_11e_firmware | - |
| lenovo | thinkcentre_m800_firmware | - |
| lenovo | xiaoxin_air-15iwl_2019_firmware | - |
| lenovo | thinksystem_odc5200-cn650s_firmware | - |
| lenovo | thinkcentre_m700t_firmware | - |
| lenovo | 330-15ikbr_firmware | - |
| lenovo | thinkpad_p73_firmware | - |
| lenovo | qitian_m4550_firmware | - |
| lenovo | thinkpad_e460_firmware | - |
| lenovo | thinkpad_t25_firmware | - |
| lenovo | m4550_id_firmware | - |
| lenovo | xiaoxin_tide_7000-15_u42_firmware | - |
| lenovo | thinkcentre_m725s_firmware | - |
| lenovo | thinkcentre_m910t_firmware | - |
| lenovo | thinkcentre_m7300z_firmware | - |
| lenovo | yangtian_mf_h110_pci_firmware | - |
| lenovo | thinkcentre_m8600s_firmware | - |
| lenovo | thinkstation_p320_tiny_firmware | - |
| lenovo | yangtian_tc_h110_pci_firmware | - |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | qitian_b4650_firmware | - |
| lenovo | qitian_b4550_firmware | - |
| lenovo | thinkcentre_m83z_(aio)_firmware | - |
| lenovo | thinkpad_t580_firmware | - |
| lenovo | thinkcentre_m79_firmware | - |
| lenovo | 510-15ikl_firmware | - |
| lenovo | thinkpad_x1_carbon_firmware | - |
| lenovo | thinkcentre_e96z_firmware | - |
| lenovo | thinkpad_e450_firmware | - |
| lenovo | zhaoyang_e53-80_firmware | - |
| lenovo | ideacentre_510-15icb_firmware | - |
| lenovo | s540-14iwl_touch_firmware | - |
| lenovo | aio_330-20igm_firmware | - |
| lenovo | aio520-24arr_firmware | - |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | thinkcentre_m93_firmware | - |
| lenovo | v530s-07icb_firmware | - |
| lenovo | thinkcentre_m6600s_firmware | - |
| lenovo | flex_6-14ikb_firmware | - |
| lenovo | thinkpad_t450s_firmware | - |
| lenovo | thinkcentre_m710s_firmware | - |
| lenovo | yoga_s730-13iwl_firmware | - |
| lenovo | yangtian_afh110_firmware | - |
| lenovo | thinkpad_p50_firmware | - |
| lenovo | thinkcentre_s510_firmware | - |
| lenovo | thinkpad_x280_firmware | - |
| lenovo | v520t-15ikl_firmware | - |
| lenovo | thinkcentre_m93p_firmware | - |
| lenovo | thinkcentre_m6600t_firmware | - |
| lenovo | l340-17iwl_firmware | - |
| lenovo | v310z(yt_s3150)_firmware | - |
| lenovo | thinkpad_p70_firmware | - |
| lenovo | v310-15isk_firmware | - |
| lenovo | v540-24iwl(yt_s5430)_firmware | - |
| lenovo | v320-14ikb_firmware | - |
| lenovo | yangtian_wcc_h81_pci_firmware | - |
| lenovo | thinkpad_l490_firmware | - |
| lenovo | 330-14ikb_firmware | - |
| lenovo | s340-15iwl_touch_firmware | - |
| lenovo | s940-14iwl_firmware | - |
| lenovo | thinkpad_x390_yoga_firmware | - |
| lenovo | thinkpad_t470_firmware | - |
| lenovo | thinkcentre_x1_aio_firmware | - |
| lenovo | thinkcentre_e75t_firmware | - |
| lenovo | 340c-15ikb_firmware | - |
| lenovo | thinkpad_10_firmware | - |
| lenovo | thinkcentre_m73_tiny_firmware | - |
| lenovo | xiaoxin_air_15iwl_firmware | - |
| lenovo | thinkstation_p330_tiny_firmware | - |
| lenovo | thinkcentre_m4600t_firmware | - |
| lenovo | yoga_11e_3rd_gen_firmware | - |
| lenovo | 63_firmware | - |
| lenovo | v110-14ikb_firmware | - |
| lenovo | thinkpad_e560p_firmware | - |
| lenovo | thinkpad_l560_firmware | - |
| lenovo | thinkcentre_m920t_firmware | - |
| lenovo | s340-14iwl_touch_firmware | - |
| lenovo | thinksystem_hr630x_(skl)_firmware | - |
| lenovo | thinkpad_p52s_firmware | - |
| lenovo | thinkcentre_m6500s_firmware | - |
| lenovo | h50-30g_desktop_firmware | - |
| lenovo | yangtian_ws_h81_firmware | - |
A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| psirt@lenovo.com | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H | 1.3 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-665,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m910s_firmware | * |
| lenovo | thinkcentre_m8300z_firmware | * |
| lenovo | ideacentre_310s-08igm_firmware | * |
| lenovo | qt_m415_firmware | * |
| lenovo | thinkcentre_m710s_firmware | * |
| lenovo | thinkcentre_s510_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m7300z_firmware | * |
| lenovo | aio_330-20ast_firmware | * |
| lenovo | thinkcentre_m820z_firmware | * |
| lenovo | thinkcentre_m4500k_desktop_firmware | * |
| lenovo | yangtian_mc_h110_firmware | * |
| lenovo | qitian_4500_desktop_firmware | * |
| lenovo | thinkstation_p700_firmware | * |
| lenovo | v410z_firmware | * |
| lenovo | thinkstation_p300_firmware | * |
| lenovo | aio520-24arr_firmware | * |
| lenovo | qt_b415_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | thinkcentre_m93_firmware | * |
| lenovo | yangtian_mc_h110_pci_firmware | * |
| lenovo | thinkcentre_m910q_firmware | * |
| lenovo | thinkcentre_m9500z_firmware | * |
| lenovo | yangtian_mf_h81_pci_desktop_firmware | * |
| lenovo | legion_c530-19icb_firmware | * |
| lenovo | thinkcentre_e93_firmware | * |
| lenovo | thinkstation_p500_firmware | * |
| lenovo | legion_t530-28apr_reflash_firmware | * |
| lenovo | thinkcentre_m6600s_firmware | * |
| lenovo | qitian_m4550_desktop_firmware | * |
| lenovo | v540-24iwl_firmware | * |
| lenovo | thinkcentre_m83_firmware | * |
| lenovo | aio_520-24ast_firmware | * |
| lenovo | qt_m410_firmware | * |
| lenovo | thinkcentre_m8350z_firmware | * |
| lenovo | ideacentre_510a-15icb_firmware | * |
| lenovo | thinkcentre_m6500t_firmware | * |
| lenovo | thinkcentre_m910t_firmware | * |
| lenovo | yangtian_wcc_h81_pci_desktop_firmware | * |
| lenovo | thinkcentre_m73_tiny_firmware | * |
| lenovo | thinkcentre_e95z_firmware | * |
| lenovo | yangtian_mc_h81_desktop_firmware | * |
| lenovo | thinkcentre_m715q_firmware | * |
| lenovo | ideacentre_720-18apr_firmware | * |
| lenovo | yangtian_wf_h110_pci_firmware | * |
| lenovo | thinkcentre_e96z_firmware | * |
| lenovo | v310z_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | qitian_b4550_desktop_firmware | * |
| lenovo | thinkcentre_m710e_firmware | * |
| lenovo | v520s-08ikl_firmware | * |
| lenovo | thinkcentre_m8500s_firmware | * |
| lenovo | yangtian_ws_h81_desktop_firmware | * |
| lenovo | legion_t530-28icb_reflash_firmware | * |
| lenovo | ideacentre_700_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m700t_firmware | * |
| lenovo | thinkstation_p720_firmware | * |
| lenovo | thinkcentre_m79_firmware | * |
| lenovo | thinkstation_p910_firmware | * |
| lenovo | lenovo_v330-15igm_firmware | * |
| lenovo | lenovo_63_desktop_firmware | * |
| lenovo | m4550_id_desktop_firmware | * |
| lenovo | thinkcentre_m9550z_firmware | * |
| lenovo | yangtian_afq150_firmware | * |
| lenovo | thinkcentre_m715s_firmware | * |
| lenovo | thinkcentre_m4500q_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkcentre_m715q_rr_firmware | * |
| lenovo | thinkcentre_m800z_firmware | * |
| lenovo | thinkcentre_m6600t_firmware | * |
| lenovo | a340-22ast_firmware | * |
| lenovo | thinkcentre_m4600s_firmware | * |
| lenovo | aio520-24iku_firmware | * |
| lenovo | thinkcentre_e75s_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m910x_firmware | * |
| lenovo | thinkcentre_e74z_firmware | * |
| lenovo | a340-22_iwl_firmware | * |
| lenovo | m4500_desktop_firmware | * |
| lenovo | thinkstation_c30_refresh_firmware | * |
| lenovo | thinkcenter_m700z_firmware | * |
| lenovo | thinkcentre_m910z_firmware | * |
| lenovo | thinkcentre_m8500t_firmware | * |
| lenovo | yogo_a940-27icb_firmware | * |
| lenovo | thinkstation_p310_firmware | * |
| lenovo | 510-15ikl_firmware | * |
| lenovo | yangtian_ms_h81_desktop_firmware | * |
| lenovo | v530-22icb_firmware | * |
| lenovo | thinkstation_p510_firmware | * |
| lenovo | thinkcentre_m800_firmware | * |
| lenovo | thinkcentre_e74_firmware | * |
| lenovo | thinkcentre_m9350z_firmware | * |
| lenovo | thinkcentre_m900_firmware | * |
| lenovo | thinkcentre_m8600t_firmware | * |
| lenovo | thinkcentre_m920z_firmware | * |
| lenovo | ideacentre_720-18icb_firmware | * |
| lenovo | thinkstation_p410_firmware | * |
| lenovo | h50-30g_desktop_firmware | * |
| lenovo | yangtian_ytm6900e-00_firmware | * |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | thinkcentre_m715t_firmware | * |
| lenovo | yangtian_afh81_desktop_firmware | * |
| lenovo | legion_t530-28icb_firmware | * |
| lenovo | thinkcenter_m800z_firmware | * |
| lenovo | yangtian_wf_h81_pci_desktop_firmware | * |
| lenovo | thinkstation_p900_firmware | * |
| lenovo | thinkcentre_m8600s_firmware | * |
| lenovo | thinkstation_e32_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | legion_c730-19ico_firmware | * |
| lenovo | thinkstation_p318_firmware | * |
| lenovo | thinkcentre_m4500t_desktop_firmware | * |
| lenovo | aio520-22iku_firmware | * |
| lenovo | thinkstation_s30_refresh_firmware | * |
| lenovo | yangtian_afh110_firmware | * |
| lenovo | ideacentre_510-15icb_firmware | * |
| lenovo | thinkcentre_e73_desktop_firmware | * |
| lenovo | yangtian_we_h110_firmware | * |
| lenovo | a340-24_iwl_firmware | * |
| lenovo | thinkcentre_m83z_firmware | * |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | thinkcentre_m90n-1_firmware | * |
| lenovo | v510z_firmware | * |
| lenovo | 510s-08ikl_firmware | * |
| lenovo | legion_t730-28ico_firmware | * |
| lenovo | yangtian_tc_h81_pci_desktop_firmware | * |
| lenovo | thinkcentre_m710q_firmware | * |
| lenovo | ideacentre_730s-24ikb_firmware | * |
| lenovo | thinkcentre_m6600q_firmware | * |
| lenovo | aio520-27ikl_firmware | * |
| lenovo | yangtian_me_h110_firmware | * |
| lenovo | thinkcentre_m73_desktop_firmware | * |
| lenovo | legion_y520t_z370_firmware | * |
| lenovo | thinkcentre_e73s_desktop_firmware | * |
| lenovo | thinkcentre_m600_firmware | * |
| lenovo | v520t-15ikl_firmware | * |
| lenovo | a340-22icb_firmware | * |
| lenovo | thinkcentre_m710t_firmware | * |
| lenovo | qitian_b4650_firmware | * |
| lenovo | qt_a7400_firmware | * |
| lenovo | yta8900f_firmware | * |
| lenovo | thinkstation_p320_tiny_firmware | * |
| lenovo | thinkcentre_m610_firmware | * |
| lenovo | thinkcentre_m700s_firmware | * |
| lenovo | thinkcentre_m725s_firmware | * |
| lenovo | thinkcentre_m4600t_firmware | * |
| lenovo | thinkcentre_e75t_firmware | * |
| lenovo | thinkcentre_m6500s_firmware | * |
| lenovo | qitian_a815_firmware | * |
| lenovo | yangtian_wc_h110_pci_firmware | * |
| lenovo | qitian_m4600_firmware | * |
| lenovo | qitian_m4650_firmware | * |
| lenovo | thinkstation_p320_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkcentre_e74s_firmware | * |
| lenovo | thinkcentre_m93z_firmware | * |
| lenovo | ideacentre_310s-08asr_firmware | * |
| lenovo | thinkcentre_m700q_firmware | * |
| lenovo | thinkstation_p710_firmware | * |
| lenovo | yangtian_mf_h110_pci_firmware | * |
| lenovo | thinkcentre_x1_aio_firmware | * |
| lenovo | v530-24icb_firmware | * |
| lenovo | aio_330-20igm_firmware | * |
| lenovo | legion_t530-28apr_firmware | * |
| lenovo | yangtian_tc_h110_pci_firmware | * |
| lenovo | thinkcentre_m700z_firmware | * |
| lenovo | thinkstation_d30_refresh_firmware | * |
| lenovo | thinkcentre_m900z_firmware | * |
| lenovo | thinkcentre_m93p_firmware | * |
| lenovo | thinkcentre_m6600_firmware | * |
| lenovo | thinkstation_p330_firmware | * |
| lenovo | thinkstation_p520c_firmware | * |
| lenovo | thinkcentre_m73p_firmware | * |
| lenovo | qitian_b5900_firmware | * |
| lenovo | thinkcentre_m4500s_desktop_firmware | * |
| lenovo | a340-24icb_firmware | * |
| lenovo | m4500_id_desktop_firmware | * |
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | paper | 1.0.0.22 |
A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | power_management_driver | * |
An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| psirt@lenovo.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N | 2.1 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-611,CWE-611,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_controller | * |
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | installation_package | * |
A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | drivers_management | * |
A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-489,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_l460_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_t495s_firmware | * |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_e475_firmware | * |
| lenovo | thinkpad_r14_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | thinkpad_e570_firmware | * |
| lenovo | thinkpad_13_2nd_gen_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_t25_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkpad_a285_firmware | * |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkpad_e560p_firmware | * |
| lenovo | thinkpad_e465_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_l470_firmware | * |
| lenovo | thinkpad_e555_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_e560_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_x395_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_r490_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | thinkpad_yoga_11e_5th_gen_firmware | * |
| lenovo | thinkpad_a485_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_s3_gen_2_firmware | * |
| lenovo | thinkpad_s3_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | thinkpad_s1_3rd_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | thinkpad_s3_3rd_gen_firmware | * |
| lenovo | thinkpad_e470_firmware | * |
| lenovo | thinkpad_a275_firmware | * |
| lenovo | thinkpad_e485_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_13_firmware | * |
| lenovo | thinkpad_p1_firmware | * |
| lenovo | thinkpad_s1_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkpad_e585_firmware | * |
| lenovo | thinkpad_11e_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_a475_firmware | * |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkpad_e455_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_e575_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkpad_t495_firmware | * |
| lenovo | thinkpad_e460_firmware | * |
| lenovo | thinkpad_l1415_firmware | * |
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_s5_firmware | * |
| lenovo | thinkpad_r590_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | thinkpad_e565_firmware | * |
A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | 330-17ich_firmware | - |
| lenovo | c340-15iwl_firmware | - |
| lenovo | yoga_730-13ikb_firmware | - |
| lenovo | c340-15iml_firmware | - |
| lenovo | s145-15iwl_firmware | - |
| lenovo | 130-15ast_firmware | - |
| lenovo | 530s-14arr_firmware | - |
| lenovo | 530s-14ikb_firmware | - |
| lenovo | legion_y540-15irh_firmware | - |
| lenovo | legion_y730-17ich_firmware | - |
| lenovo | v330-15ast_firmware | - |
| lenovo | yoga_c740-14iml_firmware | - |
| lenovo | v130-14ikb_firmware | - |
| lenovo | legion_y7000p-1060_firmware | - |
| lenovo | rescuer_y7000(1060)_firmware | - |
| lenovo | 330-15ikb_firmware | - |
| lenovo | thinkstation_p700_firmware | * |
| lenovo | xiaoxin-14igm_qc_2019_firmware | - |
| lenovo | s540-14iwl_firmware | - |
| lenovo | legion_y545_pg0_firmware | - |
| lenovo | y7000_2019_1050_firmware | - |
| lenovo | e43-80_kbl_firmware | - |
| lenovo | 330c-15ikb_firmware | - |
| lenovo | s145-15igm_firmware | - |
| lenovo | 330-15ikbr_touch_firmware | - |
| lenovo | xiaoxin-13iml_firmware | - |
| lenovo | 130-14ikb_firmware | - |
| lenovo | s340-15iwl_firmware | - |
| lenovo | xiaoxin_air-14iwl_2019_firmware | - |
| lenovo | thinkstation_p500_firmware | * |
| lenovo | v130-14ast_firmware | - |
| lenovo | xiaoxin_air_14ikbr_firmware | - |
| lenovo | legion_y7000p_pg0_firmware | - |
| lenovo | l340-15api_firmware | - |
| lenovo | s530-13iml_firmware | - |
| lenovo | yoga_530-14arr_firmware | - |
| lenovo | 330-15arr_touch_firmware | - |
| lenovo | s540-15iwl_gtx_firmware | - |
| lenovo | 130-15ikb_firmware | - |
| lenovo | 330-15igm_firmware | - |
| lenovo | ideapad_5_15iil05_firmware | - |
| lenovo | lenovo_v320-17ikb_firmware | - |
| lenovo | c340-14iwl_firmware | - |
| lenovo | xiaoxin_air_15ikbr_firmware | - |
| lenovo | xx-14kb_qc_2019_firmware | - |
| lenovo | s145-14ikb_firmware | - |
| lenovo | 330c-14ikb_firmware | - |
| lenovo | xiaoxin_air-15iwl_2019_firmware | - |
| lenovo | 330-15ich_firmware | - |
| lenovo | 340c-15igm_firmware | - |
| lenovo | 330-15ikbr_firmware | - |
| lenovo | rescuer_y7000_firmware | - |
| lenovo | xiaoxin-14_2019iwl_firmware | - |
| lenovo | yoga_s740-14iil_firmware | - |
| lenovo | legion_y740-15ichg_firmware | - |
| lenovo | rescuer_y7000p(1060)_firmware | - |
| lenovo | legion_y540-17irh_firmware | - |
| lenovo | lenovo_e41-25_firmware | - |
| lenovo | legion_y530-15ich_firmware | - |
| lenovo | s340-14iwl_firmware | - |
| lenovo | thinkstation_p720_firmware | * |
| lenovo | v320-17ikbr_firmware | - |
| lenovo | legion_y7000p_2019_firmware | - |
| lenovo | c340-14api_firmware | - |
| lenovo | thinkstation_p910_firmware | * |
| lenovo | legion_y540-17_pg0_firmware | - |
| lenovo | s145-14igm_firmware | - |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | c340-15iil_firmware | - |
| lenovo | 340c-15iwl_firmware | - |
| lenovo | yoga_730-13iwl_firmware | - |
| lenovo | s340-15iml_firmware | - |
| lenovo | s540-15iwl_firmware | - |
| lenovo | l340-15iwl_touch_firmware | - |
| lenovo | c340-14iml_firmware | - |
| lenovo | ideapad_3_17iml05_firmware | - |
| lenovo | yoga_530-14ikb_firmware | - |
| lenovo | ideapad_3_15iil05_firmware | - |
| lenovo | s145-14_firmware | - |
| lenovo | l340-15api_touch_firmware | - |
| lenovo | 330-15arr_firmware | - |
| lenovo | legion_y740-15irhg_firmware | - |
| lenovo | wei5-14ikb_firmware | - |
| lenovo | yoga_c940_firmware | - |
| lenovo | legion_y740-17ichg_firmware | - |
| lenovo | thinkstation_p510_firmware | * |
| lenovo | v330-14igm_firmware | - |
| lenovo | v130-14igm_firmware | - |
| lenovo | legion_y540-15_pg0_firmware | - |
| lenovo | d335-10igm_firmware | - |
| lenovo | 330-17ikbr_firmware | - |
| lenovo | v330-14isk_firmware | - |
| lenovo | 530s-15iwl_firmware | - |
| lenovo | ideapad_3_14_firmware | - |
| lenovo | v330-14ast_firmware | - |
| lenovo | s145-14iwl_firmware | - |
| lenovo | xiaoxin-15_2019iwl_firmware | - |
| lenovo | legion_y7000_2019_firmware | - |
| lenovo | thinkstation_p410_firmware | * |
| lenovo | l340-17api_firmware | - |
| lenovo | s550-14iil_firmware | - |
| lenovo | s340-14iil_firmware | - |
| lenovo | s540-14api_firmware | - |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | s540-14iwl_touch_firmware | - |
| lenovo | legion_y730-15ich_firmware | - |
| lenovo | 720s-13arr_firmware | - |
| lenovo | e4-14arr_firmware | - |
| lenovo | thinkstation_p900_firmware | * |
| lenovo | s145-15ikb_firmware | - |
| lenovo | 330-14ikbr_firmware | - |
| lenovo | v330-14arr_firmware | - |
| lenovo | flex_6-14ikb_firmware | - |
| lenovo | v320-15ikb_firmware | - |
| lenovo | flex_6-14arr_firmware | - |
| lenovo | yoga_c740-15iml_firmware | - |
| lenovo | l340-17irh_firmware | - |
| lenovo | xiaoxin-14iwl_qc_2019_firmware | - |
| lenovo | 330-17ikb_firmware | - |
| lenovo | xiaoxin_air_14arr_firmware | - |
| lenovo | 330-14igm_firmware | - |
| lenovo | xiaoxin_air_14iwl_firmware | - |
| lenovo | legion_y530-15ich-1060_firmware | - |
| lenovo | s340-13iml_firmware | - |
| lenovo | yoga_c930_glass_firmware | - |
| lenovo | ideapad_3_15_firmware | - |
| lenovo | zhaoyang_k42-80_firmware | - |
| lenovo | 320c-15ikb_firmware | - |
| lenovo | 530s-15ikb_firmware | - |
| lenovo | l340-17iwl_firmware | - |
| lenovo | s530-13iwl_firmware | - |
| lenovo | v320-14ikb_firmware | - |
| lenovo | flex-14iwl_firmware | - |
| lenovo | l3_15iml05_firmware | - |
| lenovo | xiaoxin_air_13iwl_firmware | - |
| lenovo | 330-14ikb_firmware | - |
| lenovo | s340-15iwl_touch_firmware | - |
| lenovo | 130-14ast_firmware | - |
| lenovo | yoga_730-15iwl_firmware | - |
| lenovo | ideapad_3_14iil05_firmware | - |
| lenovo | 340c-15ikb_firmware | - |
| lenovo | xiaoxin_air_15iwl_firmware | - |
| lenovo | flex_6-1470_firmware | - |
| lenovo | yoga_720-12ikb_firmware | - |
| lenovo | lenovo_v720-14ikb_firmware | - |
| lenovo | legion_y7000_pg0_firmware | - |
| lenovo | v145-14ast_firmware | - |
| lenovo | l340-15irh_firmware | - |
| lenovo | flex-15iwl_firmware | - |
| lenovo | 530s-14iwl_firmware | - |
| lenovo | yoga_c930-13ikb_firmware | - |
| lenovo | s340-14api_firmware | - |
| lenovo | s340-15api_firmware | - |
| lenovo | legion_y545_firmware | - |
| lenovo | s340-14_firmware | - |
| lenovo | s340-14iml_firmware | - |
| lenovo | s540-14iml_firmware | - |
| lenovo | s340-14iwl_touch_firmware | - |
| lenovo | thinkstation_p710_firmware | * |
| lenovo | s540-15iml_firmware | - |
| lenovo | legion_y9000k_2019_firmware | - |
| lenovo | k43c-80_firmware | - |
| lenovo | rescuer_y7000p_firmware | - |
| lenovo | v145-15ast_firmware | - |
| lenovo | legion_y740-17irhg_firmware | - |
| lenovo | legion_y9000p_2019_firmware | - |
| lenovo | yoga_730-15ikb_firmware | - |
| lenovo | 720s-14ikbr_firmware | - |
| lenovo | d330-10igm_firmware | - |
| lenovo | thinkstation_p520c_firmware | * |
| lenovo | 330c-15ikbr_firmware | - |
| lenovo | v130-15ast_firmware | - |
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | v730-15ikb_firmware | - |
| lenovo | v130-15igm_firmware | - |
| lenovo | s540-13api_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | k22-80_firmware | - |
| lenovo | s145-14ast_firmware | - |
| lenovo | k32-80_kbl_firmware | - |
| lenovo | v110-14ast_firmware | - |
| lenovo | xx-14api_qc_2019_firmware | - |
| lenovo | s145-15ast_firmware | - |
| lenovo | v110-15ast_firmware | - |
| lenovo | 340c-15ast_firmware | - |
| lenovo | s750-iil_firmware | - |
| lenovo | 6_pro-13-iwl_firmware | - |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | e52-80_firmware | - |
| lenovo | 340c-15api_firmware | - |
| lenovo | v340-iml_firmware | - |
| lenovo | 14iwl_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | yoga_s730-13iwl_firmware | - |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | v330-15igm_firmware | - |
| lenovo | miix_720-12ikb_firmware | - |
| lenovo | v340-iil_firmware | - |
| lenovo | thinkbook_13s-iwl_firmware | - |
| lenovo | thinkbook_14s-iwl_firmware | - |
| lenovo | 6_pro-14-iwl_firmware | - |
| lenovo | k4-iwl_firmware | - |
| lenovo | 330-15ast_firmware | - |
| lenovo | e53-80_firmware | - |
| lenovo | 330-14ast_firmware | - |
| lenovo | s940-14iwl_firmware | - |
| lenovo | xiaoxin_14-ast_qc_2019_firmware | - |
| lenovo | e42-80_firmware | - |
| lenovo | k32-80_skl_firmware | - |
| lenovo | wei5-15ikb_firmware | - |
| lenovo | c640-iml_firmware | - |
| lenovo | v720-12_firmware | - |
| lenovo | v730-13ikb_firmware | - |
| lenovo | k3_firmware | - |
| lenovo | v730-13isk_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | v110-14ikb_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | v310-15igm_firmware | - |
| lenovo | 330-17ast_firmware | - |
| lenovo | v540s-13_firmware | - |
| lenovo | 730s-13iwl_firmware | - |
| lenovo | s145-14api_firmware | - |
| lenovo | s145-15api_firmware | - |
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | v730-15ikb_firmware | - |
| lenovo | thinkpad_w540_firmware | * |
| lenovo | thinkpad_l460_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_t495s_firmware | * |
| lenovo | thinkpad_t440s_firmware | * |
| lenovo | v330-15isk_firmware | - |
| lenovo | k22-80_firmware | - |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_x240s_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_t540_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_e475_firmware | * |
| lenovo | thinkpad_r14_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | v110-15ast_firmware | - |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | s750-iil_firmware | - |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | 340c-15api_firmware | - |
| lenovo | 14iwl_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | thinkpad_w541_firmware | * |
| lenovo | thinkpad_e570_firmware | * |
| lenovo | thinkpad_13_2nd_gen_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_t25_firmware | * |
| lenovo | 720s-15ikb_firmware | - |
| lenovo | thinkpad_t440_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkpad_a285_firmware | * |
| lenovo | v340-iil_firmware | - |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_w550s_firmware | * |
| lenovo | thinkpad_x1_carbon_(20ax)_firmware | * |
| lenovo | thinkpad_x1_carbon_(20bx)_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | 330-15ast_firmware | - |
| lenovo | thinkpad_e560p_firmware | * |
| lenovo | xiaoxin_14-ast_qc_2019_firmware | - |
