MidnightBSD

Advisories for lenovo

CVE-2013-1361 HIGH

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lenovo thinkpad_bluetooth_with_enhanced_data_rate_software *
CVE-2014-1939 HIGH

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
google android *
google android 4.3
google android 4.0.1
google android 4.1.2
google android 4.0.4
google android 4.0
lenovo shareit *
google android 4.0.2
google android 4.1
google android 4.2.1
google android 4.2
google android 4.0.3
google android 4.2.2
CVE-2015-2219 HIGH

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-2233 HIGH

Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-2234 MEDIUM

Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-3214 MEDIUM

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_compute_node_eus 7.6
redhat enterprise_linux_compute_node_eus 7.2
redhat enterprise_linux_server_update_services_for_sap_solutions 7.3
redhat enterprise_linux_server_tus 7.7
redhat openstack 5.0
redhat virtualization 3.0
redhat enterprise_linux_server 7.0
arista eos 4.12
arista eos 4.14
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
debian debian_linux 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_power_big_endian 7.0
linux linux_kernel *
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_compute_node_eus 7.4
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.1_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
qemu qemu *
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_for_scientific_computing 7.0
redhat openstack 6.0
redhat enterprise_linux_compute_node_eus 7.5
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_compute_node_eus 7.1
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_compute_node_eus 7.7
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 7.2
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
arista eos 4.15
redhat enterprise_linux_compute_node_eus 7.3
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_eus 7.6
lenovo emc_px12-450r_ivx *
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
arista eos 4.13
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
lenovo emc_px12-400r_ivx *
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_aus 7.6
CVE-2015-3320 LOW

Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo usb_enhanced_performance_keyboard *
CVE-2015-3321 HIGH

Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo fingerprint_manager *
CVE-2015-3322 MEDIUM

Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
lenovo thinkserver_td350_firmware *
lenovo thinkserver_rd450_firmware *
lenovo thinkserver_rd350 *
lenovo thinkserver_rd550 *
lenovo thinkserver_td350 *
lenovo thinkserver_rd350_firmware *
lenovo thinkserver_rd650_firmware *
lenovo thinkserver_rd550_firmware *
lenovo thinkserver_rd450 *
lenovo thinkserver_rd650 *
CVE-2015-3323 MEDIUM

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo thinkserver_system_manager_baseboard_management_controller_firmware *
CVE-2015-3324 MEDIUM

The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
lenovo thinkserver_system_manager_baseboard_management_controller_firmware 118.71532
CVE-2015-4596 MEDIUM

Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo mouse_suite *
CVE-2015-5684 HIGH

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
lenovo s435_firmware *
lenovo yoga_3_14_firmware *
lenovo flex_2_pro-15_firmware *
lenovo edge_15_firmware *
lenovo u41-70_firmware *
lenovo g40-80_firmware *
lenovo