| lenovo | thinkpad_s5_yoga_15_firmware | * |
| lenovo | thinkpad_e465_firmware | * |
| lenovo | e42-80_firmware | - |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_s1_yoga_vpro_firmware | * |
| lenovo | thinkpad_x140e_firmware | * |
| lenovo | wei5-15ikb_firmware | - |
| lenovo | c640-iml_firmware | - |
| lenovo | v730-13ikb_firmware | - |
| lenovo | thinkpad_l470_firmware | * |
| lenovo | k3_firmware | - |
| lenovo | thinkpad_e555_firmware | * |
| lenovo | thinkpad_x250_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | 330-17ast_firmware | - |
| lenovo | v540s-13_firmware | - |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | thinkpad_e560_firmware | * |
| lenovo | s145-14api_firmware | - |
| lenovo | s145-15api_firmware | - |
| lenovo | thinkpad_e480_firmware | * |
| lenovo | v130-15igm_firmware | - |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_s540_firmware | * |
| lenovo | thinkpad_s1_yoga_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| lenovo | s540-13api_firmware | - |
| lenovo | s145-14ast_firmware | - |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_x395_firmware | * |
| lenovo | k32-80_kbl_firmware | - |
| lenovo | v110-14ast_firmware | - |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | xx-14api_qc_2019_firmware | - |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | s145-15ast_firmware | - |
| lenovo | thinkpad_r490_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | thinkpad_yoga_11e_5th_gen_firmware | * |
| lenovo | 340c-15ast_firmware | - |
| lenovo | thinkpad_a485_firmware | * |
| lenovo | 6_pro-13-iwl_firmware | - |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_s3_gen_2_firmware | * |
| lenovo | thinkpad_s3_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | 720s_touch-15ikb_firmware | - |
| lenovo | thinkpad_s1_3rd_firmware | * |
| lenovo | e52-80_firmware | - |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | v340-iml_firmware | - |
| lenovo | thinkpad_x1_carbon_firmware | * |
| lenovo | thinkpad_s3_3rd_gen_firmware | * |
| lenovo | thinkpad_e470_firmware | * |
| lenovo | yoga_s730-13iwl_firmware | - |
| lenovo | thinkpad_a275_firmware | * |
| lenovo | v330-15igm_firmware | - |
| lenovo | miix_720-12ikb_firmware | - |
| lenovo | thinkpad_e485_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| lenovo | thinkpad_t540p_firmware | * |
| lenovo | thinkbook_13s-iwl_firmware | - |
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkbook_14s-iwl_firmware | - |
| lenovo | thinkpad_13_firmware | * |
| lenovo | thinkpad_p1_firmware | * |
| lenovo | 6_pro-14-iwl_firmware | - |
| lenovo | thinkpad_s1_firmware | * |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | k4-iwl_firmware | - |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | e53-80_firmware | - |
| lenovo | thinkpad_e585_firmware | * |
| lenovo | 330-14ast_firmware | - |
| lenovo | thinkpad_11e_firmware | * |
| lenovo | s940-14iwl_firmware | - |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_a475_firmware | * |
| lenovo | k32-80_skl_firmware | - |
| lenovo | thinkpad_s2_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkpad_e455_firmware | * |
| lenovo | thinkpad_yoga_11e_(20dx)_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | v720-12_firmware | - |
| lenovo | thinkpad_t550_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | v730-13isk_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | v110-14ikb_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | v310-15igm_firmware | - |
| lenovo | thinkpad_x240_firmware | * |
| lenovo | thinkpad_e575_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkpad_t495_firmware | * |
| lenovo | thinkpad_e460_firmware | * |
| lenovo | thinkpad_l1415_firmware | * |
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_s5_firmware | * |
| lenovo | thinkpad_r590_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | 730s-13iwl_firmware | - |
| lenovo | thinkpad_e565_firmware | * |
A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
| psirt@lenovo.com | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N | 1.3 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-347,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | drivers_management | * |
A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| psirt@lenovo.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lj6700dn_firmware | * |
| lenovo | m8960dnf_firmware | * |
| lenovo | lj4010dn_firmware | * |
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| psirt@lenovo.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lj6700dn_firmware | * |
| lenovo | m8960dnf_firmware | * |
| lenovo | lj4010dn_firmware | * |
A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | flex_system_x440_firmware | * |
| lenovo | bladecenter_hs23e_firmware | * |
| lenovo | flex_system_x220_firmware | * |
| lenovo | system_x3650_m4_firmware | * |
| lenovo | system_x3650_m4_bd_firmware | * |
| lenovo | bladecenter_hs23_firmware | * |
| lenovo | system_x3650_m4_hd_firmware | * |
| lenovo | flex_system_x240_firmware | * |
| lenovo | idataplex_dx360_m4_water_cooled_firmware | * |
| lenovo | system_x3750_m4_firmware | * |
| lenovo | compute_node-x440_firmware | * |
| lenovo | system_x3300_m4_firmware | * |
| lenovo | nextscale_nx360_m4_firmware | * |
| lenovo | idataplex_dx360_m4_firmware | * |
| lenovo | system_x3530_m4_firmware | * |
| lenovo | system_x3500_m4_firmware | * |
| lenovo | system_x3550_m4_firmware | * |
| lenovo | system_x3630_m4_firmware | * |
A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | m4550_firmware | * |
| lenovo | qitian_m4550_firmware | * |
| lenovo | thinkcentre_m9350z_firmware | * |
| lenovo | yangtian_mc_h81_firmware | * |
| lenovo | 63_firmware | * |
| lenovo | yangtian_wcc_h81_pci_firmware | * |
| lenovo | qitian_b4550_firmware | * |
| lenovo | yangtian_afh81_firmware | * |
| lenovo | thinkstation_p300_firmware | * |
| lenovo | thinkcentre_m4500q_firmware | * |
| lenovo | thinkcentre_e73_firmware | * |
| lenovo | thinkcentre_m4500k_firmware | * |
| lenovo | thinkstation_d30_firmware | * |
| lenovo | thinkstation_s30_firmware | * |
| lenovo | m4500_firmware | * |
| lenovo | thinkcentre_m93z_firmware | * |
| lenovo | thinkstation_e32_firmware | * |
| lenovo | thinkcentre_e93_firmware | * |
| lenovo | qitian_4500_firmware | * |
| lenovo | thinkstation_c30_firmware | * |
| lenovo | thinkcentre_m4500s_firmware | * |
| lenovo | yangtian_mf_h81_pci_firmware | * |
| lenovo | yangtian_wf_h81_pci_firmware | * |
| lenovo | yangtian_tc_h81_pci_firmware | * |
| lenovo | h50-30g_firmware | * |
| lenovo | thinkcentre_e73s_firmware | * |
| lenovo | thinkcentre_m4500t_firmware | * |
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 0.9 | 5.2 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-754,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_t495s_firmware | - |
| lenovo | thinkpad_x395_firmware | - |
| lenovo | thinkpad_a285_firmware | - |
| lenovo | thinkpad_a475_firmware | - |
| lenovo | thinkpad_t495_firmware | - |
| lenovo | thinkpad_a485_firmware | - |
| lenovo | thinkpad_a275_firmware | - |
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 0.9 | 5.2 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_a275_firmware | * |
| lenovo | thinkpad_x1_carbon_(20bx)_firmware | * |
| lenovo | thinkpad_t495s_jazz_firmware | * |
| lenovo | thinkpad_a475_firmware | * |
| lenovo | thinkpad_a285_firmware | * |
| lenovo | thinkpad_a485_firmware | * |
| lenovo | thinkpad_x395_firmware | * |
| lenovo | thinkpad_t495_drift_firmware | * |
Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_extreme_(20mx)_firmware | * |
| lenovo | thinkpad_p53_(20qx)_firmware | * |
| lenovo | thinkpad_x1_yoga_(20sx)_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_t490_(20rx)_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x390_(20qx)_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_x1_yoga_(20qx)_firmware | * |
| lenovo | thinkpad_x1_extreme_(20qx)_firmware | * |
| lenovo | thinkpad_x1_carbon_(20qx)_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_r14_firmware | * |
| lenovo | thinkpad_r490_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | thinkpad_s3_gen_2_firmware | * |
| lenovo | thinkpad_s3_firmware | * |
| lenovo | thinkpad_p53s_(20nx)_firmware | * |
| lenovo | thinkpad_t490_(20qx)_firmware | * |
| lenovo | thinkpad_p52_(20mx)_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_p1_(20qx)_firmware | * |
| lenovo | thinkpad_t490_(20nx)_firmware | * |
| lenovo | thinkpad_l1415_gen_1_firmware | * |
| lenovo | thinkpad_t590_(20nx)_firmware | * |
| lenovo | thinkpad_p72_(20mx)_firmware | * |
| lenovo | thinkpad_s2_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_p73_(20qx)_firmware | * |
| lenovo | thinkpad_p43s_(20rx)_firmware | * |
| lenovo | thinkpad_x390_(20sx)_firmware | * |
| lenovo | thinkpad_r590_firmware | * |
| lenovo | thinkpad_p1_(20mx)_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_t490s_(20nx)_firmware | * |
| lenovo | thinkpad_x1_carbon_(20rx)_firmware | * |
| lenovo | thinkpad_l13_1st_gen_firmware | * |
A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-426,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | diagnostics | * |
A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| psirt@lenovo.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | integrated_management_module_2 | * |
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.4 | LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 0.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_t590_(20nx)_firmware | * |
| lenovo | thinkpad_x1_yoga_(20qx)_firmware | * |
| lenovo | thinkpad_t490_(20qx)_firmware | * |
| lenovo | thinkpad_x390_(20sx)_firmware | * |
| lenovo | thinkpad_x1_carbon_(20qx)_firmware | * |
| lenovo | thinkpad_t490s_(20nx)_firmware | * |
| lenovo | thinkpad_t490_(20rx)_firmware | * |
| lenovo | thinkpad_t490_(20nx)_firmware | * |
| lenovo | thinkpad_x390_(20qx)_firmware | * |
| lenovo | thinkpad_t495_drift_firmware | * |
A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardware_scan | * |
A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | enterprise_network_disk | 6.1 |
A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | enterprise_network_disk | 6.1 |
An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | cloud_networking_operating_system | * |
An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| psirt@lenovo.com | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_stack_wireless_router_firmware | * |
A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 2.4 | LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 0.9 | 1.4 |
| nvd@nist.gov | 2.4 | LOW | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 0.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-358,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m4500t_firmware | - |
| lenovo | yangtian_mf_firmware | - |
| lenovo | yangtian_ms_firmware | - |
| lenovo | yangtian_afh81_firmware | - |
| lenovo | thinkcentre_m4500k_firmware | - |
| lenovo | thinkcentre_m73_firmware | - |
| lenovo | yangtian_wcc_h81_pci_firmware | - |
| lenovo | thinkcentre_e73_firmware | - |
| lenovo | yangtian_mc_h81_firmware | - |
| lenovo | yangtian_wf_h81_pci_firmware | - |
| lenovo | yangtian_tc_firmware | - |
| lenovo | qitian_m4550_firmware | - |
| lenovo | thinkcentre_m4500s_firmware | - |
| lenovo | qitian_4500_firmware | - |
| lenovo | yangtian_ws_h81_firmware | - |
| lenovo | qitian_b4550_firmware | - |
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkstation_p340t_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p330t_firmware | * |
| lenovo | thinkcentre_m920z_firmware | * |
| lenovo | thinkstation_p340s_firmware | * |
| lenovo | thinkstation_p330s_firmware | * |
| lenovo | thinkcentre_m910z_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-367,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | notebook_firmware | - |
An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_orchestrator | * |
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| psirt@lenovo.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_orchestrator | * |
A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | bios | - |
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 0.9 | 3.6 |
| psirt@lenovo.com | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-693,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | v130-15igm_firmware | - |
| lenovo | thinkpad_t550_firmware | n11et53w |
| lenovo | ideacentre_aio_5-24imb05_firmware | * |
| lenovo | thinkpad_w550s_firmware | n11et53w |
| lenovo | ideapad_slim_1-14ast-05_firmware | - |
| lenovo | yoga_s940-14iwl_firmware | - |
| lenovo | ideapad_slim_1-11ast-05_firmware | - |
| lenovo | ideapad_s940-14iwl_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | 730s-13iml_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | thinkpad_yoga_15_firmware | n19et65w |
| lenovo | ideapad_1-14igl05_firmware | - |
| lenovo | yoga_s940-14iil_firmware | - |
| lenovo | ideapad_s940-14iil_firmware | - |
| lenovo | yoga_s730-13iml_firmware | - |
| lenovo | ideacentre_aio_5-74imb05_firmware | * |
| lenovo | thinkpad_x1_carbon_3rd_gen_firmware | n14et55w |
| lenovo | ideapad_1-11igl05_firmware | - |
| lenovo | thinkpad_helix_firmware | n17etb4w |
| lenovo | thinkpad_x250_firmware | n10et62w |
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | power_management_driver | * |
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H | 0.6 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | power_management_driver | * |
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
| psirt@lenovo.com | 4.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_controller | 2.14_psi338i |
| lenovo | xclarity_controller | 1.10_tgbt12q |
| lenovo | xclarity_controller | 4.40_tei3b2p |
| lenovo | xclarity_controller | 6.00_cdi370q |
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H | 0.9 | 5.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideacentre_310s-08igm_firmware | * |
| lenovo | ideacentre_510s-07icb_firmware | * |
| lenovo | thinkcentre_m710s_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkcentre_qt_b415_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | ideacentre_c5-14mb05_firmware | * |
| lenovo | thinkcentre_m820z_firmware | * |
| lenovo | thinkcentre_m70a_gen_2_firmware | * |
| lenovo | thinkcentre_m720e_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m60e_tiny_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | v530-15arr_firmware | * |
| lenovo | thinkstation_p340_tiny_firmware | * |
| lenovo | v50t-13imb_g2_firmware | * |
| lenovo | v520s_firmware | * |
| lenovo | thinkcentre_qt_m410_firmware | * |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | v55t-15api_firmware | * |
| lenovo | thinkcentre_qt_m415_firmware | * |
| lenovo | ideacentre_510a-15arr_firmware | * |
| lenovo | thinkcentre_e75_t/s_firmware | * |
| lenovo | thinkcentre_m710e_firmware | * |
| lenovo | thinkcentre_m710t_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | thinkstation_p720_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | ideacentre_510s-07ick_firmware | * |
| lenovo | v530s-07icr_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | v530-15icr_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | v330_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkstation_p340_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | v520_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkstation_p520c_firmware | * |
A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_extreme_gen_3_firmware | * |
| lenovo | thinkpad_e15_gen_3_firmware | * |
| lenovo | thinkpad_l460_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_11e_4th_gen_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_p14s_gen_1_firmware | * |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_t15_gen_2_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | * |
| lenovo | thinkpad_l390_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | v130-15igm_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_p15v_gen_1_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_x1_yoga_gen_5_firmware | * |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | v330-15ikb_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | thinkpad_10_firmware | * |
| lenovo | thinkpad_p15s_gen_2_firmware | * |
| lenovo | thinkpad_x1_nano_gen_1_firmware | * |
| lenovo | thinkpad_e570_firmware | * |
| lenovo | thinkpad_t14_gen_1_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_yoga_15_firmware | * |
| lenovo | thinkpad_p15s_gen_1_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_7_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_w550s_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkpad_l13_gen_2_firmware | * |
| lenovo | thinkpad_l15_gen_2_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_3_firmware | * |
| lenovo | thinkpad_13_gen_2_firmware | * |
| lenovo | thinkpad_l470_firmware | * |
| lenovo | ideapad_s940-14iwl_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_kabylake_firmware | * |
| lenovo | thinkpad_e14_gen_3_firmware | * |
| lenovo | thinkpad_x250_firmware | * |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_s2_gen_6_firmware | * |
| lenovo | thinkpad_t14s_gen_2_firmware | * |
| lenovo | thinkpad_x1_carbon_3rd_gen_firmware | * |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | thinkpad_p14s_gen_2_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_2_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_s540_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_skylake_firmware | * |
| lenovo | thinkpad_t15_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| lenovo | ideapad_yoga_s940-14iwl_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_6_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | v330-15isk_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_t14s_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | thinkpad_x1_yoga_1st_gen_firmware | * |
| lenovo | thinkpad_yoga_11e_5th_gen_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_8_firmware | * |
| lenovo | thinkpad_x1_titanium_firmware | * |
| lenovo | thinkpad_x1_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_t15p_gen_1_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | * |
| lenovo | thinkpad_e470_firmware | * |
| lenovo | thinkpad_x1_extreme_2nd_firmware | * |
| lenovo | thinkpad_t15g_gen_1_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| lenovo | thinkpad_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p17_gen_1_firmware | * |
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_p1_firmware | * |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkpad_e15_gen_2_firmware | * |
| lenovo | thinkpad_p1_gen_2_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_x13_gen_2_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkpad_p15_gen_1_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | thinkpad_25_firmware | * |
| lenovo | thinkpad_t550_firmware | * |
| lenovo | thinkpad_e14_gen_2_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_p1_gen_3_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_x1_fold_gen_1_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkpad_l13_yoga_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | thinkpad_x1_carbon_4th_gen_firmware | * |
| lenovo | thinkpad_x13_gen_1_firmware | * |
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-636,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_flex_5-14alc05_firmware | - |
| lenovo | v130-15igm_firmware | - |
| lenovo | ideapad_1-14ada05_firmware | fqcn19ww |
| lenovo | ideapad_slim_1-14ast-05_firmware | - |
| lenovo | ideapad_slim_1-11ast-05_firmware | - |
| lenovo | v130-15ikb_firmware | - |
| lenovo | ideapad_s940-14iwl_firmware | - |
| lenovo | v330-15isk_firmware | - |
| lenovo | v330-15ikb_firmware | - |
| lenovo | ideapad_1-11ada05_firmware | fqcn19ww |
| lenovo | ideapad_yoga_s730-13iml_firmware | - |
| lenovo | ideapad_1-14igl05_firmware | - |
| lenovo | ideapad_yoga_c940-15irh_firmware | - |
| lenovo | 300e_2nd_gen_firmware | - |
| lenovo | ideapad_s940-14iil_firmware | - |
| lenovo | ideapad_flex_5-15alc05_firmware | - |
| lenovo | ideapad_730-13iml_firmware | - |
| lenovo | ideapad_1-11igl05_firmware | - |
| lenovo | ideapad_yoga_s940-14iil_firmware | - |
| lenovo | ideapad_yoga_s940-14iwl_firmware | - |
| lenovo | 100e_2nd_gen_firmware | - |
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 0.7 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_camera_x3_firmware | * |
| lenovo | smart_camera_c2e_firmware | * |
| lenovo | smart_camera_x5_firmware | * |
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 9.4 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H | 3.9 | 5.5 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-285,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_camera_x3_firmware | * |
| lenovo | smart_camera_c2e_firmware | * |
| lenovo | smart_camera_x5_firmware | * |
A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_camera_x3_firmware | * |
| lenovo | smart_camera_c2e_firmware | * |
| lenovo | smart_camera_x5_firmware | * |
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-347,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | drivers_management | * |
A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 0.9 | 3.6 |
| psirt@lenovo.com | 4.3 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 0.7 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-232,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_l15_gen_1_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_11e_4th_gen_celeron_firmware | * |
| lenovo | thinkpad_l13_gen_2_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | * |
| lenovo | thinkpad_l390_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i7_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | thinkpad_l14_gen_1_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_11e_5th_gen_firmware | * |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_13_gen_2_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i3_firmware | * |
| lenovo | thinkpad_l13_yoga_firmware | * |
| lenovo | thinkpad_s2_gen_6_firmware | * |
| lenovo | thinkpad_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i5_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m800_firmware | * |
| lenovo | thinkstation_p900_firmware | * |
| lenovo | thinkcentre_m93_firmware | * |
| lenovo | thinkcentre_m73_firmware | * |
| lenovo | thinkcentre_m900_firmware | * |
| lenovo | thinkcentre_e93_firmware | * |
| lenovo | thinkstation_p500_firmware | * |
| lenovo | thinkcentre_x1_firmware | * |
| lenovo | thinkcentre_m600_firmware | * |
| lenovo | thinkcentre_m8500t/s_firmware | * |
| lenovo | thinkcentre_m83_firmware | * |
| lenovo | thinkcentre_m93p_firmware | * |
| lenovo | thinkstation_p700_firmware | * |
| lenovo | thinkcentre_m6500t/s_firmware | * |
| lenovo | thinkcentre_m73p_firmware | * |
| lenovo | thinkstation_p300_firmware | * |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | thinkcentre_m900x_firmware | * |
| lenovo | thinkcentre_m4500q_firmware | * |
| lenovo | thinkcentre_m700_tiny_firmware | * |
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-276,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | legion_phone_pro_(l79031)firmware | * |
| lenovo | legion_phone2_pro_(l70081)_firmware | * |
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H | 1.3 | 3.6 |
| nvd@nist.gov | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H | 1.3 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_extreme_gen_3_firmware | * |
| lenovo | thinkpad_e15_gen_3_firmware | * |
| lenovo | thinkpad_l460_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_11e_4th_gen_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_p14s_gen_1_firmware | * |
| lenovo | thinkpad_t480_firmware | * |
| lenovo | thinkpad_t15_gen_2_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | * |
| lenovo | thinkpad_l390_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_t490_firmware | * |
| lenovo | v130-15igm_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_p15v_gen_1_firmware | * |
| lenovo | thinkpad_t460s_firmware | * |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_yoga_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p53s_firmware | * |
| lenovo | thinkpad_x1_yoga_gen_5_firmware | * |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | v330-15ikb_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_p72_firmware | * |
| lenovo | thinkpad_yoga_11e_4th_gen_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | thinkpad_10_firmware | * |
| lenovo | thinkpad_p15s_gen_2_firmware | * |
| lenovo | thinkpad_x1_nano_gen_1_firmware | * |
| lenovo | thinkpad_e570_firmware | * |
| lenovo | thinkpad_t14_gen_1_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_yoga_15_firmware | * |
| lenovo | thinkpad_p15s_gen_1_firmware | * |
| lenovo | thinkpad_p71_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_7_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_yoga_370_firmware | * |
| lenovo | thinkpad_t590_firmware | * |
| lenovo | thinkpad_p51_firmware | * |
| lenovo | thinkpad_w550s_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | * |
| lenovo | thinkpad_p43s_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkpad_l13_gen_2_firmware | * |
| lenovo | thinkpad_l15_gen_2_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_3_firmware | * |
| lenovo | thinkpad_13_gen_2_firmware | * |
| lenovo | thinkpad_l470_firmware | * |
| lenovo | ideapad_s940-14iwl_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_kabylake_firmware | * |
| lenovo | thinkpad_e14_gen_3_firmware | * |
| lenovo | thinkpad_x250_firmware | * |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_s2_gen_6_firmware | * |
| lenovo | thinkpad_t14s_gen_2_firmware | * |
| lenovo | thinkpad_x1_carbon_3rd_gen_firmware | * |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | thinkpad_p14s_gen_2_firmware | * |
| lenovo | thinkpad_e480_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_2_firmware | * |
| lenovo | thinkpad_l580_firmware | * |
| lenovo | thinkpad_p52_firmware | * |
| lenovo | thinkpad_s540_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_skylake_firmware | * |
| lenovo | thinkpad_t15_firmware | * |
| lenovo | thinkpad_t490s_firmware | * |
| lenovo | ideapad_yoga_s940-14iwl_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_6_firmware | * |
| lenovo | thinkpad_t470p_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | v330-15isk_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_t14s_firmware | * |
| lenovo | thinkpad_x1_tablet_firmware | * |
| lenovo | thinkpad_x1_yoga_1st_gen_firmware | * |
| lenovo | thinkpad_yoga_11e_5th_gen_firmware | * |
| lenovo | thinkpad_e580_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | thinkpad_x1_carbon_gen_8_firmware | * |
| lenovo | thinkpad_x1_titanium_firmware | * |
| lenovo | thinkpad_x1_yoga_3rd_gen_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_t15p_gen_1_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | * |
| lenovo | thinkpad_e470_firmware | * |
| lenovo | thinkpad_x1_extreme_2nd_firmware | * |
| lenovo | thinkpad_t15g_gen_1_firmware | * |
| lenovo | thinkpad_x1_extreme_firmware | * |
| lenovo | thinkpad_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_p17_gen_1_firmware | * |
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_p1_firmware | * |
| lenovo | thinkpad_t440p_firmware | * |
| lenovo | thinkpad_t460p_firmware | * |
| lenovo | thinkpad_e15_gen_2_firmware | * |
| lenovo | thinkpad_p1_gen_2_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_x13_gen_2_firmware | * |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_l480_firmware | * |
| lenovo | thinkpad_p15_gen_1_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | thinkpad_25_firmware | * |
| lenovo | thinkpad_t550_firmware | * |
| lenovo | thinkpad_e14_gen_2_firmware | * |
| lenovo | thinkpad_t480s_firmware | * |
| lenovo | thinkpad_p1_gen_3_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_x1_fold_gen_1_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkpad_l13_yoga_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | thinkpad_x1_carbon_4th_gen_firmware | * |
| lenovo | thinkpad_x13_gen_1_firmware | * |
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | antilles | * |
A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_l380_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | * |
| lenovo | thinkpad_l15_gen_1_firmware | * |
| lenovo | thinkpad_t460_firmware | * |
| lenovo | thinkpad_11e_4th_gen_celeron_firmware | * |
| lenovo | thinkpad_l13_gen_2_firmware | * |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | * |
| lenovo | thinkpad_l390_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i7_firmware | * |
| lenovo | thinkpad_l14_gen_1_firmware | * |
| lenovo | thinkpad_l380_yoga_firmware | * |
| lenovo | thinkpad_l390_yoga_firmware | * |
| lenovo | thinkpad_x380_yoga_firmware | * |
| lenovo | thinkpad_11e_5th_gen_firmware | * |
| lenovo | thinkpad_l13_firmware | * |
| lenovo | thinkpad_11e_yoga_gen_6_firmware | * |
| lenovo | thinkpad_13_gen_2_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_x1_fold_gen_1_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i3_firmware | * |
| lenovo | thinkpad_l13_yoga_firmware | * |
| lenovo | thinkpad_s2_gen_6_firmware | * |
| lenovo | thinkpad_11e_3rd_gen_firmware | * |
| lenovo | thinkpad_s5_2nd_gen_firmware | * |
| lenovo | thinkpad_11e_4th_gen_i5_firmware | * |
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| psirt@lenovo.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-288,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinksystem_d2_enclosure_firmware | * |
| ibm | nextscale_fan_power_controller_firmware | * |
| lenovo | thinkagile_vx_enclosure_firmware | * |
| lenovo | nextscale_n1200_enclosure_firmware | * |
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| psirt@lenovo.com | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-288,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinksystem_d2_enclosure_firmware | * |
| ibm | nextscale_fan_power_controller_firmware | * |
| lenovo | thinkagile_vx_enclosure_firmware | * |
| lenovo | nextscale_n1200_enclosure_firmware | * |
A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_controller | * |
A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-367,CWE-367,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_interface_foundation | * |
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | legion_5-15ach6h_firmware | * |
| lenovo | ideapad_gaming_3-15arh05_firmware | * |
| lenovo | s145-15ast_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | - |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | ideapad_5-15are05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_firmware | * |
| lenovo | s145-15iil_firmware | * |
| lenovo | s145-14api_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | v15-ada_firmware | * |
| lenovo | legion_y545-pg0_firmware | * |
| lenovo | legion_y540-17irh-pg0_firmware | * |
| lenovo | legion_5_pro-16ach6_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | legion_y7000-2019_firmware | * |
| lenovo | yoga_slim_7_pro-14arh5_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_3-14ada05_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | - |
| lenovo | ideapad_3-17ada6_firmware | * |
| lenovo | s145-14igm_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | legion_5-15ach6a_firmware | * |
| lenovo | yoga_7-14acn6_firmware | * |
| lenovo | v340-17iwl_firmware | * |
| lenovo | legion_7-16achg6_firmware | * |
| lenovo | s145-15igm_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | l340-15iwl_firmware | * |
| lenovo | legion_5-17ach6_firmware | * |
| lenovo | ideapad_3-15alc6_firmware | * |
| lenovo | s145-14ast_firmware | * |
| lenovo | v14-iil_firmware | * |
| lenovo | s145-14iil_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | - |
| lenovo | ideapad_3-17itl6_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | - |
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | v14_g2-acl_firmware | * |
| lenovo | slim_9-14itl05_firmware | - |
| lenovo | yoga_slim_7_pro-14ach5_d_firmware | * |
| lenovo | yoga_c740-15iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | s145-15api_firmware | * |
| lenovo | v14-are_firmware | * |
| lenovo | s540-13api_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | yoga_c740-14iml_firmware | * |
| lenovo | ideapad_3-15ada05_firmware | * |
| lenovo | legion_s7-15ach6_firmware | * |
| lenovo | legion_5-15ach6_firmware | * |
| lenovo | v15-iil_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_3-14alc6_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-15ada6_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | legion_y540-15irh-pg0_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_3-17ada05_firmware | * |
| lenovo | l340-17iwl_firmware | * |
| lenovo | legion_y7000-2019-pg0_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | s540-13iml_firmware | - |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_o_firmware | * |
| lenovo | l3_15iml05_firmware | * |
| lenovo | v14-ada_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_od_firmware | * |
| lenovo | ideapad_3-14ada6_firmware | * |
| lenovo | ideapad_3-15are05_firmware | * |
| lenovo | l340-17irh_firmware | * |
| lenovo | v15_g2-alc_firmware | * |
| lenovo | legion_5-17ach6h_firmware | * |
| lenovo | l340-15irh_firmware | * |
| lenovo | legion_5_pro-16ach6h_firmware | * |
| lenovo | legion_y545_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | - |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_y540-17irh_firmware | * |
| lenovo | ideapad_3-17are05_firmware | * |
| lenovo | legion_y540-15irh_firmware | * |
| lenovo | yoga_c940-14iil_firmware | - |
| lenovo | ideapad_3-17alc6_firmware | * |
| lenovo | ideapad_3-14are05_firmware | * |
| lenovo | l340-15iwl_touch_firmware | * |
| lenovo | v140-15iwl_firmware | * |
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-489,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v14_g2-acl_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_d_firmware | * |
| lenovo | s145-15api_firmware | * |
| lenovo | v14-are_firmware | * |
| lenovo | s540-13api_firmware | * |
| lenovo | legion_5-15ach6h_firmware | * |
| lenovo | ideapad_gaming_3-15arh05_firmware | * |
| lenovo | s145-15ast_firmware | * |
| lenovo | ideapad_3-15ada05_firmware | * |
| lenovo | legion_5-15ach6_firmware | * |
| lenovo | v15-iil_firmware | * |
| lenovo | ideapad_3-14alc6_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-15ada6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | ideapad_5-15are05_firmware | * |
| lenovo | legion_y540-15irh-pg0_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | s145-15iil_firmware | * |
| lenovo | s145-14api_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | ideapad_3-17ada05_firmware | * |
| lenovo | v15-ada_firmware | * |
| lenovo | l340-17iwl_firmware | * |
| lenovo | legion_y7000-2019-pg0_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | legion_y545-pg0_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_y540-17irh-pg0_firmware | * |
| lenovo | legion_5_pro-16ach6_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | legion_y7000-2019_firmware | * |
| lenovo | v14-ada_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_3-14ada05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_od_firmware | * |
| lenovo | ideapad_3-17ada6_firmware | * |
| lenovo | ideapad_3-14ada6_firmware | * |
| lenovo | ideapad_3-15are05_firmware | * |
| lenovo | l340-17irh_firmware | * |
| lenovo | v15_g2-alc_firmware | * |
| lenovo | s145-14igm_firmware | * |
| lenovo | legion_5-17ach6h_firmware | * |
| lenovo | l340-15irh_firmware | * |
| lenovo | legion_5_pro-16ach6h_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | legion_y545_firmware | * |
| lenovo | legion_5-15ach6a_firmware | * |
| lenovo | v340-17iwl_firmware | * |
| lenovo | legion_7-16achg6_firmware | * |
| lenovo | s145-15igm_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_y540-17irh_firmware | * |
| lenovo | ideapad_3-17are05_firmware | * |
| lenovo | legion_y540-15irh_firmware | * |
| lenovo | l340-15iwl_firmware | * |
| lenovo | legion_5-17ach6_firmware | * |
| lenovo | ideapad_3-15alc6_firmware | * |
| lenovo | ideapad_3-17alc6_firmware | * |
| lenovo | s145-14ast_firmware | * |
| lenovo | v14-iil_firmware | * |
| lenovo | ideapad_3-14are05_firmware | * |
| lenovo | s145-14iil_firmware | * |
| lenovo | l340-15iwl_touch_firmware | * |
| lenovo | v140-15iwl_firmware | * |
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-489,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | legion_5-15ach6h_firmware | * |
| lenovo | ideapad_gaming_3-15arh05_firmware | * |
| lenovo | s145-15ast_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | - |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | ideapad_5-15are05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_firmware | * |
| lenovo | s145-15iil_firmware | * |
| lenovo | s145-14api_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | v15-ada_firmware | * |
| lenovo | legion_y545-pg0_firmware | * |
| lenovo | legion_y540-17irh-pg0_firmware | * |
| lenovo | legion_5_pro-16ach6_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | legion_y7000-2019_firmware | * |
| lenovo | yoga_slim_7_pro-14arh5_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_3-14ada05_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | - |
| lenovo | ideapad_3-17ada6_firmware | * |
| lenovo | s145-14igm_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | legion_5-15ach6a_firmware | * |
| lenovo | yoga_7-14acn6_firmware | * |
| lenovo | v340-17iwl_firmware | * |
| lenovo | legion_7-16achg6_firmware | * |
| lenovo | s145-15igm_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | l340-15iwl_firmware | * |
| lenovo | legion_5-17ach6_firmware | * |
| lenovo | ideapad_3-15alc6_firmware | * |
| lenovo | s145-14ast_firmware | * |
| lenovo | v14-iil_firmware | * |
| lenovo | s145-14iil_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | - |
| lenovo | ideapad_3-17itl6_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | - |
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | v14_g2-acl_firmware | * |
| lenovo | slim_9-14itl05_firmware | - |
| lenovo | yoga_slim_7_pro-14ach5_d_firmware | * |
| lenovo | yoga_c740-15iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | s145-15api_firmware | * |
| lenovo | v14-are_firmware | * |
| lenovo | s540-13api_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | yoga_c740-14iml_firmware | * |
| lenovo | ideapad_3-15ada05_firmware | * |
| lenovo | legion_s7-15ach6_firmware | * |
| lenovo | legion_5-15ach6_firmware | * |
| lenovo | v15-iil_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_3-14alc6_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-15ada6_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | legion_y540-15irh-pg0_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_3-17ada05_firmware | * |
| lenovo | l340-17iwl_firmware | * |
| lenovo | legion_y7000-2019-pg0_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | s540-13iml_firmware | - |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_o_firmware | * |
| lenovo | l3_15iml05_firmware | * |
| lenovo | v14-ada_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_od_firmware | * |
| lenovo | ideapad_3-14ada6_firmware | * |
| lenovo | ideapad_3-15are05_firmware | * |
| lenovo | l340-17irh_firmware | * |
| lenovo | v15_g2-alc_firmware | * |
| lenovo | legion_5-17ach6h_firmware | * |
| lenovo | l340-15irh_firmware | * |
| lenovo | legion_5_pro-16ach6h_firmware | * |
| lenovo | legion_y545_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | - |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_y540-17irh_firmware | * |
| lenovo | ideapad_3-17are05_firmware | * |
| lenovo | legion_y540-15irh_firmware | * |
| lenovo | yoga_c940-14iil_firmware | - |
| lenovo | ideapad_3-17alc6_firmware | * |
| lenovo | ideapad_3-14are05_firmware | * |
| lenovo | l340-15iwl_touch_firmware | * |
| lenovo | v140-15iwl_firmware | * |
A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideacentre_c5-14imb05_firmware | - |
| lenovo | ideacentre_aio_3-22itl6_firmware | - |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | - |
| lenovo | a540-24icb_firmware | - |
| lenovo | ideacentre_aio_3-27itl6_firmware | - |
| lenovo | thinkcentre_m800_firmware | - |
| lenovo | v540-24iwl_firmware | - |
| lenovo | thinkstation_p520_firmware | - |
| lenovo | thinkcentre_m700_tiny_firmware | - |
| lenovo | thinkcentre_x1_firmware | - |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | v410z_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | - |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | thinkcentre_m910z_firmware | - |
| lenovo | v50t-13imb_firmware | - |
| lenovo | thinkstation_p520c_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | stadia_ggp-120_firmware | - |
| lenovo | ideacentre_aio_3-24itl6_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | - |
| lenovo | thinkcentre_m70a_firmware | - |
| lenovo | ideacentre_aio_3-22ada6_firmware | - |
| lenovo | ideacentre_aio_3-24ada6_firmware | - |
| lenovo | thinkcentre_m900_firmware | - |
| lenovo | thinkcentre_m900x_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | - |
| lenovo | thinkcentre_m75n_firmware | - |
| lenovo | thinkcentre_m90a_gen2_firmware | - |
| lenovo | a540-27icb_firmware | - |
| lenovo | thinkcentre_m700_firmware | - |
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | v530-15icb_firmware | - |
| lenovo | a540-24icb_firmware | - |
| lenovo | a340-22ick_firmware | - |
| lenovo | ideacentre_aio_3-27itl6_firmware | - |
| lenovo | ideacentre_510s-07icb_firmware | - |
| lenovo | v540-24iwl_firmware | - |
| lenovo | a340-24ick_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | - |
| lenovo | v30a-22iml_firmware | - |
| lenovo | thinkcentre_m710e_firmware | - |
| lenovo | a340-24icb_firmware | - |
| lenovo | thinkcentre_m910s_firmware | - |
| lenovo | thinkcentre_m90a_(gen_2)_firmware | - |
| lenovo | v410z_firmware | - |
| lenovo | se30_firmware | - |
| lenovo | thinkcentre_m820z_firmware | - |
| lenovo | v530s-07icb_firmware | - |
| lenovo | v30a-24iml_firmware | - |
| lenovo | v520s_firmware | - |
| lenovo | thinkstation_p310_firmware | - |
| lenovo | thinkcentre_m710t_firmware | - |
| lenovo | ideacentre_aio_3-24itl6_firmware | - |
| lenovo | thinkcentre_m710s_firmware | - |
| lenovo | thinkstation_p320_firmware | - |
| lenovo | thinkcentre_m600_firmware | - |
| lenovo | ideacentre_aio_3-24ada6_firmware | - |
| lenovo | thinkcentre_m900_firmware | - |
| lenovo | thinkcentre_m900x_firmware | - |
| lenovo | thinkcentre_m75n_firmware | - |
| lenovo | v50t-13iob_g2_firmware | - |
| lenovo | thinkcentre_m720e_firmware | - |
| lenovo | v520_firmware | - |
| lenovo | ideacentre_aio_3-22itl6_firmware | - |
| lenovo | thinkcentre_m810z_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | - |
| lenovo | thinkcentre_m710q_(10yc)_firmware | - |
| lenovo | a340-22icb_firmware | - |
| lenovo | thinkcentre_m800_firmware | - |
| lenovo | ideacentre_510s-07ick_firmware | - |
| lenovo | thinkcentre_m700_tiny_firmware | - |
| lenovo | thinkcentre_m910q_firmware | - |
| lenovo | thinkcentre_m710q_firmware | - |
| lenovo | v530s-07icr_firmware | - |
| lenovo | v530-15icr_firmware | - |
| lenovo | thinkcentre_m910t_firmware | - |
| lenovo | ideacentre_5-14iob6_firmware | - |
| lenovo | thinkcentre_m70a_firmware | - |
| lenovo | ideacentre_aio_3-22ada6_firmware | - |
| lenovo | thinkcentre_m910x_firmware | - |
| lenovo | thinkstation_p320_tiny_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | - |
| lenovo | a540-27icb_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | - |
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-15are05_firmware | - |
| lenovo | slim_7-15iil05_firmware | - |
| lenovo | c340-15iml_firmware | - |
| lenovo | yoga_slim_7-15itl05_firmware | - |
| lenovo | legion_y7000-2019-pg0_firmware | - |
| lenovo | legion_y540-15irh_firmware | - |
| lenovo | duet_3-10igl5_firmware | - |
| lenovo | legion_y540-15irh-pg0_firmware | - |
| lenovo | flex-14iml_firmware | - |
| lenovo | ideapad_5_pro-14acn6_firmware | - |
| lenovo | yoga_slim_7-14iil05_firmware | - |
| lenovo | ideapad_5_pro-14itl6_firmware | - |
| lenovo | slim_7-15imh05_firmware | - |
| lenovo | v140-15iwl_firmware | - |
| lenovo | v340-17iwl_firmware | - |
| lenovo | ideapad_5-15itl05_firmware | - |
| lenovo | ideapad_gaming_3-15arh05_firmware | - |
| lenovo | thinkbook_13x_itg_firmware | - |
| lenovo | flex-15iml_firmware | - |
| lenovo | ideapad_5-14are05_firmware | - |
| lenovo | s540-14iml_touch_firmware | - |
| lenovo | thinkbook_14_g3_itl_firmware | - |
| lenovo | yoga_creator_7-15imh05_firmware | - |
| lenovo | l340-17irh_firmware | - |
| lenovo | l340-15iwl_firmware | - |
| lenovo | slim_7-15itl05_firmware | - |
| lenovo | yoga_slim_7_carbon_13itl5_firmware | - |
| lenovo | ideapad_3-17are05_firmware | - |
| lenovo | s340-13iml_firmware | - |
| lenovo | legion_y7000-2019_firmware | - |
| lenovo | l340-17iwl_firmware | - |
| lenovo | legion_y540-17irh-pg0_firmware | - |
| lenovo | yoga_slim_7-15iil05_firmware | - |
| lenovo | ideapad_5_pro-16ihu6_firmware | - |
| lenovo | ideapad_gaming_3-15imh05_firmware | - |
| lenovo | thinkbook_plus_g2_itg_firmware | - |
| lenovo | slim_7-14are05_firmware | - |
| lenovo | legion_y540-17irh_firmware | - |
| lenovo | ideapad_gaming_3-15ach6_firmware | - |
| lenovo | legion_y545-pg0_firmware | - |
| lenovo | l340-15irh_firmware | - |
| lenovo | ideapad_3-14are05_firmware | - |
| lenovo | ideapad_creator_5-15imh05_firmware | - |
| lenovo | e41-50_firmware | - |
| lenovo | s340-14api_firmware | - |
| lenovo | slim_7-14itl05_firmware | - |
| lenovo | s340-15api_firmware | - |
| lenovo | s340-15iml_firmware | - |
| lenovo | legion_y545_firmware | - |
| lenovo | yoga_slim_7-14are05_firmware | - |
| lenovo | s340-14iml_firmware | - |
| lenovo | ideapad_5-14alc05_firmware | - |
| lenovo | l340-15iwl_touch_firmware | - |
| lenovo | s540-14iml_firmware | - |
| lenovo | c340-14iml_firmware | - |
| lenovo | yoga_6-13alc6_firmware | - |
| lenovo | s540-15iml_firmware | - |
| lenovo | yoga_slim_7-14itl05_firmware | - |
| lenovo | v14-are_firmware | - |
| lenovo | s340-15api_touch_firmware | - |
| lenovo | d330-10igm_firmware | - |
| lenovo | yoga_slim_7-15imh05_firmware | - |
ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | elan_miniport_touchpad_driver | * |
An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | t2pro_firmware | * |
| lenovo | x1_firmware | * |
| lenovo | t1_firmware | * |
| lenovo | a1_firmware | * |
| lenovo | t2_firmware | * |
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | t2pro_firmware | * |
| lenovo | x1_firmware | * |
| lenovo | t1_firmware | * |
| lenovo | a1_firmware | * |
| lenovo | t2_firmware | * |
A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | t2pro_firmware | * |
| lenovo | x1_firmware | * |
| lenovo | t1_firmware | * |
| lenovo | a1_firmware | * |
| lenovo | t2_firmware | * |
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | t2pro_firmware | * |
| lenovo | x1_firmware | * |
| lenovo | t1_firmware | * |
| lenovo | a1_firmware | * |
| lenovo | t2_firmware | * |
A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
| nvd@nist.gov | 8.0 | HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.1 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | t2pro_firmware | * |
| lenovo | x1_firmware | * |
| lenovo | t1_firmware | * |
| lenovo | a1_firmware | * |
| lenovo | t2_firmware | * |
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardwarescan_addin | * |
| lenovo | diagnostics | * |
| lenovo | hardwarescan_plugin | * |
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H | 1.3 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thin_installer | * |
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_w540_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_2_firmware | * |
| lenovo | thinkpad_s540_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_skylake_firmware | * |
| lenovo | thinkpad_x1_yoga_gen_3_firmware | * |
| lenovo | thinkpad_11e_firmware | * |
| lenovo | thinkpad_x280_firmware | * |
| lenovo | thinkpad_p52s_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | thinkpad_t570_firmware | * |
| lenovo | thinkpad_11e_yoga_firmware | * |
| lenovo | thinkpad_x390_firmware | * |
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_l570_firmware | * |
| lenovo | thinkpad_t550_firmware | * |
| lenovo | thinkpad_x1_carbon_5th_gen_kabylake_firmware | * |
| lenovo | thinkpad_p51s_firmware | * |
| lenovo | thinkpad_x1_yoga_gen_2_firmware | * |
| lenovo | thinkpad_t580_firmware | * |
| lenovo | thinkpad_w541_firmware | * |
| lenovo | thinkpad_x250_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_yoga_15_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_x1_yoga_firmware | * |
| lenovo | thinkpad_x1_tablet_gen_1_firmware | * |
| lenovo | thinkpad_x1_carbon_3rd_gen_firmware | * |
| lenovo | thinkpad_x1_carbon_4th_gen_firmware | * |
| lenovo | thinkpad_helix_firmware | * |
| lenovo | thinkpad_w550s_firmware | * |
A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_fold_gen_1_firmware | * |
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | leyun | * |
A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-120,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_standby_driver | * |
A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkbook_14-iml_firmware | * |
| lenovo | thinkbook_14-iil_firmware | * |
| lenovo | thinkbook_15-iml_firmware | * |
| lenovo | thinkbook_15-iil_firmware | * |
| lenovo | yoga_c640-13iml_lte_firmware | * |
| lenovo | yoga_c640-13iml_firmware | * |
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkbook_14-iml_firmware | * |
| lenovo | thinkbook_14-iil_firmware | * |
| lenovo | thinkbook_15-iml_firmware | * |
| lenovo | thinkbook_15-iil_firmware | * |
| lenovo | yoga_c640-13iml_lte_firmware | * |
| lenovo | yoga_c640-13iml_firmware | * |
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | flex_5-14alc05_firmware | * |
| lenovo | yoga_c640-13iml_lte_firmware | * |
| lenovo | flex_5-14are05_firmware | * |
| lenovo | s145-15api_firmware | * |
| lenovo | ideapad_1-14ada05_firmware | * |
| lenovo | s540-13api_firmware | * |
| lenovo | flex_5-14iil05_firmware | * |
| lenovo | yoga_9-15imh5_firmware | * |
| lenovo | legion_s7-15imh5_firmware | * |
| lenovo | ideapad_1-11ada05_firmware | * |
| lenovo | flex_5-15iil05_firmware | * |
| lenovo | s145-15ast_firmware | * |
| lenovo | thinkbook_14-iml_firmware | * |
| lenovo | ideapad_1-14igl05_firmware | * |
| lenovo | ideapad_3-15ada05_firmware | * |
| lenovo | legion_s7-15ach6_firmware | * |
| lenovo | thinkbook_13s_g2_are_firmware | * |
| lenovo | ideapad_3-14alc6_firmware | * |
| lenovo | ideapad_3-15ada6_firmware | * |
| lenovo | thinkbook_15-iml_firmware | * |
| lenovo | 100e_2nd_gen_firmware | * |
| lenovo | ideapad_slim_1-14ast-05_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_firmware | * |
| lenovo | s145-14api_firmware | * |
| lenovo | thinkbook_16p_g2_ach_firmware | * |
| lenovo | ideapad_3-17ada05_firmware | * |
| lenovo | thinkbook_15-iil_firmware | * |
| lenovo | v15-ada_firmware | * |
| lenovo | flex_5-14itl05_firmware | * |
| lenovo | flex_5-15itl05_firmware | * |
| lenovo | ideapad_1-11igl05_firmware | * |
| lenovo | 500w_gen_3_firmware | * |
| lenovo | yoga_s940-14iil_firmware | * |
| lenovo | thinkbook_14s-iml_firmware | * |
| lenovo | yoga_slim_7_pro-14ach5_o_firmware | * |
| lenovo | v14-ada_firmware | * |
| lenovo | thinkbook_14s_g2_itl_firmware | * |
| lenovo | yoga_c940-15irh_firmware | * |
| lenovo | yoga_slim_7_pro-14arh5_firmware | * |
| lenovo | 100w_gen_3_firmware | * |
| lenovo | ideapad_5_15aba7_firmware | * |
| lenovo | 14w_gen_2_firmware | * |
| lenovo | ideapad_3-14ada05_firmware | * |
| lenovo | yoga_s730-13iml_firmware | * |
| lenovo | flex_3-11ada05_firmware | * |
| lenovo | ideapad_3-17ada6_firmware | * |
| lenovo | ideapad_3-14ada6_firmware | * |
| lenovo | 300w_gen_3_firmware | * |
| lenovo | v15_g2-alc_firmware | * |
| lenovo | ideapad_5-15alc05_firmware | * |
| lenovo | ideapad_flex_5_16alc7_firmware | * |
| lenovo | ideapad_flex_5_14alc7_firmware | * |
| lenovo | thinkbook_13s_g3_acn_firmware | * |
| lenovo | 730s-13iml_firmware | * |
| lenovo | flex_5-15alc05_firmware | * |
| lenovo | ideapad_slim_1-11ast-05_firmware | * |
| lenovo | yoga_c640-13iml_firmware | * |
| lenovo | 300e_2nd_gen_firmware | * |
| lenovo | thinkbook_13s_g2_itl_firmware | * |
| lenovo | 13w_yoga_firmware | * |
| lenovo | thinkbook_14p_g2_ach_firmware | * |
| lenovo | legion_s7-15arh5_firmware | * |
| lenovo | thinkbook_13s-iml_firmware | * |
| lenovo | thinkbook_14-iil_firmware | * |
| lenovo | ideapad_3-15alc6_firmware | * |
| lenovo | ideapad_3-17alc6_firmware | * |
| lenovo | s145-14ast_firmware | * |
| lenovo | ideapad_s940-14iil_firmware | * |
| lenovo | v130-15ikb_firmware | * |
| lenovo | v14_g2-alc_firmware | * |
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | gm266dns_firmware | * |
| lenovo | g263dns_firmware | * |
| lenovo | gm265dn_firmware | - |
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkbook_15_g3_acl_firmware | * |
| lenovo | yoga_duet_7-13itl6_firmware | * |
| lenovo | ideapad_duet_3_10igl5_firmware | * |
| lenovo | thinkbook_14_g4+_ara_firmware | * |
| lenovo | thinkbook_15_g2_itl_firmware | * |
| lenovo | thinkbook_14_g4+_iap_firmware | * |
| lenovo | thinkbook_14p_g3_arh_firmware | * |
| lenovo | yoga_slim_7_pro_16arh7_firmware | * |
| lenovo | thinkbook_16_g4+_iap_firmware | * |
| lenovo | slim_7-15imh05_firmware | * |
| lenovo | thinkbook_15_g3_itl_firmware | * |
| lenovo | ideapad_slim_7-14itl05_firmware | * |
| lenovo | thinkbook_16p_g3_arh_firmware | * |
| lenovo | slim_7-14are05_firmware | * |
| lenovo | ideapad_slim_7-14iil05_firmware | * |
| lenovo | thinkbook_14_g2_itl_firmware | * |
| lenovo | ideapad_5_pro_16arh7_firmware | * |
| lenovo | thinkbook_14s_yoga_itl_firmware | * |
| lenovo | thinkbook_13x_itg_firmware | * |
| lenovo | thinkbook_16_g4+_ara_firmware | * |
| lenovo | yoga_slim_7-15imh05_firmware | * |
| lenovo | thinkbook_plus_g2_itg_firmware | * |
| lenovo | yoga_slim_7-14iil05_firmware | * |
| lenovo | slim_7_16arh7_firmware | * |
| lenovo | d330-10igl_firmware | * |
| lenovo | thinkbook_15_gd_aba_firmware | * |
| lenovo | yoga_duet_7-13itl6-lte_firmware | * |
| lenovo | yoga_slim_7-15iil05_firmware | * |
| lenovo | thinkbook_16p_nx_arh_firmware | * |
| lenovo | thinkbook_14_g3_acl_firmware | * |
| lenovo | yoga_slim_7-14are05_firmware | * |
| lenovo | ideapad_slim_7-15iil05_firmware | * |
| lenovo | thinkbook_14_g3_itl_firmware | * |
| lenovo | thinkbook_14_g2_are_firmware | * |
| lenovo | yoga_slim_7-15itl05_firmware | * |
| lenovo | slim_7-15itl05_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | thinkbook_plus_g3_iap_firmware | * |
| lenovo | thinkbook_15p_imp_firmware | * |
| lenovo | thinkbook_15_g2_are_firmware | * |
| lenovo | yoga_duet_7-13iml05_firmware | * |
| lenovo | yoga_slim_7-14itl05_firmware | * |
| lenovo | ideapad_5_pro_16iah7_firmware | * |
| lenovo | yoga_creator_7-15imh05_firmware | * |
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | yoga_duet_7-13itl6_firmware | * |
| lenovo | ideapad_duet_3_10igl5_firmware | * |
| lenovo | thinkbook_14_g4+_ara_firmware | * |
| lenovo | thinkbook_14_g4+_iap_firmware | * |
| lenovo | ideapad_slim_7_pro_16ach6_firmware | * |
| lenovo | yoga_slim_7_pro_16arh7_firmware | * |
| lenovo | thinkbook_16_g4+_iap_firmware | * |
| lenovo | yoga_slim_7_carbon_13itl5_firmware | * |
| lenovo | yoga_slim_7-13acn05_firmware | * |
| lenovo | ideapad_5_pro_16arh7_firmware | * |
| lenovo | ideapad_5_pro-16ihu6_firmware | * |
| lenovo | thinkbook_13x_itg_firmware | * |
| lenovo | thinkbook_16_g4+_ara_firmware | * |
| lenovo | thinkbook_plus_g2_itg_firmware | * |
| lenovo | slim_7_16arh7_firmware | * |
| lenovo | d330-10igl_firmware | * |
| lenovo | yoga_duet_7-13itl6-lte_firmware | * |
| lenovo | ideapad_5_pro-16ach6_firmware | * |
| lenovo | thinkbook_16p_nx_arh_firmware | * |
| lenovo | yoga_slim_7_pro_16ach6_firmware | * |
| lenovo | thinkbook_plus_g3_iap_firmware | * |
| lenovo | s540-15iml_firmware | * |
| lenovo | yoga_duet_7-13iml05_firmware | * |
| lenovo | ideapad_creator_5-16ach6_firmware | * |
| lenovo | yoga_slim_7-13itl05_firmware | * |
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_y700-14isk_firmware | - |
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinkagile_vx_1se_certified_node_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinksystem_sd650_dwc_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkedge_se450_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_mx1021_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| psirt@lenovo.com | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | gm266dns_firmware | * |
| lenovo | g263dns_firmware | * |
| lenovo | gm265dn_firmware | - |
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | gm266dns_firmware | * |
| lenovo | g263dns_firmware | * |
| lenovo | gm265dn_firmware | - |
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinkagile_vx_1se_certified_node_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinksystem_sd650_dwc_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkedge_se450_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_mx1021_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| psirt@lenovo.com | 7.6 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | 2.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | app_store_app | * |
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | diagnostics | * |
| lenovo | hardwarescan_plugin | * |
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardwarescan_addin | * |
| lenovo | diagnostics | * |
| lenovo | hardwarescan_plugin | * |
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L | 1.8 | 4.2 |
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.0 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardware_scan_plugin | * |
| lenovo | hardware_scan_addin | * |
| lenovo | system_update_plugin | * |
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardware_scan_plugin | * |
| lenovo | hardware_scan_addin | * |
| lenovo | system_update_plugin | * |
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L | 1.8 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | hardware_scan_plugin | * |
| lenovo | hardware_scan_addin | * |
| lenovo | system_update_plugin | * |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 0.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13_gen_3_firmware | * |
| lenovo | thinkpad_t14s_gen_3_firmware | * |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v17_g3_iap_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | s540-13itl_firmware | * |
| lenovo | slim_7_prox_14iah7_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | legion_5-17imh05h_firmware | * |
| lenovo | yoga_slim_7_pro_14iah7_firmware | * |
| lenovo | v14_g3_iap_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | legion_5-15imh05_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_1-14ijl7_firmware | * |
| lenovo | yoga_7_16iap7_firmware | * |
| lenovo | ideapad_3_15iau7_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | slim_9-14itl05_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | slim_9_14iap7_firmware | * |
| lenovo | ideapad_5_15ial7_firmware | * |
| lenovo | yoga_slim_7_prox_14iah7_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_1-15ijl7_firmware | * |
| lenovo | legion_7_16iax7_firmware | * |
| lenovo | ideapad_1_15iau7_firmware | * |
| lenovo | legion_5p-15imh05h_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | ideapad_3_17iau7_firmware | * |
| lenovo | legion_5p-15imh05_firmware | * |
| lenovo | yoga_7-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_carbon_13iap7_firmware | * |
| lenovo | ideapad_5-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro_14iap7_firmware | * |
| lenovo | s14_g3_iap_firmware | * |
| lenovo | yoga_9_14iap7_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_1_14iau7_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_7_16iah7_firmware | * |
| lenovo | yoga_7-15itl5_firmware | * |
| lenovo | yoga_slim_9_14iap7_firmware | * |
| lenovo | v15_g2_ijl_firmware | * |
| lenovo | v15_g3_iap_firmware | * |
| lenovo | ideapad_1_14igl7_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | ideapad_1_15igl7_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5-15imh05h_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | ideapad_3_14iau7_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | * |
| lenovo | legion_5-17imh05_firmware | * |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | slim_7_14iap7_firmware | * |
| lenovo | yoga_7_14ial7_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | l3-15iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | thinkbook_15p_imh_firmware | * |
| lenovo | slim_7_carbon_13iap7_firmware | * |
| lenovo | v14_g2_ijl_firmware | * |
| lenovo | ideapad_3-17itl6_firmware | * |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v17_g3_iap_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | s540-13itl_firmware | * |
| lenovo | slim_7_prox_14iah7_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | legion_5-17imh05h_firmware | * |
| lenovo | yoga_slim_7_pro_14iah7_firmware | * |
| lenovo | v14_g3_iap_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | legion_5-15imh05_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_1-14ijl7_firmware | * |
| lenovo | yoga_7_16iap7_firmware | * |
| lenovo | ideapad_3_15iau7_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | slim_9-14itl05_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | slim_9_14iap7_firmware | * |
| lenovo | ideapad_5_15ial7_firmware | * |
| lenovo | yoga_slim_7_prox_14iah7_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_1-15ijl7_firmware | * |
| lenovo | legion_7_16iax7_firmware | * |
| lenovo | ideapad_1_15iau7_firmware | * |
| lenovo | legion_5p-15imh05h_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | ideapad_3_17iau7_firmware | * |
| lenovo | legion_5p-15imh05_firmware | * |
| lenovo | yoga_7-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_carbon_13iap7_firmware | * |
| lenovo | ideapad_5-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro_14iap7_firmware | * |
| lenovo | s14_g3_iap_firmware | * |
| lenovo | yoga_9_14iap7_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_1_14iau7_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_7_16iah7_firmware | * |
| lenovo | yoga_7-15itl5_firmware | * |
| lenovo | yoga_slim_9_14iap7_firmware | * |
| lenovo | v15_g2_ijl_firmware | * |
| lenovo | v15_g3_iap_firmware | * |
| lenovo | ideapad_1_14igl7_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | ideapad_1_15igl7_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5-15imh05h_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | ideapad_3_14iau7_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | * |
| lenovo | legion_5-17imh05_firmware | * |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | slim_7_14iap7_firmware | * |
| lenovo | yoga_7_14ial7_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | l3-15iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | thinkbook_15p_imh_firmware | * |
| lenovo | slim_7_carbon_13iap7_firmware | * |
| lenovo | v14_g2_ijl_firmware | * |
| lenovo | ideapad_3-17itl6_firmware | * |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v17_g3_iap_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | s540-13itl_firmware | * |
| lenovo | slim_7_prox_14iah7_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | legion_5-17imh05h_firmware | * |
| lenovo | yoga_slim_7_pro_14iah7_firmware | * |
| lenovo | v14_g3_iap_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | legion_5-15imh05_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_1-14ijl7_firmware | * |
| lenovo | yoga_7_16iap7_firmware | * |
| lenovo | ideapad_3_15iau7_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | slim_9-14itl05_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | slim_9_14iap7_firmware | * |
| lenovo | ideapad_5_15ial7_firmware | * |
| lenovo | yoga_slim_7_prox_14iah7_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_1-15ijl7_firmware | * |
| lenovo | legion_7_16iax7_firmware | * |
| lenovo | ideapad_1_15iau7_firmware | * |
| lenovo | legion_5p-15imh05h_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | ideapad_3_17iau7_firmware | * |
| lenovo | legion_5p-15imh05_firmware | * |
| lenovo | yoga_7-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_carbon_13iap7_firmware | * |
| lenovo | ideapad_5-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro_14iap7_firmware | * |
| lenovo | s14_g3_iap_firmware | * |
| lenovo | yoga_9_14iap7_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_1_14iau7_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_7_16iah7_firmware | * |
| lenovo | yoga_7-15itl5_firmware | * |
| lenovo | yoga_slim_9_14iap7_firmware | * |
| lenovo | v15_g2_ijl_firmware | * |
| lenovo | v15_g3_iap_firmware | * |
| lenovo | ideapad_1_14igl7_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | ideapad_1_15igl7_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5-15imh05h_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | ideapad_3_14iau7_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | * |
| lenovo | legion_5-17imh05_firmware | * |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | slim_7_14iap7_firmware | * |
| lenovo | yoga_7_14ial7_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | l3-15iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | thinkbook_15p_imh_firmware | * |
| lenovo | slim_7_carbon_13iap7_firmware | * |
| lenovo | v14_g2_ijl_firmware | * |
| lenovo | ideapad_3-17itl6_firmware | * |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v17_g3_iap_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | s540-13itl_firmware | * |
| lenovo | slim_7_prox_14iah7_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | legion_5-17imh05h_firmware | * |
| lenovo | yoga_slim_7_pro_14iah7_firmware | * |
| lenovo | v14_g3_iap_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | legion_5-15imh05_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_1-14ijl7_firmware | * |
| lenovo | yoga_7_16iap7_firmware | * |
| lenovo | ideapad_3_15iau7_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | slim_9-14itl05_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | slim_9_14iap7_firmware | * |
| lenovo | ideapad_5_15ial7_firmware | * |
| lenovo | yoga_slim_7_prox_14iah7_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_1-15ijl7_firmware | * |
| lenovo | legion_7_16iax7_firmware | * |
| lenovo | ideapad_1_15iau7_firmware | * |
| lenovo | legion_5p-15imh05h_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | ideapad_3_17iau7_firmware | * |
| lenovo | legion_5p-15imh05_firmware | * |
| lenovo | yoga_7-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_carbon_13iap7_firmware | * |
| lenovo | ideapad_5-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro_14iap7_firmware | * |
| lenovo | s14_g3_iap_firmware | * |
| lenovo | yoga_9_14iap7_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_1_14iau7_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_7_16iah7_firmware | * |
| lenovo | yoga_7-15itl5_firmware | * |
| lenovo | yoga_slim_9_14iap7_firmware | * |
| lenovo | v15_g2_ijl_firmware | * |
| lenovo | v15_g3_iap_firmware | * |
| lenovo | ideapad_1_14igl7_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | ideapad_1_15igl7_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5-15imh05h_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | ideapad_3_14iau7_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | * |
| lenovo | legion_5-17imh05_firmware | * |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | slim_7_14iap7_firmware | * |
| lenovo | yoga_7_14ial7_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | l3-15iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | thinkbook_15p_imh_firmware | * |
| lenovo | slim_7_carbon_13iap7_firmware | * |
| lenovo | v14_g2_ijl_firmware | * |
| lenovo | ideapad_3-17itl6_firmware | * |
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_3-14itl05_firmware | * |
| lenovo | ideapad_3-15iml05_firmware | * |
| lenovo | ideapad_3-14igl05_firmware | * |
| lenovo | v17_g3_iap_firmware | * |
| lenovo | v15_g1-iml_firmware | * |
| lenovo | v14_g2-itl_firmware | * |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | legion_5-15imh6_firmware | * |
| lenovo | s540-13itl_firmware | * |
| lenovo | slim_7_prox_14iah7_firmware | * |
| lenovo | v15_g2-itl_firmware | * |
| lenovo | legion_5-17imh05h_firmware | * |
| lenovo | yoga_slim_7_pro_14iah7_firmware | * |
| lenovo | v14_g3_iap_firmware | * |
| lenovo | ideapad_5-15iil05_firmware | * |
| lenovo | ideapad_3-15itl6_firmware | * |
| lenovo | legion_5-15imh05_firmware | * |
| lenovo | ideapad_3-14iml05_firmware | * |
| lenovo | ideapad_1-14ijl7_firmware | * |
| lenovo | yoga_7_16iap7_firmware | * |
| lenovo | ideapad_3_15iau7_firmware | * |
| lenovo | l3-15itl6_firmware | * |
| lenovo | ideapad_3-17iil05_firmware | * |
| lenovo | legion_5-15ith6h_firmware | * |
| lenovo | slim_9-14itl05_firmware | * |
| lenovo | legion_5-17ith6_firmware | * |
| lenovo | slim_9_14iap7_firmware | * |
| lenovo | ideapad_5_15ial7_firmware | * |
| lenovo | yoga_slim_7_prox_14iah7_firmware | * |
| lenovo | legion_7-16ithg6_firmware | * |
| lenovo | ideapad_1-15ijl7_firmware | * |
| lenovo | legion_7_16iax7_firmware | * |
| lenovo | ideapad_1_15iau7_firmware | * |
| lenovo | legion_5p-15imh05h_firmware | * |
| lenovo | ideapad_3-14itl6_firmware | * |
| lenovo | ideapad_gaming_3-15imh05_firmware | * |
| lenovo | legion_5-17ith6h_firmware | * |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | thinkbook_15p_g2_ith_firmware | * |
| lenovo | ideapad_3_17iau7_firmware | * |
| lenovo | legion_5p-15imh05_firmware | * |
| lenovo | yoga_7-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14itl5_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15igl05_firmware | * |
| lenovo | slim_7_pro-14ihu5_firmware | * |
| lenovo | ideapad_3-15iil05_firmware | * |
| lenovo | v17-iil_firmware | * |
| lenovo | legion_5-15ith6_firmware | * |
| lenovo | v14_g1-iml_firmware | * |
| lenovo | yoga_slim_7_carbon_13iap7_firmware | * |
| lenovo | ideapad_5-15itl05_firmware | * |
| lenovo | yoga_slim_7_pro_14iap7_firmware | * |
| lenovo | s14_g3_iap_firmware | * |
| lenovo | yoga_9_14iap7_firmware | * |
| lenovo | v14-igl_firmware | * |
| lenovo | v15-igl_firmware | * |
| lenovo | ideapad_1_14iau7_firmware | * |
| lenovo | ideapad_3-15itl05_firmware | * |
| lenovo | yoga_7_16iah7_firmware | * |
| lenovo | yoga_7-15itl5_firmware | * |
| lenovo | yoga_slim_9_14iap7_firmware | * |
| lenovo | v15_g2_ijl_firmware | * |
| lenovo | v15_g3_iap_firmware | * |
| lenovo | ideapad_1_14igl7_firmware | * |
| lenovo | s14_g2_itl_firmware | * |
| lenovo | ideapad_1_15igl7_firmware | * |
| lenovo | legion_5_pro-16ith6_firmware | * |
| lenovo | ideapad_creator_5-15imh05_firmware | * |
| lenovo | legion_5-15imh05h_firmware | * |
| lenovo | legion_5_pro-16ith6h_firmware | * |
| lenovo | ideapad_3_14iau7_firmware | * |
| lenovo | yoga_slim_7_pro-14ihu5_o_firmware | * |
| lenovo | yoga_slim_9-14itl05_firmware | * |
| lenovo | legion_5-17imh05_firmware | * |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | slim_7_14iap7_firmware | * |
| lenovo | yoga_7_14ial7_firmware | * |
| lenovo | ideapad_3-17iml05_firmware | * |
| lenovo | ideapad_3-14iil05_firmware | * |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | l3-15iml05_firmware | * |
| lenovo | v17_g2-itl_firmware | * |
| lenovo | thinkbook_15p_imh_firmware | * |
| lenovo | slim_7_carbon_13iap7_firmware | * |
| lenovo | v14_g2_ijl_firmware | * |
| lenovo | ideapad_3-17itl6_firmware | * |
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_vx2330_firmware | afe118m |
| lenovo | thinkpad_x390_yoga_firmware | n2let88w |
| lenovo | thinkpad_p1_gen_1_firmware | n2eet56w |
| lenovo | ideacentre_3_07iab7_firmware | m49kt1da |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | ideacentre_510s-07ick_firmware | m30kt26a |
| lenovo | thinkagile_vx_2u_firmware | ive178i |
| lenovo | ideacentre_5-14acn6_firmware | o5ekt21a |
| lenovo | thinkserver_rd650_firmware | 5.05.0 |
| lenovo | thinkagile_mx3520_f_firmware | ive178i |
| lenovo | thinkstation_p520_firmware | s03kt55a |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | n2het66w |
| lenovo | thinkcentre_m625q_firmware | m3skt21a |
| lenovo | thinkcentre_m75t_gen_2_firmware | m46kt2da |
| lenovo | thinkagile_vx3520-g_firmware | ive178i |
| lenovo | thinkagile_hx3320_firmware | ive178i |
| lenovo | thinksystem_sr850p_firmware | tee178i |
| lenovo | v50a-22imb_firmware | m36kt28a |
| lenovo | thinkcentre_m80t_firmware | m1ckt49a |
| lenovo | thinkagile_vx1320_firmware | ise130e |
| lenovo | thinkcentre_m75t_gen_2_firmware | m47kt24a |
| lenovo | thinkagile_hx3376_firmware | d8e128f |
| lenovo | thinkpad_p72_firmware | n2cet61w |
| lenovo | thinksystem_sr850_firmware | tee178i |
| lenovo | thinkpad_l13_firmware | r15et51w |
| lenovo | thinkpad_t15_firmware | n2xet33w |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | r1get43w |
| lenovo | ideacentre_510s-07icb_firmware | m22kt48a |
| lenovo | thinkagile_hx5521-c_firmware | ive178i |
| lenovo | thinksystem_sr590_firmware | tee178i |
| lenovo | thinkagile_vx_2u4n_firmware | tee178i |
| lenovo | thinksystem_sr570_firmware | tee178i |
| lenovo | thinkagile_hx7531_firmware | afe118m |
| lenovo | thinkagile_hx2320_firmware | ive178i |
| lenovo | thinkagile_hx7520_firmware | ive178i |
| lenovo | thinkagile_mx3530-h_firmware | afe118m |
| lenovo | thinkstation_p320_tiny_firmware | m1akt56a |
| lenovo | thinksystem_sr530_firmware | tee178i |
| lenovo | yta8900f_firmware | fwktbaa |
| lenovo | thinksystem_sr550_firmware | tee178i |
| lenovo | thinksystem_dx8200d_firmware | ive178i |
| lenovo | thinkserver_sd350_firmware | 5.05.0 |
| lenovo | thinkpad_l390_yoga_firmware | r10et51w |
| lenovo | thinkpad_p43s_firmware | n2iet98w |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | n2het66w |
| lenovo | thinkagile_vx7520_n_firmware | ive178i |
| lenovo | thinksystem_sr630_firmware | ive178i |
| lenovo | thinkpad_t490s_firmware | n2jet97w |
| lenovo | thinksystem_sr670_v2_firmware | u8e118m |
| lenovo | thinkcentre_m910s_firmware | m1akt56a |
| lenovo | thinkpad_x1_carbon_8th_gen_firmware | n2wet32w |
| lenovo | thinkcentre_m70q_gen_3_firmware | m3jkt34a |
| lenovo | thinkcentre_m710s_firmware | m1akt56a |
| lenovo | v520s_firmware | m16kt68a |
| lenovo | thinkagile_vx3320_firmware | ive178i |
| lenovo | thinkagile_hx2331_firmware | afe118m |
| lenovo | thinkcentre_m90q_gen_2_firmware | m2wkt57a |
| lenovo | thinkpad_p73_firmware | n2net49w |
| lenovo | ideacentre_c5-14imb05_firmware | o4hkt38a |
| lenovo | thinkcentre_m6600s_firmware | fwktbaa |
| lenovo | thinkagile_hx5521_firmware | ive178i |
| lenovo | ideacentre_5-14imb05_firmware | o4hkt38a |
| lenovo | thinksystem_hr610x_firmware | hr6n0661 |
| lenovo | thinkagile_mx_certified_node_-_all_flash_firmware | ive178i |
| lenovo | thinkpad_l15_gen_2_firmware | r1jet53w |
| lenovo | thinkagile_hx3330_firmware | afe118m |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | n2uet58w |
| lenovo | thinkcentre_e75t_firmware | m16kt68a |
| lenovo | thinkagile_vx2320_firmware | ive178i |
| lenovo | thinkpad_x1_yoga_5th_gen_firmware | n2wet32w |
| lenovo | thinkpad_t490_firmware | n2iet98w |
| lenovo | thinkcentre_m820z_all-in-one_firmware | m2rkt52a |
| lenovo | thinkpad_x13_firmware | n2yet34w |
| lenovo | thinkpad_p17_gen_1_firmware | n30et43w |
| lenovo | thinkagile_hx3375_firmware | d8e128f |
| lenovo | thinkagile_hx3321_firmware | ive178i |
| lenovo | thinkagile_hx7530_firmware | afe118m |
| lenovo | thinkcentre_m75t_gen_2_firmware | m3akt44a |
| lenovo | thinksystem_sr650_v2_firmware | afe118m |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | n2qet44w |
| lenovo | thinkagile_vx_1u_firmware | ive178i |
| lenovo | thinkcentre_m75t_gen_2_firmware | m3bkt29a |
| lenovo | thinkpad_x13_gen_2_firmware | n35et43w |
| lenovo | thinkpad_l14_gen_2_firmware | r1jet53w |
| lenovo | thinkcentre_m70t_gen_3_firmware | m2tkt50a |
| lenovo | n4610_storage_firmware | 5.05.0 |
| lenovo | thinkcentre_m70s_gen_3_firmware | m2tkt50a |
| lenovo | thinkagile_mx_certified_node_-_hybrid_firmware | ive178i |
| lenovo | thinkagile_hx5531_firmware | afe118m |
| lenovo | thinkagile_hx3521-g_firmware | ive178i |
| lenovo | thinkpad_l390_firmware | r10et51w |
| lenovo | yangtian_afq150_firmware | fwktbaa |
| lenovo | thinkagile_vx7531_firmware | afe118m |
| lenovo | thinkagile_hx1331_firmware | afe118m |
| lenovo | thinkcentre_m75n_firmware | m30kt26a |
| lenovo | ideacentre_510s-07icb_firmware | m22kt47a |
| lenovo | thinkstation_p350_firmware | s0akt34a |
| lenovo | v530-15icr_firmware | m2ykt31a |
| lenovo | thinkagile_hx2321_firmware | ive178i |
| lenovo | thinkpad_e14_gen_2_firmware | r1eet45w |
| lenovo | thinkpad_e590_firmware | r0yet48w |
| lenovo | thinkcentre_m610_firmware | m1akt56a |
| lenovo | thinkserver_rs160_firmware | vb1ts307 |
| lenovo | legion_t5-26iob6_firmware | o54kt1da |
| lenovo | v50a-24imb_firmware | m36kt28a |
| lenovo | v30a-22iml_firmware | m37kt28a |
| lenovo | thinkagile_hx2330_firmware | afe118m |
| lenovo | thinkpad_l15_firmware | r17et33w |
| lenovo | thinkpad_x390_firmware | n2jet97w |
| lenovo | thinksystem_sn550_firmware | ive178i |
| lenovo | thinksmart_hub_500_firmware | m23kt29a |
| lenovo | thinkcentre_m90q_tiny_firmware | m2tkt50a |
| lenovo | thinkpad_t14s_firmware | n2yet34w |
| lenovo | thinkcentre_m75q_gen_2_firmware | m33kt25a |
| lenovo | thinkserver_rd350_firmware | 5.05.0 |
| lenovo | thinksystem_sr258_v2_firmware | tqe104j |
| lenovo | thinkcentre_e96z_firmware | m26kt22a |
| lenovo | thinkpad_t15_gen_2_firmware | n34et46w |
| lenovo | thinksystem_sd630_v2_firmware | u8e118m |
| lenovo | thinkagile_hx2320-e_firmware | ive178i |
| lenovo | thinkpad_l13_yoga_firmware | r15et51w |
| lenovo | thinkcentre_m6600q_firmware | fwktbaa |
| lenovo | ideacentre_a340-24igm_firmware | o51kt12a |
| lenovo | v540-24iwl_firmware | m29kt39a |
| lenovo | thinkcentre_m8600s_firmware | fwktbaa |
| lenovo | thinksmart_hub_teams_firmware | m2xkt20a |
| lenovo | thinkcentre_m710t_firmware | m16kt68a |
| lenovo | thinksystem_sr150_firmware | ise130e |
| lenovo | thinkcentre_m80s_firmware | m2tkt50a |
| lenovo | thinkagile_vx7820_firmware | pse144n |
| lenovo | thinkagile_hx5530_firmware | afe118m |
| lenovo | thinkagile_vx3331_firmware | afe118m |
| lenovo | thinkpad_x1_yoga_6th_gen_firmware | n2tet72w |
| lenovo | thinkagile_hx5520_firmware | ive178i |
| lenovo | thinkserver_ts560_firmware | tb1ts307 |
| lenovo | thinkcentre_m70c_firmware | m3nkt20a |
| lenovo | thinkcentre_m720e_firmware | m11kt54a |
| lenovo | v520_firmware | m16kt68a |
| lenovo | thinkserver_ts460_firmware | tb1ts307 |
| lenovo | thinkagile_hx3720_firmware | tee178i |
| lenovo | thinkagile_mx3330-h_firmware | afe118m |
| lenovo | thinkpad_t14s_gen_2_firmware | n35et43w |
| lenovo | thinksystem_st658_v2_firmware | u8e118m |
| lenovo | thinksystem_dx1100u_firmware | ive178i |
| lenovo | thinkpad_e15_firmware | r16et33w |
| lenovo | thinkagile_mx3321_h_firmware | ive178i |
| lenovo | thinkcentre_m70s_firmware | m43kt16a |
| lenovo | thinkagile_mx3531-f_firmware | afe118m |
| lenovo | thinkpad_s3_2nd_gen_firmware | r16et33w |
| lenovo | thinksystem_sr670_firmware | g1e130i |
| lenovo | thinkstation_p318_firmware | m1akt56a |
| lenovo | stadia_ggp-120_firmware | s03kt55a |
| lenovo | thinkcentre_e75s_firmware | m16kt68a |
| lenovo | thinkcentre_m818z_firmware | m1nkt58a |
| lenovo | thinkagile_hx3520-g_firmware | ive178i |
| lenovo | v530-15icb_firmware | m1ykt70a |
| lenovo | thinkagile_mx3531_h_firmware | afe118m |
| lenovo | ideacentre_gaming_5-14acn6_firmware | o5ekt21a |
| lenovo | thinkpad_p1_gen_3_firmware | n2vet34w |
| lenovo | thinkserver_rd550_firmware | 5.03.0 |
| lenovo | thinkagile_vx5530_firmware | afe118m |
| lenovo | legion_c530-19icb_firmware | o4bkt20a |
| lenovo | thinkcentre_m80t_firmware | m2tkt50a |
| lenovo | thinkpad_x1_carbon_9th_gen_firmware | n2tet72w |
| lenovo | thinkcentre_m75s_gen_2_firmware | m3akt44a |
| lenovo | legion_t7-34imz5_firmware | o4lkt1ea |
| lenovo | yoga_a940-27icb_firmware | o43kt43a |
| lenovo | thinkagile_vx_1se_firmware | ise130e |
| lenovo | thinkcentre_m810z_all-in-one_firmware | m1ekt25a |
| lenovo | thinkagile_hx7521_firmware | ive178i |
| lenovo | thinkcentre_m75s_gen_2_firmware | m3bkt29a |
| lenovo | thinkagile_hx1520-r_firmware | ive178i |
| lenovo | thinkpad_p53s_firmware | n2iet98w |
| lenovo | v530s-07icb_firmware | not_affected |
| lenovo | v530s-07icr_firmware | m30kt26a |
| lenovo | thinkagile_hx1521-r_firmware | ive178i |
| lenovo | thinksystem_sr665_firmware | d8e128f |
| lenovo | thinkagile_mx1021_firmware | hye122f |
| lenovo | thinkserver_ts150_firmware | 81i/b7s |
| lenovo | legion_t5-28icb05_firmware | o4bkt20a |
| lenovo | thinkstation_p350_tiny_firmware | m3jkt34a |
| lenovo | thinksystem_st50_firmware | ite125a |
| lenovo | thinkagile_vx3330_firmware | afe118m |
| lenovo | thinkpad_p14s_gen_1_firmware | n2xet33w |
| lenovo | thinksystem_sd650_v2_firmware | u8e118m |
| lenovo | ideacentre_3-07imb05_firmware | m2vkt1da |
| lenovo | ideacentre_gaming_5-14iob6_firmware | m3gkt33a |
| lenovo | thinkpad_t15g_gen_1_firmware | n30et43w |
| lenovo | legion_t530-28apr_firmware | o4gkt16a |
| lenovo | thinkagile_mx1020_firmware | hye122f |
| lenovo | thinkserver_sr588_firmware | tee176k |
| lenovo | thinkpad_l490_firmware | r0zet50w |
| lenovo | ideacentre_gaming_5_17acn7_firmware | o5ekt21a |
| lenovo | thinkstation_p310_firmware | fwktbaa |
| lenovo | thinkcentre_m70t_firmware | m41kt2da |
| lenovo | v50t-13iob_g2_firmware | m3gkt33a |
| lenovo | v530-24icb_firmware | m20kt52a |
| lenovo | thinkagile_vx3720_firmware | tee178i |
| lenovo | thinksystem_sr850p_firmware | tee176k |
| lenovo | v50s-07imb_firmware | m2vkt1da |
| lenovo | v55t_gen_2_13acn_firmware | o5jkt20a |
| lenovo | ideacentre_5-14iob6_firmware | m3gkt33a |
| lenovo | thinkcentre_m715q_firmware | m16kt68a |
| lenovo | thinkpad_t15p_gen_1__firmware | n30et43w |
| lenovo | thinksystem_st250_firmware | ise130e |
| lenovo | thinkstation_p620_firmware | s07kt25a |
| lenovo | thinksystem_sd650_dwc_dual_node_tray_firmware | ote178g |
| lenovo | thinksystem_sd650-n_v2_firmware | u8e118m |
| lenovo | thinkagile_vx7530_firmware | afe118m |
| lenovo | thinkagile_mx3331-h_firmware | afe118m |
| lenovo | thinksystem_sr250_v2_firmware | tqe104j |
| lenovo | v330-20icb_firmware | m1qkt47a |
| lenovo | thinksystem_sr250_firmware | ise130e |
| lenovo | thinkcentre_m910q_firmware | m1akt56a |
| lenovo | thinksystem_sd530_firmware | tee178i |
| lenovo | thinkstation_p340_tiny_firmware | m2wkt57a |
| lenovo | thinksystem_sr630_v2_firmware | afe118m |
| lenovo | thinkagile_vx3530-g_firmware | afe118m |
| lenovo | thinkagile_vx_4u_firmware | pse144n |
| lenovo | thinkpad_x1_extreme_2nd_gen_firmware | n2oet54w |
| lenovo | thinkagile_vx7520_firmware | ive178i |
| lenovo | qt_b415_firmware | m16kt68a |
| lenovo | thinksystem_st650_v2_firmware | u8e118m |
| lenovo | thinkpad_x1_extreme_1st_gen_firmware | n2eet56w |
| lenovo | ideacentre_gaming_5_17iab7_firmware | m42kt40a |
| lenovo | thinkcentre_m70a_gen_2_firmware | m2skt25a |
| lenovo | thinkpad_t590_firmware | n2iet98w |
| lenovo | thinkcentre_m910t_firmware | m1akt56a |
| lenovo | thinkserver_rd350g_firmware | vb3ts891 |
| lenovo | thinkpad_e15_gen_2_firmware | r1eet45w |
| lenovo | thinkcentre_neo_50s_gen_3_firmware | m42kt40a |
| lenovo | qt_m415_firmware | m16kt68a |
| lenovo | thinkpad_e490_firmware | r0yet48w |
| lenovo | thinksystem_st258_firmware | ise130e |
| lenovo | thinkcentre_m710e_firmware | m41kt2da |
| lenovo | thinkpad_p1_gen_2_firmware | n2oet54w |
| lenovo | thinkpad_p53_firmware | n2net49w |
| lenovo | thinksystem_st558_firmware | o0e178i |
| lenovo | ideacentre_3-07ada05_firmware | o4fkt29a |
| lenovo | thinkstation_p520c_firmware | s03kt55a |
| lenovo | thinksystem_sr258_firmware | ise130e |
| lenovo | thinkcentre_m700q_firmware | fwktbaa |
| lenovo | thinkagile_vx7330_firmware | afe118m |
| lenovo | thinkpad_r14_gen_2_firmware | r1eet45w |
| lenovo | thinkpad_p15s_gen_1_firmware | n2xet33w |
| lenovo | thinkagile_mx3330-f_firmware | afe118m |
| lenovo | thinksystem_sr650_firmware | ive178i |
| lenovo | thinksystem_sr850_v2_firmware | m5e118i |
| lenovo | thinksystem_sr860_v2_firmware | m5e118i |
| lenovo | thinkagile_mx3321_f_firmware | ive178i |
| lenovo | v530-22icb_firmware | m20kt52a |
| lenovo | thinkagile_hx1320_firmware | ive178i |
| lenovo | thinkedge_se30_firmware | m3fkt29a |
| lenovo | thinkcentre_m90a_firmware | m3lkt26a |
| lenovo | thinkcentre_m70a_firmware | m28kt37a |
| lenovo | legion_t530-28icb_firmware | o4bkt20a |
| lenovo | thinksystem_hr630x_firmware | hr6n0661 |
| lenovo | thinksystem_hr650x_firmware | hr6n0661 |
| lenovo | ideacentre_g5-14amr05_firmware | o4zkt29a |
| lenovo | v30a-24iml_firmware | m37kt28a |
| lenovo | thinksystem_st258_v2_firmware | tqe104j |
| lenovo | thinkpad_t14_gen_1_firmware | n2xet33w |
| lenovo | n3310_storage_firmware | 5.05.0 |
| lenovo | thinkagile_hx7821_firmware | pse144n |
| lenovo | thinkpad_p15s_gen_2_firmware | n34et46w |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | n2qet44w |
| lenovo | thinkpad_p15_gen_1_firmware | n30et43w |
| lenovo | thinkserver_rd450_firmware | 5.05.0 |
| lenovo | ideacentre_5-14are05_firmware | o4zkt29a |
| lenovo | thinkpad_x1_extreme_3rd_gen_firmware | n2vet34w |
| lenovo | thinksystem_dn8836_firmware | l0.40 |
| lenovo | thinkpad_p52_firmware | n2cet61w |
| lenovo | thinkagile_mx3331-f_firmware | afe118m |
| lenovo | thinkstation_p348_firmware | m3kkt34a |
| lenovo | thinkagile_hx7820_firmware | pse144n |
| lenovo | thinksystem_sr645_firmware | d8e128f |
| lenovo | thinkserver_rs260_firmware | vb1ts307 |
| lenovo | thinkagile_mx3530_f_firmware | afe118m |
| lenovo | ideacentre_5_14iab7_firmware | m42kt40a |
| lenovo | thinkcentre_m90t_firmware | m1akt56a |
| lenovo | thinkagile_hx3331_firmware | afe118m |
| lenovo | thinkcentre_m910x_firmware | m49kt1da |
| lenovo | v530-15arr_firmware | not_affected |
| lenovo | qitian_a815_firmware | m1rkt38a |
| lenovo | thinkcentre_m6600t_firmware | fwktbaa |
| lenovo | thinkcentre_m8600t_firmware | fwktbaa |
| lenovo | thinksystem_se350_firmware | hye122f |
| lenovo | thinksystem_st58_firmware | ite125a |
| lenovo | thinksystem_sn850_firmware | ive178i |
| lenovo | thinkpad_l590_firmware | r0zet50w |
| lenovo | thinkstation_p340_firmware | s08kt50a |
| lenovo | thinkcentre_m90a_gen_2_firmware | m3jkt34a |
| lenovo | thinkagile_hx3721_firmware | tee178i |
| lenovo | thinkpad_p15v_gen_1_firmware | n30et43w |
| lenovo | thinksystem_sr158_firmware | ise130e |
| lenovo | thinkcentre_m80q_firmware | m46kt2da |
| lenovo | v50t-13imb_firmware | o4hkt38a |
| lenovo | thinkcentre_m710q_firmware | m1zkt38a |
| lenovo | qt_m410_firmware | m16kt68a |
| lenovo | thinkpad_p14s_gen_2_firmware | n34et46w |
| lenovo | thinksystem_sn550_v2_firmware | u8e118m |
| lenovo | thinkagile_hx1321_firmware | ive178i |
| lenovo | thinkagile_mx3520_h_firmware | ive178i |
| lenovo | thinkpad_l14_firmware | r17et33w |
| lenovo | v35s-07ada_firmware | o4fkt29a |
| lenovo | ideacentre_g5-14imb05_firmware | o4hkt38a |
| lenovo | thinksmart_hub_zoom_firmware | m2xkt20a |
| lenovo | thinkpad_x1_nano_gen_1_firmware | n2tet71w |
| lenovo | thinksystem_st250_v2_firmware | tqe104j |
| lenovo | thinkpad_t14_gen_2_firmware | n34et46w |
| lenovo | thinkserver_sr860p_firmware | tee176k |
| lenovo | thinkagile_hx1021_firmware | hye122f |
| lenovo | thinkcentre_m80s_firmware | m2wkt57a |
| lenovo | thinkserver_ts550_firmware | fwktb7s |
| lenovo | thinkserver_td350_firmware | 5.04.0 |
| lenovo | ideacentre_creator_5-14iob6_firmware | m3gkt33a |
| lenovo | thinkpad_x1_titanium_firmware | n2met54w |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | n39et50w |
| lenovo | thinkpad_e14_firmware | r16et33w |
| lenovo | thinkcentre_m90s_firmware | m2tkt50a |
| lenovo | thinkagile_vx7320_n_firmware | ive178i |
| lenovo | thinkcentre_m70q_firmware | m2vkt1da |
| lenovo | v530s-07icb_firmware | m22kt48a |
| lenovo | thinksystem_st550_firmware | o0e178i |
| lenovo | thinkagile_vx5520_firmware | ive178i |
| lenovo | thinkpad_e490s_firmware | r0yet48w |
| lenovo | thinksystem_sr860_firmware | tee178i |
| lenovo | thinkagile_hx2720-e_firmware | tee178i |
| lenovo | thinksystem_sr950_firmware | pse144n |
| lenovo | ideacentre_a340-22igm_firmware | o51kt12a |
| lenovo | thinkserver_ts450_firmware | fwktb7s |
| lenovo | thinkcentre_m60e_tiny_firmware | o5fkt14a |
| lenovo | thinkserver_ts250_firmware | 81i/b7s |
| lenovo | thinkcentre_m70q_gen_2_firmware | m2wkt57a |
| lenovo | thinkagile_hx5520-c_firmware | ive178i |
| lenovo | thinkserver_sr590_firmware | tee176k |
| lenovo | thinkcentre_m630e_firmware | m1wkt45a |
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m910s_firmware | * |
| lenovo | qt_m415_firmware | * |
| lenovo | ideacentre_510s-07icb_firmware | * |
| lenovo | thinkcentre_m710s_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinksmart_core_device:_zoom_rooms_firmware | - |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinksmart_hub_teams_firmware | * |
| lenovo | thinkcentre_m820z_firmware | * |
| lenovo | thinkcentre_m70a_gen_2_firmware | * |
| lenovo | v530-15icb_firmware | * |
| lenovo | v330-20icb_firmware | * |
| lenovo | thinksmart_core_device_for_logitech_firmware | - |
| lenovo | ideacentre_gaming_5_17acn7_firmware | * |
| lenovo | qt_b415_firmware | * |
| lenovo | thinkcentre_m60e_tiny_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | thinkcentre_m910q_firmware | * |
| lenovo | thinkcentre_m75s-1_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | legion_c530-19icb_firmware | * |
| lenovo | v35s-07ada_firmware | * |
| lenovo | thinkstation_p340_tiny_firmware | * |
| lenovo | thinkcentre_m6600s_firmware | * |
| lenovo | v540-24iwl_firmware | * |
| lenovo | ideacentre_a340-22igm_firmware | * |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | qt_m410_firmware | * |
| lenovo | thinkcentre_m910t_firmware | * |
| lenovo | v55t-15api_firmware | * |
| lenovo | thinkcentre_m715q_firmware | * |
| lenovo | ideacentre_720-18apr_firmware | * |
| lenovo | thinkcentre_e96z_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | legion_t5-28icb05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | ideacentre_510a-15arr_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m710e_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | * |
| lenovo | ideacentre_3_07iab7_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | yangtian_afq150_firmware | * |
| lenovo | thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware | - |
| lenovo | ideacentre_5-14are05_firmware | * |
| lenovo | thinkcentre_m6600t_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v530-15icr_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkcentre_m910x_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkstation_p340_firmware | * |
| lenovo | thinkstation_p310_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | v530-22icb_firmware | * |
| lenovo | thinkedge_se30_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinksmart_core_device_for_poly_firmware | - |
| lenovo | legion_t5-26iob6_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkcentre_neo_50s_gen_3_firmware | * |
| lenovo | thinkcentre_m75q-1_firmware | * |
| lenovo | thinkcentre_m720e_firmware | * |
| lenovo | v55t-15are_firmware | * |
| lenovo | thinksystem_st50_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | * |
| lenovo | thinkstation_p620_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkstation_p350_tiny_firmware | * |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | thinkcentre_m715t_firmware | * |
| lenovo | legion_t530-28icb_firmware | * |
| lenovo | thinkcentre_m70q_gen_3_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkstation_p348_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | ideacentre_a340-24igm_firmware | * |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | ideacentre_510a-15ick_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware | - |
| lenovo | thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | thinkcentre_m70q_gen_2_firmware | * |
| lenovo | v530-15arr_firmware | * |
| lenovo | thinksystem_st58_firmware | * |
| lenovo | thinkstation_p318_firmware | * |
| lenovo | thinkstation_p350_firmware | * |
| lenovo | thinksmart_hub_zoom_firmware | * |
| lenovo | thinkcentre_m90q_gen_2_firmware | * |
| lenovo | v520s_firmware | * |
| lenovo | ideacentre_t540-15ick_firmware | * |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | thinkcentre_m710q_firmware | * |
| lenovo | thinkcentre_m6600q_firmware | * |
| lenovo | thinkcentre_e75_t/s_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | thinkcentre_m710t_firmware | * |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_510-15ick_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | * |
| lenovo | thinkcentre_m90a_gen2_firmware | * |
| lenovo | yta8900f_firmware | * |
| lenovo | thinkstation_p320_tiny_firmware | * |
| lenovo | thinkcentre_m610_firmware | * |
| lenovo | thinkcentre_m725s_firmware | * |
| lenovo | ideacentre_510s-07ick_firmware | * |
| lenovo | v530s-07icr_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | qitian_a815_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | thinksmart_core_&_controller_kit:_zoom_rooms_firmware | - |
| lenovo | v530-24icb_firmware | * |
| lenovo | legion_t530-28apr_firmware | * |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | v520_firmware | * |
| lenovo | thinkstation_p520c_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
| lenovo | yoga_a940-27icb_firmware | * |
| lenovo | stadia_ggp-120_firmware | * |
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m910s_firmware | * |
| lenovo | qt_m415_firmware | * |
| lenovo | ideacentre_510s-07icb_firmware | * |
| lenovo | thinkcentre_m710s_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinksmart_core_device:_zoom_rooms_firmware | - |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinksmart_hub_teams_firmware | * |
| lenovo | thinkcentre_m820z_firmware | * |
| lenovo | thinkcentre_m70a_gen_2_firmware | * |
| lenovo | v530-15icb_firmware | * |
| lenovo | v330-20icb_firmware | * |
| lenovo | thinksmart_core_device_for_logitech_firmware | - |
| lenovo | ideacentre_gaming_5_17acn7_firmware | * |
| lenovo | thinkcentre_m900x_firmware | * |
| lenovo | qt_b415_firmware | * |
| lenovo | thinkcentre_m60e_tiny_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | thinkcentre_m910q_firmware | * |
| lenovo | thinkcentre_m75s-1_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | legion_c530-19icb_firmware | * |
| lenovo | v35s-07ada_firmware | * |
| lenovo | thinkstation_p340_tiny_firmware | * |
| lenovo | thinkcentre_m6600s_firmware | * |
| lenovo | v540-24iwl_firmware | * |
| lenovo | ideacentre_a340-22igm_firmware | * |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | qt_m410_firmware | * |
| lenovo | thinkcentre_m910t_firmware | * |
| lenovo | v55t-15api_firmware | * |
| lenovo | thinkcentre_m715q_firmware | * |
| lenovo | ideacentre_720-18apr_firmware | * |
| lenovo | thinkcentre_e96z_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | legion_t5-28icb05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | ideacentre_510a-15arr_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m710e_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | * |
| lenovo | ideacentre_3_07iab7_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkstation_p720_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | yangtian_afq150_firmware | * |
| lenovo | thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware | - |
| lenovo | ideacentre_5-14are05_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkcentre_m6600t_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v530-15icr_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkcentre_m910x_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkstation_p340_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkstation_p310_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | v530-22icb_firmware | * |
| lenovo | thinkcentre_m800_firmware | * |
| lenovo | thinkedge_se30_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinksmart_core_device_for_poly_firmware | - |
| lenovo | legion_t5-26iob6_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | * |
| lenovo | thinkcentre_m900_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkcentre_neo_50s_gen_3_firmware | * |
| lenovo | thinkcentre_m75q-1_firmware | * |
| lenovo | thinkcentre_m720e_firmware | * |
| lenovo | v55t-15are_firmware | * |
| lenovo | thinksystem_st50_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | * |
| lenovo | thinkstation_p620_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkstation_p350_tiny_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | thinkcentre_m715t_firmware | * |
| lenovo | legion_t530-28icb_firmware | * |
| lenovo | thinkcentre_m70q_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkstation_p348_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | ideacentre_a340-24igm_firmware | * |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | ideacentre_510a-15ick_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware | - |
| lenovo | thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m810z_firmware | * |
| lenovo | thinkcentre_m70q_gen_2_firmware | * |
| lenovo | v530-15arr_firmware | * |
| lenovo | thinksystem_st58_firmware | * |
| lenovo | thinkstation_p318_firmware | * |
| lenovo | thinkstation_p350_firmware | * |
| lenovo | thinksmart_hub_zoom_firmware | * |
| lenovo | thinkcentre_m90q_gen_2_firmware | * |
| lenovo | v520s_firmware | * |
| lenovo | ideacentre_t540-15ick_firmware | * |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m818z_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | thinkcentre_m710q_firmware | * |
| lenovo | thinkcentre_m6600q_firmware | * |
| lenovo | thinkcentre_e75_t/s_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | thinkcentre_m710t_firmware | * |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_510-15ick_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | * |
| lenovo | thinkcentre_m90a_gen2_firmware | * |
| lenovo | yta8900f_firmware | * |
| lenovo | thinkstation_p320_tiny_firmware | * |
| lenovo | thinkcentre_m610_firmware | * |
| lenovo | thinkcentre_m725s_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | ideacentre_510s-07ick_firmware | * |
| lenovo | v530s-07icr_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | qitian_a815_firmware | * |
| lenovo | thinkstation_p320_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | thinksmart_core_&_controller_kit:_zoom_rooms_firmware | - |
| lenovo | v530-24icb_firmware | * |
| lenovo | legion_t530-28apr_firmware | * |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | v520_firmware | * |
| lenovo | thinkstation_p520c_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
| lenovo | yoga_a940-27icb_firmware | * |
| lenovo | stadia_ggp-120_firmware | * |
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideacentre_m70q_gen_2_firmware | m3jkt35a |
| lenovo | thinkagile_vx2330_firmware | afe118m |
| lenovo | thinkagile_vx1320__firmware | ise130e |
| lenovo | ideacentre_3_07iab7_firmware | m49kt1da |
| lenovo | ideacentre_m900x_firmware | fwktbfa |
| lenovo | thinkagile_vx_2u_firmware | ive178i |
| lenovo | ideacentre_m710e_firmware | m1zkt39a |
| lenovo | thinkserver_rd650_firmware | 5.05.0 |
| lenovo | ideacentre_m75t_gen_2_firmware | m3akt44a |
| lenovo | thinkstation_p620_workstation_firmware | s07kt4aa |
| lenovo | thinkagile_hx3320_firmware | ive178i |
| lenovo | ideacentre_gaming_5-14iob6_firmware | m3gkt38a |
| lenovo | ideacentre_m75s_gen_2_firmware | m3akt44a |
| lenovo | thinksmart_core_&_controller_kit:_zoom_rooms_firmware | m4ckt14a |
| lenovo | ideacentre_m70t_gen_3_firmware | m41kt2da |
| lenovo | ideacentre_m920s_firmware | m1ukt6ba |
| lenovo | ideacentre_720-18apr_firmware | m25kt61a |
| lenovo | thinkagile_hx3376_firmware | d8e128f |
| lenovo | ideacentre_m710s_firmware | m16kt69a |
| lenovo | v520s_firmware | m16kt69a |
| lenovo | ideacentre_m710q_firmware | m1akt56a |
| lenovo | v30a-24iml_firmware | m37kt29a |
| lenovo | ideacentre_510s-07icb_firmware | m22kt48a |
| lenovo | thinkstation_p920_workstation_firmware | s05kt62p |
| lenovo | ideacentre_3-07imb05_firmware | m2vkt1fa |
| lenovo | yoga_a940-27icb_all-in-one_firmware | o43kt43a |
| lenovo | thinkagile_hx5521-c_firmware | ive178i |
| lenovo | thinkagile_vx_2u4n_firmware | tee178i |
| lenovo | ideacentre_m920q_firmware | m1ukt6ba |
| lenovo | ideacentre_t540-15ick_firmware | o4kkt16a |
| lenovo | thinkagile_mx3330-f_all-flash_firmware | afe118m |
| lenovo | thinkagile_hx7531_firmware | afe118m |
| lenovo | thinkagile_hx2320_firmware | ive178i |
| lenovo | thinkstation_p320_workstation_firmware | s06kt61a |
| lenovo | ideacentre_m810z_all-in-one_firmware | m1ckt50a |
| lenovo | ideacentre_m715t_firmware | m2ckt4da |
| lenovo | thinkagile_hx7520_firmware | ive178i |
| lenovo | ideacentre_m80q_firmware | m2wkt55a |
| lenovo | v50s-07imb_firmware | m2vkt1fa |
| lenovo | ideacentre_a340-24igm_all-in-one_firmware | o51kt12a |
| lenovo | thinksystem_dx8200d_firmware | ive178i |
| lenovo | thinkserver_sd350_firmware | 5.05.0 |
| lenovo | thinkstation_p920_workstation_firmware | s05kt62a |
| lenovo | ideacentre_gaming_5_17acn7_firmware | o5ekt23a |
| lenovo | v530-15arr_firmware | o4dkt44a |
| lenovo | ideacentre_m90s_firmware | m2tkt50a |
| lenovo | ideacentre_g5-14imb05_firmware | o4hkt3aa |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | m1vkt6ba |
| lenovo | ideacentre_m90q_gen_3_firmware | m4gkt1da |
| lenovo | thinksmart_core_device_for_logitech_firmware | m4ckt14a |
| lenovo | thinkagile_vx7820__firmware | pse144n |
| lenovo | thinkagile_vx3520-g__firmware | ive178i |
| lenovo | ideacentre_m920x_firmware | m1ukt6ba |
| lenovo | thinkagile_hx2331_firmware | afe118m |
| lenovo | ideacentre_m820z_all-in-one_firmware | m1nkt59a |
| lenovo | ideacentre_aio_3-22itl6_firmware | o5akt31a |
| lenovo | ideacentre_m720t_firmware | m1ukt6ba |
| lenovo | thinkagile_hx5521_firmware | ive178i |
| lenovo | thinkstation_p720_workstation_firmware | s04kt62p |
| lenovo | v50t-13imb_firmware | o4hkt3aa |
| lenovo | thinksmart_hub_500_firmware | m23kt31a |
| lenovo | thinksystem_hr610x_firmware | hr6n0661 |
| lenovo | ideacentre_a340-22igm_all-in-one_firmware | o51kt12a |
| lenovo | ideacentre_m80t_firmware | m2tkt50a |
| lenovo | thinkagile_hx3330_firmware | afe118m |
| lenovo | ideacentre_m70a_firmware | m2skt26a |
| lenovo | ideacentre_m75s_gen_2_firmware | m3bkt2aa |
| lenovo | v35s-07ada_firmware | o4fkt33a |
| lenovo | ideacentre_m70s_firmware | m2tkt50a |
| lenovo | ideacentre_m90a_firmware | m2rkt55a |
| lenovo | thinkstation_p330_tiny_workstation_firmware | m1ukt6ba |
| lenovo | ideacentre_neo_50t_gen_3_firmware | m42kt40a |
| lenovo | v50a-24imb_firmware | m36kt31a |
| lenovo | ideacentre_m70q_firmware | m2wkt55a |
| lenovo | ideacentre_m75s_gen_2_firmware | m46kt2ba |
| lenovo | thinkagile_mx_1u_-_mx3321_h__firmware | ive178i |
| lenovo | thinkstation_p360_tiny_workstation_firmware | m4gkt1da |
| lenovo | ideacentre_m910q_firmware | m1akt56a |
| lenovo | v520_firmware | m16kt69a |
| lenovo | thinkagile_hx3375_firmware | d8e128f |
| lenovo | thinkagile_hx3321_firmware | ive178i |
| lenovo | yangtian_afq150_firmware | fwktc0a |
| lenovo | thinkagile_hx7530_firmware | afe118m |
| lenovo | ideacentre_aio_3-22ada05_firmware | o4tkt29a |
| lenovo | ideacentre_a340-22icb_all-in-one_firmware | o44kt32a |
| lenovo | ideacentre_aio_3-22imb05_firmware | o4rkt3a |
| lenovo | thinkagile_vx_1u_firmware | ive178i |
| lenovo | n4610_storage_firmware | 5.05.0 |
| lenovo | ideacentre_m90a_gen_2_firmware | m3lkt26a |
| lenovo | v30a-22iml_firmware | m37kt29a |
| lenovo | ideacentre_m70q_gen_3_firmware | m43kt16a |
| lenovo | thinkstation_p340_workstation_firmware | s08kt50a |
| lenovo | thinkagile_hx5531_firmware | afe118m |
| lenovo | ideacentre_510a-15arr_firmware | o4dkt44a |
| lenovo | v530s-07icr_firmware | m30kt27a |
| lenovo | thinkagile_hx3521-g_firmware | ive178i |
| lenovo | ideacentre_m715q_2nd_gen_firmware | m1xkt58a |
| lenovo | ideacentre_neo_50s_gen_3_firmware | m49kt1da |
| lenovo | thinkagile_vx7520__firmware | ive178i |
| lenovo | thinkcentre_m8600t_firmware | fwktc0a |
| lenovo | thinkagile_hx1021_edg_firmware | hye122f |
| lenovo | thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware | m4ckt14a |
| lenovo | thinkcentre_m700q_firmware | fwktc0a |
| lenovo | thinkagile_vx7531_firmware | afe118m |
| lenovo | thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware | m4ckt14a |
| lenovo | thinkagile_hx1331_firmware | afe118m |
| lenovo | qt_b415_firmware | m16kt69a |
| lenovo | qitian_a815_firmware | m1rkt39a |
| lenovo | thinkagile_hx2321_firmware | ive178i |
| lenovo | ideacentre_m920t_firmware | m1ukt6ba |
| lenovo | ideacentre_a340-22iwl_all-in-one_firmware | o46kt36a |
| lenovo | thinkcentre_m610_firmware | m1akt56a |
| lenovo | thinkcentre_e75t_firmware | m16kt69a |
| lenovo | thinkserver_rs160_firmware | vb1ts307 |
| lenovo | thinkagile_hx2330_firmware | afe118m |
| lenovo | ideacentre_m700_tiny_firmware | fwktbfa |
| lenovo | thinkserver_rd350_firmware | 5.05.0 |
| lenovo | thinkagile_vx7520_n__firmware | ive178i |
| lenovo | ideacentre_a340-22ast_all-in-one_firmware | o4ckt23a |
| lenovo | thinkagile_hx2320-e_firmware | ive178i |
| lenovo | thinkstation_p310_workstation_firmware | fwktc0a |
| lenovo | thinkagile_mx3530-h_hybrid_firmware | afe118m |
| lenovo | thinksmart_hub_teams_firmware | m2xkt20a |
| lenovo | ideacentre_aio_3-24ada6_firmware | o5ckt24a |
| lenovo | ideacentre_aio_3-27alc6_firmware | o5bkt24a |
| lenovo | ideacentre_m75q-1_firmware | m2fkt2ea |
| lenovo | thinkstation_p720_workstation_firmware | s04kt62a |
| lenovo | thinkagile_hx5530_firmware | afe118m |
| lenovo | thinkagile_vx3331_firmware | afe118m |
| lenovo | v530-15icr_firmware | m2ykt33a |
| lenovo | thinkagile_hx5520_firmware | ive178i |
| lenovo | thinkserver_ts560_firmware | tb1ts307 |
| lenovo | ideacentre_m90t_firmware | m2tkt50a |
| lenovo | thinkagile_mx3531_h_hybrid_firmware | afe118m |
| lenovo | ideacentre_aio_3-24imb05_firmware | o4rkt3a |
| lenovo | thinkserver_ts460_firmware | tb1ts307 |
| lenovo | thinkagile_mx3330-h_hybrid_firmware | afe118m |
| lenovo | thinkagile_hx3720_firmware | tee178i |
| lenovo | ideacentre_aio_3-24iil5_firmware | o56kt22a |
| lenovo | thinkcentre_m6600q_firmware | fwktc0a |
| lenovo | thinksystem_dx1100u_firmware | ive178i |
| lenovo | ideacentre_m910s_firmware | m1akt56a |
| lenovo | thinkagile_vx7320_n__firmware | ive178i |
| lenovo | legion_t7-34imz5_firmware | o4lkt1fa |
| lenovo | ideacentre_m60e_tiny_firmware | m3skt21a |
| lenovo | thinkagile_hx3520-g_firmware | ive178i |
| lenovo | v50a-22imb_firmware | m36kt31a |
| lenovo | ideacentre_m630e_firmware | m28kt39a |
| lenovo | thinkagile_vx2320__firmware | ive178i |
| lenovo | ideacentre_5-14iob6_firmware | m3gkt38a |
| lenovo | thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware | m4ckt14a |
| lenovo | thinkserver_rd550_firmware | 5.03.0 |
| lenovo | ideacentre_e96z_firmware | m26kt24a |
| lenovo | ideacentre_m818z_firmware | m1ekt27a |
| lenovo | thinkagile_mx3331-f_all-flash_firmware | afe118m |
| lenovo | thinkagile_vx5530_firmware | afe118m |
| lenovo | thinkstation_thinkstation_p318_firmware | m1akt56a |
| lenovo | thinkstation_p330_workstation_firmware | m1vkt6ba |
| lenovo | thinkagile_vx_1se_firmware | ise130e |
| lenovo | ideacentre_aio_3-27imb05_firmware | o4rkt3a |
| lenovo | thinkagile_hx7521_firmware | ive178i |
| lenovo | thinkagile_hx1520-r_firmware | ive178i |
| lenovo | ideacentre_m900_firmware | fwktbfa |
| lenovo | ideacentre_m70c_firmware | m2vkt1fa |
| lenovo | ideacentre_m75s-1_firmware | m2ckt4da |
| lenovo | thinkagile_hx1521-r_firmware | ive178i |
| lenovo | legion_t5-26iob6_firmware | o54kt20a |
| lenovo | thinkagile_mx-_hybrid_firmware | ive178i |
| lenovo | thinkagile_mx1021_firmware | hye122f |
| lenovo | ideacentre_m70t_firmware | m2tkt50a |
| lenovo | thinkserver_ts150_firmware | 81i/b7s |
| lenovo | thinksystem_st50_firmware | ite125a |
| lenovo | thinkagile_mx-_all_flash_firmware | ive178i |
| lenovo | thinkstation_p520c_workstation_firmware | s03kt55a |
| lenovo | thinkagile_vx3330_firmware | afe118m |
| lenovo | thinksmart_core_device_for_poly_firmware | m4ckt14a |
| lenovo | thinkagile_vx3320__firmware | ive178i |
| lenovo | v540-24iwl_all-in-one_firmware | m29kt40a |
| lenovo | thinkstation_p350_tiny_workstation_firmware | m3jkt35a |
| lenovo | yta8900f_firmware | fwktc0a |
| lenovo | thinkserver_sr588_firmware | tee176k |
| lenovo | ideacentre_m70s_gen_3_firmware | m41kt2da |
| lenovo | thinkagile_mx3520_h-_hybrid__firmware | ive178i |
| lenovo | ideacentre_a340-24ick_all-in-one_firmware | o4pkt15a |
| lenovo | ideacentre_m720s_firmware | m1ukt6ba |
| lenovo | ideacentre_m75t_gen_2_firmware | m3bkt2aa |
| lenovo | ideacentre_a340-24iwl_all-in-one_firmware | o46kt36a |
| lenovo | thinkagile_mx3530_f_all_flash_firmware | afe118m |
| lenovo | ideacentre_aio_3-27itl6_firmware | o5akt31a |
| lenovo | ideacentre_m90q_gen_2_firmware | m3jkt35a |
| lenovo | ideacentre_m725s_firmware | m25kt61a |
| lenovo | v55t_gen_2_13acn_firmware | o5jkt20a |
| lenovo | thinksmart_core_device:_zoom_rooms_firmware | m4ckt14a |
| lenovo | ideacentre_m715s_firmware | m2ckt4da |
| lenovo | thinkagile_vx7530_firmware | afe118m |
| lenovo | ideacentre_m80s_gen_3_firmware | m40kt2da |
| lenovo | ideacentre_aio_3-24are05_firmware | o4skt28a |
| lenovo | thinkagile_vx3530-g_firmware | afe118m |
| lenovo | qt_m410_firmware | m16kt69a |
| lenovo | v55t-15api_firmware | o4dkt44a |
| lenovo | thinkagile_vx_4u_firmware | pse144n |
| lenovo | thinkstation_p320_tiny_workstation_firmware | m1akt56a |
| lenovo | v530-15icb_firmware | m1ykt72a |
| lenovo | ideacentre_m715q_firmware | m11kt55a |
| lenovo | ideacentre_gaming_5_17iab7_firmware | m42kt40a |
| lenovo | thinkstation_p348_workstation_firmware | m3kkt36a |
| lenovo | thinkserver_rd350g_firmware | vb3ts891 |
| lenovo | ideacentre_aio_3-24alc6_firmware | o5bkt24a |
| lenovo | ideacentre_m80t_gen_3_firmware | m40kt2da |
| lenovo | ideacentre_m720q_firmware | m1ukt6ba |
| lenovo | ideacentre_510s-07ick_firmware | m30kt27a |
| lenovo | ideacentre_m625q_firmware | m1wkt46a |
| lenovo | thinkagile_mx3531-f_all-flash_firmware | afe118m |
| lenovo | ideacentre_a340-24icb_all-in-one_firmware | o44kt32a |
| lenovo | thinkcentre_m6600s_firmware | fwktc0a |
| lenovo | ideacentre_510a-15ick_firmware | o4kkt16a |
| lenovo | thinkagile_vx7330_firmware | afe118m |
| lenovo | ideacentre_aio_3-24itl6_firmware | o5akt31a |
| lenovo | ideacentre_c5-14imb05_firmware | o4hkt3aa |
| lenovo | qt_m415_firmware | m16kt69a |
| lenovo | thinkcentre_e75s_firmware | m16kt69a |
| lenovo | ideacentre_m90a_gen_3_firmware | m4ikt17a |
| lenovo | ideacentre_5-14acn6_firmware | o5ekt23a |
| lenovo | thinkagile_hx1320_firmware | ive178i |
| lenovo | thinkedge_se30_firmware | m3fkt29a |
| lenovo | v530-24icb_all-in-one_firmware | m20kt53a |
| lenovo | thinkagile_mx3520_f-_all_flash__firmware | ive178i |
| lenovo | thinkstation_p520_workstation_firmware | s03kt55a |
| lenovo | thinksystem_hr630x_firmware | hr6n0661 |
| lenovo | thinksystem_hr650x_firmware | hr6n0661 |
| lenovo | thinkstation_p350_workstation_firmware | s0akt35a |
| lenovo | thinkagile_vx3720__firmware | tee178i |
| lenovo | ideacentre_g5-14amr05_firmware | o4zkt29a |
| lenovo | ideacentre_m80q_gen_3_firmware | m4gkt1da |
| lenovo | n3310_storage_firmware | 5.05.0 |
| lenovo | thinkagile_hx7821_firmware | pse144n |
| lenovo | thinkserver_rd450_firmware | 5.05.0 |
| lenovo | ideacentre_5-14are05_firmware | o4zkt29a |
| lenovo | ideacentre_aio_3-22iil5_firmware | o56kt22a |
| lenovo | legion_t5-28icb05_firmware | o4bkt21a |
| lenovo | v530-22icb_all-in-one_firmware | m20kt53a |
| lenovo | ideacentre_m800_firmware | fwktbfa |
| lenovo | v330-20icb_all-in-one_firmware | m1qkt49a |
| lenovo | ideacentre_m75q_gen_2_firmware | m47kt24a |
| lenovo | thinkagile_hx7820_firmware | pse144n |
| lenovo | ideacentre_m70a_gen_3_firmware | m4ekt18a |
| lenovo | thinkserver_rs260_firmware | vb1ts307 |
| lenovo | ideacentre_5_14iab7_firmware | m42kt40a |
| lenovo | thinkagile_hx3331_firmware | afe118m |
| lenovo | ideacentre_m910t_firmware | m1akt56a |
| lenovo | thinkcentre_m6600t_firmware | fwktc0a |
| lenovo | thinkstation_stadia_ggp-120_firmware | s03kt55a |
| lenovo | thinkcentre_m8600s_firmware | fwktc0a |
| lenovo | legion_t530-28apr_firmware | o4gkt17a |
| lenovo | legion_c530-19icb_firmware | o4bkt21a |
| lenovo | ideacentre_m720e_firmware | m30kt27a |
| lenovo | thinkagile_mx_edge-_mx1020__firmware | hye122f |
| lenovo | thinkagile_mx_1u_-_mx3321_f__firmware | ive178i |
| lenovo | ideacentre_m90t_gen_3_firmware | m40kt2da |
| lenovo | thinkagile_vx5520__firmware | ive178i |
| lenovo | ideacentre_gaming_5-14acn6_firmware | o5ekt23a |
| lenovo | v50t-13iob_g2_firmware | m3gkt38a |
| lenovo | ideacentre_m75n_firmware | m33kt26a |
| lenovo | thinksystem_st58_firmware | ite125a |
| lenovo | ideacentre_3-07ada05_firmware | o4fkt33a |
| lenovo | ideacentre_m70a_gen_2_firmware | m3nkt21a |
| lenovo | ideacentre_5-14imb05_firmware | o4hkt3aa |
| lenovo | thinkstation_p340_tiny_workstation_firmware | m2wkt55a |
| lenovo | ideacentre_m710t_firmware | m16kt69a |
| lenovo | ideacentre_m90s_gen_3_firmware | m40kt2da |
| lenovo | thinkagile_hx3721_firmware | tee178i |
| lenovo | thinkagile_hx1321_firmware | ive178i |
| lenovo | thinksmart_hub_zoom_firmware | m2xkt20a |
| lenovo | v55t-15are_firmware | o52kt23a |
| lenovo | thinkserver_sr860p_firmware | tee176k |
| lenovo | ideacentre_a340-22ick_all-in-one_firmware | o4pkt15a |
| lenovo | ideacentre_neo_70t_gen_3_firmware | m40kt2da |
| lenovo | thinkserver_ts550_firmware | fwktb7s |
| lenovo | thinkserver_td350_firmware | 5.04.0 |
| lenovo | ideacentre_m75t_gen_2_firmware | m46kt2ba |
| lenovo | ideacentre_m90q_tiny_firmware | m2wkt55a |
| lenovo | ideacentre_mini_5-01imh05_firmware | o4ekt17a |
| lenovo | ideacentre_m910x_firmware | m1akt56a |
| lenovo | ideacentre_510-15ick_firmware | o4kkt16a |
| lenovo | v530s-07icb_firmware | m22kt48a |
| lenovo | ideacentre_m80s_firmware | m2tkt50a |
| lenovo | thinkagile_hx2720-e_firmware | tee178i |
| lenovo | legion_t7-34imz5_firmware | o5fkt14a |
| lenovo | thinkagile_mx3331-h_hybrid_firmware | afe118m |
| lenovo | thinkserver_ts450_firmware | fwktb7s |
| lenovo | ideacentre_aio_3-22ada6_firmware | o5ckt24a |
| lenovo | thinkserver_ts250_firmware | 81i/b7s |
| lenovo | thinkagile_hx5520-c_firmware | ive178i |
| lenovo | thinkserver_sr590_firmware | tee176k |
| lenovo | legion_t530-28icb_firmware | o4bkt21a |
| lenovo | ideacentre_t540-15ama_g_firmware | m2ckt4da |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13s_firmware | * |
| lenovo | thinkpas_x13s_firmware | * |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13s_firmware | * |
| lenovo | thinkpas_x13s_firmware | * |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13s_firmware | * |
A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13s_firmware | * |
| lenovo | thinkpas_x13s_firmware | * |
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.0 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.0 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_hybrid_usb-c_with_usb-a_dock_firmware | * |
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_fold_gen_1_firmware | - |
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x1_extreme_gen_5_firmware | * |
| lenovo | thinkpad_p14s_gen_1_firmware | * |
| lenovo | thinkpad_x1_yoga_7th_gen_firmware | * |
| lenovo | thinkpad_x1_yoga_5th_gen_firmware | * |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | - |
| lenovo | thinkpad_l14_gen_2_firmware | - |
| lenovo | thinkpad_p1_gen_5_firmware | * |
| lenovo | thinkpad_t14_gen_3_firmware | * |
| lenovo | thinkpad_p15v_gen_1_firmware | * |
| lenovo | thinkpad_t14s_firmware | * |
| lenovo | thinkpad_x1_fold_gen_1_firmware | - |
| lenovo | thinkpad_p14s_gen_2_firmware | - |
| lenovo | thinkpad_p15_gen_2_firmware | * |
| lenovo | thinkpad_x1_titanium_firmware | * |
| lenovo | thinkpad_x1_carbon_10th_gen_firmware | * |
| lenovo | thinkpad_t15p_gen_1_firmware | * |
| lenovo | thinkpad_x1_nano_gen_1_firmware | * |
| lenovo | thinkpad_x1_carbon_9th_gen_firmware | * |
| lenovo | thinkpad_t14_gen_1_firmware | * |
| lenovo | thinkpad_p14s_gen_3_firmware | * |
| lenovo | thinkpad_p1_gen_4_firmware | 1.22 |
| lenovo | thinkpad_t15g_gen_1_firmware | * |
| lenovo | thinkpad_p17_gen_1_firmware | * |
| lenovo | thinkpad_t15p_gen_2_firmware | * |
| lenovo | thinkpad_p15s_gen_1_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_p16s_gen_1_firmware | * |
| lenovo | thinkpad_x1_nano_gen_2_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_p15v_gen_2_firmware | * |
| lenovo | thinkpad_t14s_gen_3_firmware | * |
| lenovo | thinkpad_p16_gen_1_firmware | * |
| lenovo | thinkpad_p17_gen_2_firmware | * |
| lenovo | thinkpad_p15s_gen_2_firmware | - |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | * |
| lenovo | thinkpad_p15v_gen_3_firmware | * |
| lenovo | thinkpad_l15_gen_2_firmware | - |
| lenovo | thinkpad_x13_gen_2_firmware | * |
| lenovo | thinkpad_t15_gen_2_firmware | - |
| lenovo | thinkpad_x13_firmware | * |
| lenovo | thinkpad_t15g_gen_2_firmware | * |
| lenovo | thinkpad_p15_gen_1_firmware | * |
| lenovo | thinkpad_x1_extreme_3rd_gen_firmware | * |
| lenovo | thinkpad_p1_gen_3_firmware | * |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | * |
| lenovo | thinkpad_t16_gen_1_firmware | * |
| lenovo | thinkpad_x1_carbon_8th_gen_firmware | * |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_x13_gen_3_firmware | * |
| lenovo | thinkpad_x1_yoga_6th_gen_firmware | * |
| lenovo | thinkpad_t14s_gen_2_firmware | * |
| lenovo | thinkpad_x1_extreme_4th_gen_firmware | * |
| lenovo | thinkpad_t15p_gen_3_firmware | * |
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_l560_firmware | * |
| lenovo | thinkpad_25_firmware | * |
| lenovo | thinkpad_t470s_firmware | * |
| lenovo | thinkpad_p50_firmware | * |
| lenovo | thinkpad_x260_firmware | * |
| lenovo | thinkpad_x270_firmware | * |
| lenovo | thinkpad_p50s_firmware | * |
| lenovo | thinkpad_yoga_260_firmware | * |
| lenovo | thinkpad_p70_firmware | * |
| lenovo | thinkpad_t560_firmware | * |
| lenovo | thinkpad_t470_firmware | * |
| lenovo | thinkpad_x1_carbon_4th_gen_firmware | * |
| lenovo | thinkpad_x1_yoga_1st_gen_firmware | * |
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | safecenter | * |
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_t540-15ama_g_firmware | * |
| lenovo | ideacentre_510s-07icb_firmware | * |
| lenovo | thinkcentre_m90q_gen_3_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkcentre_m60e_tiny_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | legion_t5-26amr5_firmware | * |
| lenovo | thinkcentre_m75s-1_firmware | * |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | legion_c530-19icb_firmware | * |
| lenovo | v35s-07ada_firmware | * |
| lenovo | thinkstation_p340_tiny_firmware | * |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | ideacentre_720-18apr_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | legion_t5-28icb05_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | legion_r5-28imb05_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | thinkstation_p360_firmware | * |
| lenovo | ideacentre_3_07iab7_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_5-14are05_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkstation_p340_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | thinkstation_p330_gen_2_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | legion_t5-26iob6_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkcentre_neo_50s_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_firmware | * |
| lenovo | thinkcentre_m720e_firmware | * |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkstation_p350_tiny_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t530-28icb_firmware | * |
| lenovo | ideacentre_aio_3-27alc6_firmware | * |
| lenovo | thinkcentre_m70q_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | lenovo_legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkcentre_m70q_gen_2_firmware | * |
| lenovo | thinkstation_p350_firmware | * |
| lenovo | thinkcentre_m90q_gen_2_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkstation_p360_tiny_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | thinkcentre_m600_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_3_07ach7_firmware | * |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | thinkcentre_m725s_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | ideacentre_510s-07ick_firmware | * |
| lenovo | v530s-07icr_firmware | * |
| lenovo | thinkstation_p320_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | thinkstation_p330_firmware | * |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
| lenovo | legion_t5-28imb05_firmware | * |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 0.9 | 5.2 |
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13_gen_3_firmware | * |
| lenovo | thinkpad_t14s_gen_3_firmware | * |
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 0.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x13_gen_3_firmware | * |
| lenovo | thinkpad_t14s_gen_3_firmware | * |
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | baiying | * |
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p330_tiny_firmware | * |
| lenovo | ideacentre_510s-07icb_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | * |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkcentre_m920z_firmware | * |
| lenovo | thinkcentre_m720e_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | v530s-07icb_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | * |
| lenovo | thinkstation_p520_firmware | * |
| lenovo | thinkstation_p360_ultra_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | thinkcentre_m725s_firmware | * |
| lenovo | ideacentre_510s-07ick_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | v530s-07icr_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkstation_p520c_firmware | * |
| lenovo | ideacentre_720-18apr_firmware | * |
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x390_firmware | - |
| lenovo | thinkpad_x1_carbon_8th_gen_firmware | - |
| lenovo | thinkpad_p14s_gen_3_firmware | - |
| lenovo | thinkpad_t15_firmware | * |
| lenovo | thinkpad_x1_extreme_gen_5_firmware | * |
| lenovo | thinkpad_l490_firmware | * |
| lenovo | thinkpad_z13_gen_1_firmware | * |
| lenovo | thinkpad_p14s_gen_1_firmware | * |
| lenovo | thinkpad_p1_gen_4_firmware | * |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | - |
| lenovo | thinkpad_x1_yoga_7th_gen_firmware | * |
| lenovo | thinkpad_e490_firmware | * |
| lenovo | thinkpad_x12_detachable_gen_1_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | - |
| lenovo | thinkpad_l14_firmware | - |
| lenovo | thinkpad_x13_yoga_gen_3_firmware | * |
| lenovo | thinkpad_p1_gen_5_firmware | * |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | - |
| lenovo | thinkpad_p15v_gen_1_firmware | * |
| lenovo | thinkpad_l590_firmware | * |
| lenovo | thinkpad_t14s_firmware | * |
| lenovo | thinkpad_t14_gen_3_firmware | - |
| lenovo | thinkpad_p43s_firmware | - |
| lenovo | thinkpad_e590_firmware | * |
| lenovo | thinkpad_l13_gen_3_firmware | * |
| lenovo | thinkpad_p14s_gen_2_firmware | - |
| lenovo | thinkpad_e14_firmware | * |
| lenovo | thinkpad_t490_firmware | - |
| lenovo | thinkpad_p15_gen_2_firmware | * |
| lenovo | thinkpad_x1_extreme_2nd_gen_firmware | * |
| lenovo | thinkpad_x1_titanium_firmware | * |
| lenovo | thinkpad_x1_carbon_10th_gen_firmware | * |
| lenovo | thinkpad_x390_yoga_firmware | * |
| lenovo | thinkpad_t15p_gen_1_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | * |
| lenovo | thinkpad_x1_nano_gen_1_firmware | * |
| lenovo | thinkpad_x1_carbon_9th_gen_firmware | * |
| lenovo | thinkpad_t14_gen_1_firmware | * |
| lenovo | thinkpad_t15g_gen_1_firmware | * |
| lenovo | thinkpad_p17_gen_1_firmware | * |
| lenovo | thinkpad_thinkpad_r14_gen_4_firmware | * |
| lenovo | thinkpad_t15p_gen_2_firmware | * |
| lenovo | thinkpad_p15s_gen_1_firmware | * |
| lenovo | thinkpad_t590_firmware | - |
| lenovo | thinkpad_e15_gen_4_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_x1_nano_gen_2_firmware | * |
| lenovo | thinkpad_l14_firmware | * |
| lenovo | thinkpad_p53s_firmware | - |
| lenovo | thinkpad_x1_yoga_5th_gen_firmware | - |
| lenovo | thinkpad_p15v_gen_2_firmware | * |
| lenovo | thinkpad_z16_gen_1_firmware | * |
| lenovo | thinkpad_t14s_gen_3_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_3_firmware | * |
| lenovo | thinkpad_p16_gen_1_firmware | * |
| lenovo | thinkpad_p16s_gen_1_firmware | - |
| lenovo | thinkpad_e15_gen_2_firmware | * |
| lenovo | thinkpad_p17_gen_2_firmware | * |
| lenovo | thinkpad_p15s_gen_2_firmware | - |
| lenovo | thinkpad_p1_gen_2_firmware | * |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | * |
| lenovo | thinkpad_p73_firmware | * |
| lenovo | thinkpad_p15v_gen_3_firmware | * |
| lenovo | thinkpad_thinkpad_s3_2nd_gen_firmware | * |
| lenovo | thinkpad_l15_gen_2_firmware | - |
| lenovo | thinkpad_x13_gen_2_firmware | * |
| lenovo | thinkpad_t15_gen_2_firmware | - |
| lenovo | thinkpad_p53_firmware | * |
| lenovo | thinkpad_x13_firmware | * |
| lenovo | thinkpad_t15g_gen_2_firmware | * |
| lenovo | thinkpad_p15_gen_1_firmware | * |
| lenovo | thinkpad_x1_extreme_3rd_gen_firmware | * |
| lenovo | thinkpad_thinkpad_r14_gen_2_firmware | * |
| lenovo | thinkpad_l15_gen_3_firmware | * |
| lenovo | thinkpad_e14_gen_2_firmware | * |
| lenovo | thinkpad_e14_gen_4_firmware | * |
| lenovo | thinkpad_p1_gen_3_firmware | * |
| lenovo | thinkpad_t490s_firmware | - |
| lenovo | thinkpad_t16_gen_1_firmware | - |
| lenovo | thinkpad_l15_firmware | * |
| lenovo | thinkpad_x13_gen_3_firmware | * |
| lenovo | thinkpad_x1_yoga_6th_gen_firmware | * |
| lenovo | thinkpad_t14s_gen_2_firmware | * |
| lenovo | thinkpad_e15_firmware | * |
| lenovo | thinkpad_e490s_firmware | * |
| lenovo | thinkpad_p14s_gen_2_firmware | * |
| lenovo | thinkpad_x1_extreme_4th_gen_firmware | * |
| lenovo | thinkpad_t15p_gen_3_firmware | * |
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H | 2.8 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | smart_clock_essential_with_alexa_built_in_firmware | * |
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_x12_detachable_gen_1_firmware | 1.28 |
| lenovo | thinkpad_p43s_firmware | 1.79 |
| lenovo | thinkpad_x13_gen_2_firmware | 1.51 |
| lenovo | thinkpad_p1_gen_5_firmware | 1.16 |
| lenovo | thinkpad_p53s_firmware | 1.21 |
| lenovo | thinkpad_z16_gen_1_firmware | 1.57 |
| lenovo | thinkpad_t15g_gen_1_firmware | 1.32 |
| lenovo | thinkpad_e15_firmware | 1.23 |
| lenovo | thinkpad_thinkpad_r14_gen_2_firmware | 1.55 |
| lenovo | thinkpad_thinkpad_s3_2nd_gen_firmware | 1.23 |
| lenovo | thinkpad_l15_gen_2_firmware | 1.48 |
| lenovo | thinkpad_e490_firmware | 1.34 |
| lenovo | thinkpad_p73_firmware | 1.4 |
| lenovo | thinkpad_t16_gen_1_firmware | 1.11 |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | 1.56 |
| lenovo | thinkpad_t490_firmware | 1.79 |
| lenovo | thinkpad_p14s_gen_3_firmware | 1.31 |
| lenovo | thinkpad_p16s_gen_1_firmware | 1.11 |
| lenovo | thinkpad_p15s_gen_2_firmware | 1.05 |
| lenovo | thinkpad_p14s_gen_2_firmware | 1.05 |
| lenovo | thinkpad_t15_firmware | 1.28 |
| lenovo | thinkpad_p16_gen_1_firmware | 1.17 |
| lenovo | thinkpad_x1_extreme_2nd_gen_firmware | 1.46 |
| lenovo | thinkpad_p14s_gen_2_firmware | 1.55 |
| lenovo | thinkpad_x1_yoga_7th_gen_firmware | 1.37 |
| lenovo | thinkpad_z13_gen_1_firmware | 1.57 |
| lenovo | thinkpad_e15_gen_4_firmware | 1.18 |
| lenovo | thinkpad_e590_firmware | 1.34 |
| lenovo | thinkpad_l15_firmware | 1.2 |
| lenovo | thinkpad_t14_gen_1_firmware | 1.28 |
| lenovo | thinkpad_p17_gen_2_firmware | 1.25 |
| lenovo | thinkpad_t15p_gen_2_firmware | 1.19 |
| lenovo | thinkpad_p53s_firmware | 1.79 |
| lenovo | thinkpad_x1_extreme_gen_5_firmware | 1.16 |
| lenovo | thinkpad_x1_yoga_5th_gen_firmware | 1.30 |
| lenovo | thinkpad_thinkpad_r14_gen_4_firmware | 1.18 |
| lenovo | thinkpad_l15_gen_2_firmware | 1.61 |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | 1.56 |
| lenovo | thinkpad_t490s_firmware | 1.24 |
| lenovo | thinkpad_t590_firmware | 1.21 |
| lenovo | thinkpad_t15p_gen_3_firmware | 1.15 |
| lenovo | thinkpad_t15g_gen_2_firmware | 1.25 |
| lenovo | thinkpad_t14s_gen_3_firmware | 1.33 |
| lenovo | thinkpad_e15_gen_4_firmware | 1.16 |
| lenovo | thinkpad_t490_firmware | 1.21 |
| lenovo | thinkpad_p15v_gen_2_firmware | 1.19 |
| lenovo | thinkpad_l14_firmware | 1.48 |
| lenovo | thinkpad_x1_carbon_8th_gen_firmware | 1.15 |
| lenovo | thinkpad_p43s_firmware | 1.21 |
| lenovo | thinkpad_x1_titanium_firmware | 1.24 |
| lenovo | thinkpad_x13_firmware | 1.26 |
| lenovo | thinkpad_p1_gen_3_firmware | 1.27 |
| lenovo | thinkpad_x1_yoga_5th_gen_firmware | 1.15 |
| lenovo | thinkpad_l15_gen_3_firmware | 1.26 |
| lenovo | thinkpad_x390_firmware | 1.79_1.24 |
| lenovo | thinkpad_p14s_gen_1_firmware | 1.28 |
| lenovo | thinkpad_t490s_firmware | 1.79 |
| lenovo | thinkpad_l15_firmware | 1.3 |
| lenovo | thinkpad_l13_yoga_gen_3_firmware | 1.14 |
| lenovo | thinkpad_t15p_gen_1_firmware | 1.32 |
| lenovo | thinkpad_l590_firmware | 1.32 |
| lenovo | thinkpad_p15_gen_1_firmware | 1.32 |
| lenovo | thinkpad_t14_gen_3_firmware | 1.31 |
| lenovo | thinkpad_t14_gen_2_firmware | 1.55 |
| lenovo | thinkpad_p53_firmware | 1.4 |
| lenovo | thinkpad_t14_gen_2_firmware | 1.05 |
| lenovo | thinkpad_p14s_gen_3_firmware | 1.11 |
| lenovo | thinkpad_x1_extreme_3rd_gen_firmware | 1.27 |
| lenovo | thinkpad_t14s_firmware | 1.26 |
| lenovo | thinkpad_e14_gen_4_firmware | 1.18 |
| lenovo | thinkpad_l14_firmware | 1.61 |
| lenovo | thinkpad_x13_gen_3_firmware | 1.33 |
| lenovo | thinkpad_x13_gen_2_firmware | 1.37 |
| lenovo | thinkpad_x1_extreme_4th_gen_firmware | 1.22 |
| lenovo | thinkpad_e15_gen_2_firmware | 1.55 |
| lenovo | thinkpad_l14_firmware | 1.3 |
| lenovo | thinkpad_t16_gen_1_firmware | 1.31 |
| lenovo | thinkpad_x1_carbon_10th_gen_firmware | 1.37 |
| lenovo | thinkpad_e14_gen_4_firmware | 1.16 |
| lenovo | thinkpad_x390_yoga_firmware | 1.95 |
| lenovo | thinkpad_x1_nano_gen_1_firmware | 1.55 |
| lenovo | thinkpad_p1_gen_4_firmware | 1.22 |
| lenovo | thinkpad_e490s_firmware | 1.34 |
| lenovo | thinkpad_x390_firmware | 1.79 |
| lenovo | thinkpad_p15v_gen_1_firmware | 1.32 |
| lenovo | thinkpad_l490_firmware | 1.32 |
| lenovo | thinkpad_e14_firmware | 1.23 |
| lenovo | thinkpad_p14s_gen_2_firmware | 1.34 |
| lenovo | thinkpad_t590_firmware | 1.79 |
| lenovo | thinkpad_p16s_gen_1_firmware | 1.31 |
| lenovo | thinkpad_t14_gen_3_firmware | 1.11 |
| lenovo | thinkpad_l14_firmware | 1.2 |
| lenovo | thinkpad_x390_firmware | 1.24 |
| lenovo | thinkpad_e14_gen_2_firmware | 1.55 |
| lenovo | thinkpad_p15s_gen_2_firmware | 1.55 |
| lenovo | thinkpad_x1_carbon_9th_gen_firmware | 1.59 |
| lenovo | thinkpad_x1_yoga_4th_gen_firmware | 1.45 |
| lenovo | thinkpad_x1_carbon_8th_gen_firmware | 1.30 |
| lenovo | thinkpad_t15_gen_2_firmware | 1.05 |
| lenovo | thinkpad_x13_yoga_gen_2_firmware | 1.4 |
| lenovo | thinkpad_x13_yoga_gen_3_firmware | 1.09 |
| lenovo | thinkpad_t14s_gen_2_firmware | 1.51 |
| lenovo | thinkpad_x1_carbon_7th_gen_firmware | 1.45 |
| lenovo | thinkpad_p15s_gen_1_firmware | 1.28 |
| lenovo | thinkpad_p1_gen_2_firmware | 1.46 |
| lenovo | thinkpad_l14_firmware | 1.26 |
| lenovo | thinkpad_t14s_gen_2_firmware | 1.37 |
| lenovo | thinkpad_t14_gen_2_firmware | 1.34 |
| lenovo | thinkpad_l13_gen_3_firmware | 1.14 |
| lenovo | thinkpad_t15_gen_2_firmware | 1.55 |
| lenovo | thinkpad_p17_gen_1_firmware | 1.32 |
| lenovo | thinkpad_x1_nano_gen_2_firmware | 1.18 |
| lenovo | thinkpad_p15v_gen_3_firmware | 1.15 |
| lenovo | thinkpad_x13_yoga_gen_1_firmware | 1.45 |
| lenovo | thinkpad_p15_gen_2_firmware | 1.25 |
| lenovo | thinkpad_x1_yoga_6th_gen_firmware | 1.59 |
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | drivers_management | * |
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H | 2.1 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H | 0.9 | 5.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr850p_firmware | * |
| lenovo | thinksystem_sr860_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinksystem_st258_firmware | * |
| lenovo | thinkagile_mx3531-f_firmware | * |
| lenovo | thinksystem_sr670_v2_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinksystem_sr570_firmware | * |
| lenovo | thinksystem_sr530_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinksystem_sr650_firmware | * |
| lenovo | thinkagile_mx3331-f_firmware | * |
| lenovo | thinksystem_sd650_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinksystem_sr645_v3_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinksystem_st550_firmware | * |
| lenovo | thinkagile_mx3330-h_firmware | * |
| lenovo | thinksystem_sr850_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_mx3331-h_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinksystem_sr630_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinksystem_sr665_firmware | * |
| lenovo | thinksystem_sr860_v2_firmware | * |
| lenovo | thinksystem_sr665_v3_firmware | * |
| lenovo | thinksystem_sr250_v2_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinksystem_st250_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinksystem_sr850_v2_firmware | * |
| lenovo | thinkagile_hx7820_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_hx5520_firmware | * |
| lenovo | thinksystem_sr670_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinksystem_sr630_v2_firmware | * |
| lenovo | thinkagile_mx3330-f_firmware | * |
| lenovo | thinksystem_sr645_firmware | * |
| lenovo | thinkstation_p920_firmware | * |
| lenovo | thinkagile_hx2330_firmware | 2.93_afbt30p |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinksystem_st250_v2_firmware | * |
| lenovo | thinksystem_sd650_v2_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx1320_firmware | * |
| lenovo | thinksystem_sr258_firmware | * |
| lenovo | thinkagile_hx7530_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
| lenovo | thinksystem_sr250_firmware | * |
| lenovo | thinkagile_hx7520_firmware | * |
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_vx7520_n_firmware | * |
| lenovo | thinksystem_sn550_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinksystem_sr550_firmware | * |
| lenovo | thinksystem_st658_v2_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx_2u4n_firmware | * |
| lenovo | thinkagile_hx3520-g_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinksystem_sd530_firmware | * |
| lenovo | thinksystem_sr590_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinksystem_sn550_v2_firmware | * |
| lenovo | thinkagile_hx1520-r_firmware | * |
| lenovo | thinkagile_hx3720_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_mx1020_firmware | * |
| lenovo | thinkagile_mx1021_on_se350_firmware | * |
| lenovo | thinkagile_hx2720-e_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinksystem_sr150_firmware | * |
| lenovo | thinkagile_vx7320_n_firmware | * |
| lenovo | thinksystem_sr650_v2_firmware | * |
| lenovo | thinksystem_sn850_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinksystem_sr258_v2_firmware | * |
| lenovo | thinkedge_se450__firmware | * |
| lenovo | thinkagile_hx5530_firmware | * |
| lenovo | thinkagile_hx2320-e_firmware | * |
| lenovo | thinksystem_se350_firmware | * |
| lenovo | thinksystem_st258_v2_firmware | * |
| lenovo | thinkagile_mx3531_h_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_hx3320_firmware | * |
| lenovo | thinkagile_vx7330_firmware | * |
| lenovo | thinksystem_sr158_firmware | * |
| lenovo | thinkagile_hx2330_firmware | * |
| lenovo | thinksystem_sd650-n_v2_firmware | * |
| lenovo | thinkagile_hx5520-c_firmware | * |
| lenovo | thinkagile_hx3375_firmware | * |
| lenovo | thinkagile_hx3330_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinksystem_sd630_v2_firmware | * |
| lenovo | thinkagile_mx3530-h_firmware | * |
| lenovo | thinksystem_sr950_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinksystem_st650_v2_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_mx3530_f_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinkagile_cp-cb-10e_firmware | * |
| lenovo | thinksystem_d2_enclosure_firmware | * |
| lenovo | thinksystem_da240_enclosure_firmware | * |
| lenovo | thinkagile_vx_enclosure_firmware | * |
| lenovo | nextscale_n1200_enclosure_firmware | * |
| lenovo | thinkagile_cp-cb-10_firmware | * |
| lenovo | thinksystem_dw612_enclosure_firmware | * |
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_hx_enclosure_certified_node_firmware | * |
| lenovo | thinkagile_cp-cb-10e_firmware | * |
| lenovo | thinksystem_d2_enclosure_firmware | * |
| lenovo | thinksystem_da240_enclosure_firmware | * |
| lenovo | thinkagile_vx_enclosure_firmware | * |
| lenovo | nextscale_n1200_enclosure_firmware | * |
| lenovo | thinkagile_cp-cb-10_firmware | * |
| lenovo | thinksystem_dw612_enclosure_firmware | * |
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | universal_device_client | * |
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N | 3.9 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | legion_5-15ith6_firmware | - |
| lenovo | legion_5_15iah7h_firmware | * |
| lenovo | thinkbook_16p_g3_arh_firmware | - |
| lenovo | thinkbook_15p_g2_ith_firmware | - |
| lenovo | legion_5-17ach6h_firmware | - |
| lenovo | legion_5_pro-16ith6_firmware | - |
| lenovo | legion_5_pro-16ith6h_firmware | - |
| lenovo | legion_5_15arh7_firmware | - |
| lenovo | legion_5-15ach6a_firmware | - |
| lenovo | legion_5_15arh7h_firmware | - |
| lenovo | legion_5_pro-16ach6h_firmware | - |
| lenovo | legion_s7_16arha7_firmware | - |
| lenovo | legion_5-17ith6_firmware | - |
| lenovo | legion_5-15ach6_firmware | - |
| lenovo | legion_7-16arha7_firmware | - |
| lenovo | legion_5-15ith6h_firmware | - |
| lenovo | legion_5_pro_16iah7h_firmware | * |
| lenovo | legion_pro_7_16irx8h_firmware | * |
| lenovo | legion_5-15ach6h_firmware | - |
| lenovo | legion_5_pro-16ach6_firmware | - |
| lenovo | legion_5_pro_16iah7_firmware | * |
| lenovo | legion_pro_7_16irx8_firmware | * |
| lenovo | legion_7-16achg6_firmware | - |
| lenovo | legion_5_15iah7_firmware | * |
| lenovo | legion_5-17ach6_firmware | - |
| lenovo | legion_7-16ithg6_firmware | - |
| lenovo | legion_5_pro_16arh7h_firmware | - |
| lenovo | legion_5-17ith6h_firmware | - |
| lenovo | legion_pro_5_16irx8_firmware | * |
| lenovo | legion_5_pro_16arh7_firmware | - |
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 1.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H | 1.2 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkbook_13s_g4_iap_firmware | * |
| lenovo | flex_5-14alc05_firmware | * |
| lenovo | thinkbook_14s_g2_itl_firmware | * |
| lenovo | flex_5-14are05_firmware | * |
| lenovo | ideapad_1-14ada05_firmware | * |
| lenovo | flex_5-14iil05_firmware | * |
| lenovo | yoga_9-15imh5_firmware | * |
| lenovo | ideapad_1-11ada05_firmware | * |
| lenovo | flex_5-15iil05_firmware | * |
| lenovo | ideapad_1-14igl05_firmware | * |
| lenovo | ideapad_flex_5_16abr8_firmware | * |
| lenovo | ideapad_flex_5_14iru8_firmware | * |
| lenovo | thinkbook_13s_g2_are_firmware | * |
| lenovo | flex_7_14iru8_firmware | * |
| lenovo | ideapad_flex_5_16alc7_firmware | * |
| lenovo | ideapad_flex_5_14alc7_firmware | * |
| lenovo | thinkbook_13s_g3_acn_firmware | * |
| lenovo | ideapad_flex_5_14abr8_firmware | * |
| lenovo | flex_5-15alc05_firmware | * |
| lenovo | ideapad_flex_5_16iru8_firmware | * |
| lenovo | thinkbook_13s_g2_itl_firmware | * |
| lenovo | thinkbook_13x_g2_iap_firmware | * |
| lenovo | 13w_yoga_firmware | * |
| lenovo | ideapad_flex_5_14iau7_firmware | * |
| lenovo | flex_5-14itl05_firmware | * |
| lenovo | 13w_yoga_gen_2_firmware | * |
| lenovo | flex_5-15itl05_firmware | * |
| lenovo | ideapad_1-11igl05_firmware | * |
| lenovo | ideapad_flex_5_16iau7_firmware | * |
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_e15_gen_3_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | * |
| lenovo | k14_type_21cv_firmware | * |
| lenovo | thinkpad_l13_gen_2_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_3_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_8_firmware | * |
| lenovo | thinkpad_l15_gen_2_firmware | * |
| lenovo | thinkpad_s2_gen_8_firmware | * |
| lenovo | thinkpad_l15_gen_4_firmware | * |
| lenovo | thinkpad_x13_gen_2_firmware | * |
| lenovo | thinkpad_l13_gen_3_firmware | * |
| lenovo | thinkpad_s2_gen_7_firmware | * |
| lenovo | thinkpad_l15_gen_3_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_7_firmware | * |
| lenovo | thinkpad_l14_gen_4_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | * |
| lenovo | thinkpad_l14_gen_3_firmware | * |
| lenovo | thinkpad_t14_gen_2_firmware | * |
| lenovo | thinkpad_e14_gen_3_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_4_firmware | * |
| lenovo | thinkpad_l14_gen_2_firmware | * |
| lenovo | thinkpad_s2_gen_6_firmware | * |
| lenovo | k14_type_21cu_firmware | * |
| lenovo | thinkpad_l13_gen_4_firmware | * |
| lenovo | thinkpad_t14s_gen_2_firmware | * |
| lenovo | thinkpad_p14s_gen_2_firmware | * |
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_p15s_gen_2_firmware | - |
| lenovo | thinkpad_p14s_gen_2_firmware | - |
| lenovo | thinkpad_t14_gen_2_firmware | - |
| lenovo | thinkpad_t15_gen_2_firmware | - |
A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
| psirt@lenovo.com | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkcentre_m80q_firmware | - |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_neo_70t_gen_3_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | thinkcentre_m80q_gen_3_firmware | - |
| lenovo | ideacentre_aio_3-22iil5_firmware | * |
| lenovo | ideacentre_gaming_5-14acn6_firmware | - |
| lenovo | thinkstation_p320_workstation_firmware | - |
| lenovo | thinkcentre_neo_30a_24_gen_4_firmware | * |
| lenovo | thinkcentre_m90a_gen_2_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | thinkcentre_m90s_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27itl6_firmware | * |
| lenovo | ideacentre_5_14iab7_firmware | * |
| lenovo | thinkcentre_m625q_firmware | - |
| lenovo | thinkcentre_m70q_gen_2_firmware | - |
| lenovo | ideacentre_gaming_5_17iab7_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m90a_pro_gen_3_firmware | * |
| lenovo | thinkstation_p350_tiny_workstation_firmware | - |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | legion_t5_26irb8_firmware | * |
| lenovo | thinkcentre_m80t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-27imb05_firmware | * |
| lenovo | ideacentre_aio_3_27iap7_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | o5nkt33a |
| lenovo | thinkstation_p340_tiny_workstation_firmware | - |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | v30a-22itl_firmware | * |
| lenovo | legion_t7-34iaz7_firmware | * |
| lenovo | thinkcentre_m90t_gen_3_firmware | * |
| lenovo | thinkcentre_neo_30a_22_gen_3_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_neo_30a_22_gen_4_firmware | * |
| lenovo | thinkcentre_neo_30a_24_gen_3_firmware | * |
| lenovo | ideacentre_aio_3-22itl6_firmware | * |
| lenovo | ideacentre_aio_3-22imb05_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | v50a-24imb_firmware | * |
| lenovo | legion_t5_26iab7_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | - |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | loq_17irb8_firmware | * |
| lenovo | thinkcentre_m70q_firmware | - |
| lenovo | ideacentre_aio_5_24iah7_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | - |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | ideacentre_aio_3_22iap7_firmware | * |
| lenovo | legion_t7_34irz8_firmware | * |
| lenovo | thinkedge_se30_firmware | - |
| lenovo | ideacentre_aio_3-24iil5_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_neo_50a_24_gen_4_firmware | * |
| lenovo | ideacentre_mini_5-01imh05_firmware | - |
| lenovo | yoga_aio_7-27arh6_firmware | - |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | yoga_aio_7_27arh7_firmware | - |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | ideacentre_gaming_5_17acn7_firmware | - |
| lenovo | thinkcentre_m70a_gen_3_firmware | - |
| lenovo | thinkcentre_m90q_gen_2_firmware | - |
| lenovo | thinkcentre_m90q_gen_3_firmware | - |
| lenovo | thinkcentre_neo_30a_27_gen_3_firmware | * |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | v50t-13iob_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | thinkcentre_m90a_gen_3_firmware | * |
| lenovo | thinkcentre_m70t_gen_3_firmware | * |
| lenovo | ideacentre_aio_3_21itl7_firmware | * |
| lenovo | ideacentre_aio_3-24itl6_firmware | * |
| lenovo | ideacentre_aio_3_24iap7_firmware | * |
| lenovo | thinkcentre_m70s_gen_3_firmware | * |
| lenovo | ideacentre_5-14acn6_firmware | - |
| lenovo | thinkcentre_m80s_gen_3_firmware | * |
| lenovo | thinkstation_p360_tiny_workstation_firmware | - |
| lenovo | ideacentre_5-14imb05_firmware | * |
| lenovo | ideacentre_aio_3-24alc6_firmware | * |
| lenovo | ideacentre_5_14irb8_firmware | * |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | thinkcentre_neo_30a_27_gen_4_firmware | * |
| lenovo | v30a-24itl_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | ideacentre_aio_3-24imb05_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | - |
| lenovo | ideacentre_aio_5_27iah7_firmware | * |
| lenovo | ideacentre_t540-15ama_g_firmware | - |
| lenovo | thinkcentre_m630e_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | thinkstation_p358_workstation_firmware | * |
| lenovo | thinkstation_p360_ultra_workstation_firmware | - |
| lenovo | thinkcentre_neo_50t_gen_3_firmware | * |
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkedge_se30_firmware | * |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkstation_p340_tiny_workstation_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkstation_p320_workstation_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m630e_firmware | - |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m820z_all-in-one_firmware | * |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | * |
| lenovo | thinkstation_p330_tiny_workstation_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkedge_se30_firmware | * |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkstation_p340_tiny_workstation_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkstation_p320_workstation_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m630e_firmware | - |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m820z_all-in-one_firmware | * |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | * |
| lenovo | thinkstation_p330_tiny_workstation_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkedge_se30_firmware | * |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkstation_p340_tiny_workstation_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkstation_p320_workstation_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m630e_firmware | - |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m820z_all-in-one_firmware | * |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | * |
| lenovo | thinkstation_p330_tiny_workstation_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkedge_se30_firmware | * |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkstation_p340_tiny_workstation_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkstation_p320_workstation_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m630e_firmware | - |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m820z_all-in-one_firmware | * |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | * |
| lenovo | thinkstation_p330_tiny_workstation_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkedge_se30_firmware | * |
| lenovo | thinkstation_p330_workstation_firmware | * |
| lenovo | ideacentre_c5-14imb05_firmware | * |
| lenovo | v50t-13imh_firmware | * |
| lenovo | ideacentre_3-07ada05_firmware | * |
| lenovo | thinkcentre_m75t_gen_2_firmware | - |
| lenovo | thinkcentre_m920q_firmware | * |
| lenovo | thinkcentre_m70q_firmware | * |
| lenovo | thinkstation_p340_tiny_workstation_firmware | * |
| lenovo | ideacentre_5-14iob6_firmware | * |
| lenovo | thinkstation_p320_workstation_firmware | * |
| lenovo | v50t-13iob_g2_firmware | * |
| lenovo | thinkcentre_m920z_all-in-one_firmware | * |
| lenovo | ideacentre_creator_5-14iob6_firmware | * |
| lenovo | thinkcentre_m70s_firmware | * |
| lenovo | thinkcentre_m70t_firmware | * |
| lenovo | thinkstation_p520c_workstation_firmware | - |
| lenovo | ideacentre_g5-14imb05_firmware | * |
| lenovo | thinkcentre_m70c_firmware | * |
| lenovo | thinkcentre_m720q_firmware | * |
| lenovo | ideacentre_3-07imb05_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | - |
| lenovo | ideacentre_gaming_5-14iob6_firmware | * |
| lenovo | v50s-07imb_firmware | * |
| lenovo | thinkstation_p350_workstation_firmware | - |
| lenovo | v30a-22iml_firmware | * |
| lenovo | thinkcentre_m630e_firmware | - |
| lenovo | thinkstation_p720_workstation_firmware | - |
| lenovo | thinkcentre_m80t_firmware | * |
| lenovo | thinkcentre_m90t_firmware | * |
| lenovo | thinkcentre_m820z_all-in-one_firmware | * |
| lenovo | thinkstation_p330_workstation_2nd_gen_firmware | * |
| lenovo | thinkcentre_m720t_firmware | * |
| lenovo | thinkstation_p920_workstation_firmware | - |
| lenovo | ideacentre_mini_5-01imh05_firmware | * |
| lenovo | thinkcentre_m920x_firmware | * |
| lenovo | thinkcentre_m720s_firmware | * |
| lenovo | thinkstation_p340_workstation_firmware | * |
| lenovo | legion_t7-34imz5_firmware | * |
| lenovo | thinkcentre_m920s_firmware | * |
| lenovo | thinkcentre_m90q_tiny_firmware | * |
| lenovo | ideacentre_mini_5_01iaq7_firmware | * |
| lenovo | thinkcentre_m75s_gen_2_firmware | - |
| lenovo | thinkcentre_m90s_firmware | * |
| lenovo | v55t_gen_2_13acn_firmware | * |
| lenovo | thinkcentre_m70a_firmware | * |
| lenovo | thinkcentre_m920t_firmware | * |
| lenovo | thinkstation_p348_workstation_firmware | * |
| lenovo | thinkstation_p330_tiny_workstation_firmware | * |
| lenovo | v50a-22imb_firmware | * |
| lenovo | thinkcentre_m625q_firmware | * |
| lenovo | thinkcentre_m75n_firmware | * |
| lenovo | v50t-13imb_firmware | * |
| lenovo | thinkstation_p360_workstation_firmware | * |
| lenovo | thinkcentre_m80q_firmware | * |
| lenovo | thinkcentre_m80s_firmware | * |
| lenovo | thinkcentre_m90a_firmware | * |
| lenovo | thinkstation_p520_workstation_firmware | - |
| lenovo | v50a-24imb_firmware | * |
| lenovo | thinkcentre_m75q_gen_2_firmware | * |
| lenovo | ideacentre_g5-14amr05_firmware | * |
| lenovo | v30a-24iml_firmware | * |
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
| psirt@lenovo.com | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr650_v3_firmware | - |
| lenovo | thinkagile_vx7530_firmware | - |
| lenovo | thinkagile_mx3330-h_hybrid_firmware | - |
| lenovo | thinksystem_sr670_v2_firmware | - |
| lenovo | thinksystem_sr630_v3_firmware | - |
| lenovo | thinksystem_sr630_v2_firmware | - |
| lenovo | thinkagile_hx7531_firmware | - |
| lenovo | thinkagile_hx2330_firmware | - |
| lenovo | thinksystem_sd650_v3_firmware | - |
| lenovo | thinkagile_vx3331_firmware | - |
| lenovo | thinkagile_hx5530_firmware | - |
| lenovo | thinksystem_sr645_v3_firmware | - |
| lenovo | thinkagile_vx3330_firmware | - |
| lenovo | thinkagile_vx7330_firmware | - |
| lenovo | thinkagile_hx3331_firmware | - |
| lenovo | thinkagile_vx2330_firmware | - |
| lenovo | thinkagile_mx3331-f_all-flash_firmware | - |
| lenovo | thinkagile_hx2331_firmware | - |
| lenovo | thinksystem_st258_v2_firmware | - |
| lenovo | thinksystem_sr645_firmware | - |
| lenovo | thinkagile_hx3330_firmware | - |
| lenovo | thinkagile_hx1331_firmware | - |
| lenovo | thinksystem_sr650_v2_firmware | - |
| lenovo | thinksystem_sr860_v3_firmware | - |
| lenovo | thinksystem_st250_v2_firmware | - |
| lenovo | thinkagile_hx3376_firmware | - |
| lenovo | thinkagile_mx3531-f_all-flash_firmware | - |
| lenovo | thinksystem_sr675_v3_firmware | - |
| lenovo | thinksystem_sr635_v3_firmware | - |
| lenovo | thinksystem_sr850_v3_firmware | - |
| lenovo | thinksystem_sr250_firmware | - |
| lenovo | thinksystem_sr860_v2_firmware | - |
| lenovo | thinksystem_sr665_firmware | - |
| lenovo | thinkagile_vx7531_firmware | - |
| lenovo | thinksystem_sd665_v3_firmware | - |
| lenovo | thinksystem_sr258_v2_firmware | - |
| lenovo | thinkagile_vx5530_firmware | - |
| lenovo | thinksystem_sr665_v3_firmware | - |
| lenovo | thinkagile_mx3331-h_hybrid_firmware | - |
| lenovo | thinkagile_hx5531_firmware | - |
| lenovo | thinksystem_sr850_v2_firmware | - |
| lenovo | thinkagile_mx3530-h_hybrid_firmware | - |
| lenovo | thinksystem_sn550_v2_firmware | - |
| lenovo | thinksystem_st650_v3_firmware | - |
| lenovo | thinksystem_st658_v3_firmware | - |
| lenovo | thinksystem_sd630_v2_firmware | - |
| lenovo | thinkagile_mx3530_f_all_flash_firmware | - |
| lenovo | thinkagile_mx3330-f_all-flash_firmware | - |
| lenovo | thinkagile_mx3531_h_hybrid_firmware | - |
| lenovo | thinksystem_sd650_v2_firmware | - |
| lenovo | thinksystem_sd650-n_v2_firmware | - |
| lenovo | thinksystem_st650_v2_firmware | - |
| lenovo | thinksystem_sr655_v3_firmware | - |
| lenovo | thinksystem_sr670_firmware | - |
| lenovo | thinkagile_hx7530_firmware | - |
| lenovo | thinkagile_hx3375_firmware | - |
| lenovo | thinkagile_vx3530-g_firmware | - |
| lenovo | thinksystem_st658_v2_firmware | - |
An authenticated XCC user can change permissions for any user through a crafted API command.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| psirt@lenovo.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr650_v3_firmware | - |
| lenovo | thinksystem_sd650_dwc_dual_node_tray_firmware | - |
| lenovo | thinkagile_hx_enclosure_firmware | - |
| lenovo | thinkagile_hx7821_firmware | - |
| lenovo | thinksystem_sr570_firmware | - |
| lenovo | thinksystem_sr630_v3_firmware | - |
| lenovo | thinkagile_hx5520_firmware | - |
| lenovo | thinksystem_sr630_v2_firmware | - |
| lenovo | thinkagile_hx7531_firmware | - |
| lenovo | thinkagile_hx2330_firmware | - |
| lenovo | thinksystem_sd650_v3_firmware | - |
| lenovo | thinkagile_vx3330_firmware | - |
| lenovo | thinkagile_hx3331_firmware | - |
| lenovo | thinkagile_mx650_v3_firmware | - |
| lenovo | thinkagile_vx2330_firmware | - |
| lenovo | thinkagile_vx7820_firmware | - |
| lenovo | thinkagile_mx3331-f_all-flash_firmware | - |
| lenovo | thinkagile_hx2331_firmware | - |
| lenovo | thinkagile_hx3721_firmware | - |
| lenovo | thinksystem_sr645_firmware | - |
| lenovo | thinkagile_vx_2u4n_firmware | - |
| lenovo | thinkagile_hx3330_firmware | - |
| lenovo | thinksystem_sr860_v3_firmware | - |
| lenovo | thinksystem_st250_v2_firmware | - |
| lenovo | thinkagile_hx2720-e_firmware | - |
| lenovo | thinkagile_vx1320_firmware | - |
| lenovo | thinksystem_sr675_v3_firmware | - |
| lenovo | thinksystem_sr635_v3_firmware | - |
| lenovo | thinkagile_hx1321_firmware | - |
| lenovo | thinkagile_hx1320_firmware | - |
| lenovo | thinksystem_sr158_firmware | - |
| lenovo | thinksystem_sr250_firmware | - |
| lenovo | thinksystem_sr150_firmware | - |
| lenovo | thinksystem_sr665_firmware | - |
| lenovo | thinkagile_vx7531_firmware | - |
| lenovo | thinksystem_sr850p_firmware | - |
| lenovo | thinksystem_sr258_v2_firmware | - |
| lenovo | thinkagile_hx5520-c_firmware | - |
| lenovo | thinkagile_hx5531_firmware | - |
| lenovo | thinkagile_hx3720_firmware | - |
| lenovo | thinksystem_sr630_firmware | - |
| lenovo | thinksystem_sr550_firmware | - |
| lenovo | thinkagile_mx3530-h_hybrid_firmware | - |
| lenovo | thinksystem_sn550_v2_firmware | - |
| lenovo | thinksystem_st650_v3_firmware | - |
| lenovo | thinkagile_hx7520_firmware | - |
| lenovo | thinkagile_hx1021_edg_firmware | - |
| lenovo | thinkagile_hx1521-r_firmware | - |
| lenovo | thinkagile_hx2321_firmware | - |
| lenovo | thinksystem_sr530_firmware | - |
| lenovo | thinkagile_vx2320_firmware | - |
| lenovo | thinkagile_mx3530_f_all_flash_firmware | - |
| lenovo | thinkagile_hx3320_firmware | - |
| lenovo | thinksystem_sd650_v2_firmware | - |
| lenovo | thinksystem_sr258_firmware | - |
| lenovo | thinksystem_sd650-n_v2_firmware | - |
| lenovo | thinksystem_sr850_firmware | - |
| lenovo | thinkagile_hx1520-r_firmware | - |
| lenovo | thinksystem_sr655_v3_firmware | - |
| lenovo | thinkagile_vx_4u_firmware | - |
| lenovo | thinksystem_st250_firmware | - |
| lenovo | thinkagile_hx3321_firmware | - |
| lenovo | thinksystem_st658_v2_firmware | - |
| lenovo | thinkagile_vx7520_firmware | - |
| lenovo | thinkagile_vx7530_firmware | - |
| lenovo | thinkagile_mx3330-h_hybrid_firmware | - |
| lenovo | thinksystem_sr670_v2_firmware | - |
| lenovo | thinksystem_st550_firmware | - |
| lenovo | thinksystem_sn550_firmware | - |
| lenovo | thinksystem_se350_firmware | - |
| lenovo | thinksystem_sr650_firmware | - |
| lenovo | thinkagile_vx3331_firmware | - |
| lenovo | thinkagile_hx3520-g_firmware | - |
| lenovo | thinkagile_hx5530_firmware | - |
| lenovo | thinksystem_sr645_v3_firmware | - |
| lenovo | thinkagile_vx7520_n_firmware | - |
| lenovo | thinkagile_vx7330_firmware | - |
| lenovo | thinkagile_hx3521-g_firmware | - |
| lenovo | thinkagile_vx5520_firmware | - |
| lenovo | thinkagile_hx7820_firmware | - |
| lenovo | thinksystem_sn850_firmware | - |
| lenovo | thinkagile_hx5521-c_firmware | - |
| lenovo | thinkagile_mx650_v3_intergrated_system_firmware | - |
| lenovo | thinkagile_vx7320_n_firmware | - |
| lenovo | thinksystem_st258_v2_firmware | - |
| lenovo | thinkagile_hx2320-e_firmware | - |
| lenovo | thinkagile_hx1331_firmware | - |
| lenovo | thinksystem_sr650_v2_firmware | - |
| lenovo | thinkagile_hx3376_firmware | - |
| lenovo | thinkagile_mx3531-f_all-flash_firmware | - |
| lenovo | thinkagile_hx7521_firmware | - |
| lenovo | thinksystem_sr590_firmware | - |
| lenovo | thinksystem_sr850_v3_firmware | - |
| lenovo | thinksystem_st258_firmware | - |
| lenovo | thinksystem_sr860_v2_firmware | - |
| lenovo | thinksystem_sr860_firmware | - |
| lenovo | thinkagile_vx3320_firmware | - |
| lenovo | thinksystem_sd665_v3_firmware | - |
| lenovo | thinkagile_vx5530_firmware | - |
| lenovo | thinksystem_sr665_v3_firmware | - |
| lenovo | thinkagile_mx3331-h_hybrid_firmware | - |
| lenovo | thinksystem_sr850_v2_firmware | - |
| lenovo | thinkagile_hx5521_firmware | - |
| lenovo | thinkagile_vx3520-g_firmware | - |
| lenovo | thinkagile_mx_edge-_mx1020__firmware | - |
| lenovo | thinkagile_vx_1se_firmware | - |
| lenovo | thinksystem_st658_v3_firmware | - |
| lenovo | thinksystem_sd530_firmware | - |
| lenovo | thinksystem_sr950_firmware | - |
| lenovo | thinksystem_sd630_v2_firmware | - |
| lenovo | thinkagile_mx630_v3_firmware | - |
| lenovo | thinkagile_mx3330-f_all-flash_firmware | - |
| lenovo | thinkagile_mx3531_h_hybrid_firmware | - |
| lenovo | thinkedge_se450__firmware | - |
| lenovo | thinkagile_vx3720_firmware | - |
| lenovo | thinksystem_sd650_dual_node_tray_firmware | - |
| lenovo | thinkagile_mx630_v3_intergrated_system_firmware | - |
| lenovo | thinksystem_st650_v2_firmware | - |
| lenovo | thinkagile_mx1021_on_se350_firmware | - |
| lenovo | thinksystem_sr670_firmware | - |
| lenovo | thinkagile_hx7530_firmware | - |
| lenovo | thinkagile_hx3375_firmware | - |
| lenovo | thinkagile_vx3530-g_firmware | - |
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
| psirt@lenovo.com | 4.1 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L | 0.7 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr650_v3_firmware | - |
| lenovo | thinkagile_vx7530_firmware | - |
| lenovo | thinkagile_mx3330-h_hybrid_firmware | - |
| lenovo | thinksystem_sr670_v2_firmware | - |
| lenovo | thinksystem_sr630_v3_firmware | - |
| lenovo | thinksystem_sr630_v2_firmware | - |
| lenovo | thinkagile_hx7531_firmware | - |
| lenovo | thinkagile_hx2330_firmware | - |
| lenovo | thinksystem_sd650_v3_firmware | - |
| lenovo | thinkagile_vx3331_firmware | - |
| lenovo | thinkagile_hx5530_firmware | - |
| lenovo | thinksystem_sr645_v3_firmware | - |
| lenovo | thinkagile_vx3330_firmware | - |
| lenovo | thinkagile_vx7330_firmware | - |
| lenovo | thinkagile_hx3331_firmware | - |
| lenovo | thinkagile_vx2330_firmware | - |
| lenovo | thinkagile_mx3331-f_all-flash_firmware | - |
| lenovo | thinkagile_hx2331_firmware | - |
| lenovo | thinksystem_st258_v2_firmware | - |
| lenovo | thinksystem_sr645_firmware | - |
| lenovo | thinkagile_hx3330_firmware | - |
| lenovo | thinkagile_hx1331_firmware | - |
| lenovo | thinksystem_sr650_v2_firmware | - |
| lenovo | thinksystem_sr860_v3_firmware | - |
| lenovo | thinksystem_st250_v2_firmware | - |
| lenovo | thinkagile_hx3376_firmware | - |
| lenovo | thinkagile_mx3531-f_all-flash_firmware | - |
| lenovo | thinksystem_sr675_v3_firmware | - |
| lenovo | thinksystem_sr635_v3_firmware | - |
| lenovo | thinksystem_sr850_v3_firmware | - |
| lenovo | thinksystem_sr250_firmware | - |
| lenovo | thinksystem_sr860_v2_firmware | - |
| lenovo | thinksystem_sr665_firmware | - |
| lenovo | thinkagile_vx7531_firmware | - |
| lenovo | thinksystem_sd665_v3_firmware | - |
| lenovo | thinksystem_sr258_v2_firmware | - |
| lenovo | thinkagile_vx5530_firmware | - |
| lenovo | thinksystem_sr665_v3_firmware | - |
| lenovo | thinkagile_mx3331-h_hybrid_firmware | - |
| lenovo | thinkagile_hx5531_firmware | - |
| lenovo | thinksystem_sr850_v2_firmware | - |
| lenovo | thinkagile_mx3530-h_hybrid_firmware | - |
| lenovo | thinksystem_sn550_v2_firmware | - |
| lenovo | thinksystem_st650_v3_firmware | - |
| lenovo | thinksystem_st658_v3_firmware | - |
| lenovo | thinksystem_sd630_v2_firmware | - |
| lenovo | thinkagile_mx3530_f_all_flash_firmware | - |
| lenovo | thinkagile_mx3330-f_all-flash_firmware | - |
| lenovo | thinkagile_mx3531_h_hybrid_firmware | - |
| lenovo | thinksystem_sd650_v2_firmware | - |
| lenovo | thinksystem_sd650-n_v2_firmware | - |
| lenovo | thinksystem_st650_v2_firmware | - |
| lenovo | thinksystem_sr655_v3_firmware | - |
| lenovo | thinksystem_sr670_firmware | - |
| lenovo | thinkagile_hx7530_firmware | - |
| lenovo | thinkagile_hx3375_firmware | - |
| lenovo | thinkagile_vx3530-g_firmware | - |
| lenovo | thinksystem_st658_v2_firmware | - |
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | system_update | * |
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | preload_directory | - |
A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | view_driver | * |
A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | ideapad_duet_3_10igl5_firmware | * |
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkpad_s2_yoga_gen_6_firmware | - |
| lenovo | thinkpad_t14s_gen_3_firmware | - |
| lenovo | thinkpad_l15_gen_3_firmware | * |
| lenovo | thinkpad_s2_yoga_gen_7_firmware | * |
| lenovo | thinkpad_p14s_gen_3_firmware | - |
| lenovo | thinkpad_l13_gen_2_firmware | - |
| lenovo | thinkpad_s2_yoga_gen_8_firmware | - |
| lenovo | thinkpad_l13_gen_4_firmware | - |
| lenovo | thinkpad_x13_gen_3_firmware | - |
| lenovo | thinkpad_t16_gen_1_firmware | - |
| lenovo | thinkpad_l14_gen_4_firmware | * |
| lenovo | thinkpad_l13_yoga_gen_3_firmware | * |
| lenovo | thinkpad_l14_gen_3_firmware | * |
| lenovo | thinkpad_s2_gen_8_firmware | - |
| lenovo | thinkpad_p16s_gen_1_firmware | - |
| lenovo | thinkpad_l13_yoga_gen_4_firmware | - |
| lenovo | thinkpad_l15_gen_4_firmware | * |
| lenovo | thinkpad_t14_gen_3_firmware | - |
| lenovo | thinkpad_l13_yoga_gen_2_firmware | - |
| lenovo | thinkpad_l13_gen_3_firmware | * |
Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| psirt@lenovo.com | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | lecloud | * |
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.8 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H | 2.5 | 4.2 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | tab_m8_hd_tb8505fs_firmware | * |
| lenovo | tab_m8_hd_tb8505xs_firmware | * |
| lenovo | tab_p11_pro_gen_2_tb132fu_firmware | * |
| lenovo | tab_m8_hd_tb8505x_firmware | * |
| lenovo | tab_m8_hd_tb8505f_firmware | * |
| lenovo | tab_m10_plus_gen_3_tb125fu_firmware | * |
An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | tab_m8_hd_tb8505fs_firmware | * |
| lenovo | tab_m8_hd_tb8505xs_firmware | * |
| lenovo | tab_m8_hd_tb8505x_firmware | * |
| lenovo | tab_m8_hd_tb8505f_firmware | * |
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
| psirt@lenovo.com | 6.3 | MEDIUM | CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | 0.4 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | universal_device_client | * |
An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | app_store | * |
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | browser_hd | * |
| lenovo | browser_mobile | * |
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 2.0 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N | 0.6 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinksystem_sr670_v2_firmware | * |
A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkagile_hx3331_firmware | * |
| lenovo | thinkagile_cp-cb-10e_firmware | * |
| lenovo | thinkagile_vx2330_firmware | * |
| lenovo | thinkagile_hx5531_firmware | * |
| lenovo | thinkagile_cp-cb-10_firmware | * |
| lenovo | thinkagile_hx645_v3_firmware | * |
| lenovo | thinkagile_hx3721_firmware | * |
| lenovo | thinkagile_vx5575_firmware | * |
| lenovo | thinkagile_hx5521_firmware | * |
| lenovo | thinkagile_hx5521-c_firmware | * |
| lenovo | thinkagile_vx7575_firmware | * |
| lenovo | thinkagile_hx650_v3_firmware | * |
| lenovo | thinkagile_vx3520-g_firmware | * |
| lenovo | thinkagile_hx630_v3_firmware | * |
| lenovo | thinkagile_vx1320_firmware | * |
| lenovo | thinkagile_vx630_v3_firmware | * |
| lenovo | thinkagile_vx_2u_firmware | * |
| lenovo | thinkagile_vx7375-n_firmware | * |
| lenovo | thinkagile_vx655_v3_firmware | * |
| lenovo | thinkagile_vx3330_firmware | * |
| lenovo | thinkagile_vx7320-n_firmware | * |
| lenovo | thinkagile_vx_1se_firmware | * |
| lenovo | thinkagile_vx665_v3_firmware | * |
| lenovo | thinksystem_dw612_firmware | * |
| lenovo | thinkagile_hx1521-r_firmware | * |
| lenovo | thinkagile_vx3375_firmware | * |
| lenovo | thinkagile_vx7530_firmware | * |
| lenovo | thinkagile_hx3321_firmware | * |
| lenovo | thinkagile_hx1321_firmware | * |
| lenovo | thinkagile_hx7821_firmware | * |
| lenovo | thinkagile_vx630_v4_firmware | * |
| lenovo | thinkagile_hx7521_firmware | * |
| lenovo | thinkagile_vx7330-n_firmware | * |
| lenovo | thinkagile_vx5530_firmware | * |
| lenovo | thinkagile_vx7820_firmware | * |
| lenovo | thinkagile_vx650_v4_firmware | * |
| lenovo | thinkagile_vx3331_firmware | * |
| lenovo | thinkagile_hx7531_firmware | * |
| lenovo | thinkagile_vx3320_firmware | * |
| lenovo | thinkagile_vx645_v3_firmware | * |
| lenovo | thinkagile_vx650_v3_firmware | * |
| lenovo | thinkagile_2u4n_firmware | * |
| lenovo | thinkagile_vx2375_firmware | * |
| lenovo | thinkagile_vx3575-g_firmware | * |
| lenovo | thinkagile_hx2321_firmware | * |
| lenovo | thinkagile_vx2320_firmware | * |
| lenovo | thinkagile_vx7520_firmware | * |
| lenovo | thinkagile_vx3376_firmware | * |
| lenovo | thinkagile_hx_e1_enclosure_firmware | * |
| lenovo | thinksystem_da240_firmware | * |
| lenovo | thinkagile_hx665_v3_firmware | * |
| lenovo | thinkagile_hx3376_firmware | * |
| lenovo | thinkagile_hx3521-g_firmware | * |
| lenovo | thinkagile_vx5520_firmware | * |
| lenovo | thinksystem_d2_enclosure_firmware | * |
| lenovo | thinkagile_hx_enclosure_firmware | * |
| lenovo | thinkagile_hx_e2_enclosure_firmware | * |
| lenovo | thinkagile_vx635_v3_firmware | * |
| lenovo | thinkagile_vx_4u_firmware | * |
| lenovo | thinkagile_vx3720_firmware | * |
| lenovo | thinkagile_vx_1u_firmware | * |
| lenovo | thinkagile_hx1021_firmware | * |
| lenovo | thinkagile_vx7531_firmware | * |
| lenovo | thinkagile_hx2331_firmware | * |
| lenovo | thinkagile_vx3530-g_firmware | * |
| lenovo | nextscale_n1200_enclosure_firmware | * |
| lenovo | thinkagile_vx850_v3_firmware | * |
| lenovo | thinkagile_hx1331_firmware | * |
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | xclarity_administrator | * |
A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | dolby_vision_provisioning | * |
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkplus_fu200_firmware | - |
| lenovo | thinkplus_fu100_firmware | - |
| lenovo | thinkplus_tsd303_firmware | - |
| lenovo | thinkplus_tu800_firmware | - |
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 4.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.0 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkplus_fu200_firmware | - |
| lenovo | thinkplus_fu100_firmware | - |
| lenovo | thinkplus_tsd303_firmware | - |
| lenovo | thinkplus_tu800_firmware | - |
A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | thinkplus_fu200_firmware | - |
| lenovo | thinkplus_fu100_firmware | - |
| lenovo | thinkplus_tsd303_firmware | - |
| lenovo | thinkplus_tu800_firmware | - |
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| psirt@lenovo.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | commercial_vantage | * |
| lenovo | vantage | * |
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | commercial_vantage | * |
| lenovo | vantage | * |
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | commercial_vantage | * |
| lenovo | vantage | * |
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | app_store | * |
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | pcmanager | * |
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |
An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@lenovo.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lenovo | vantage | * |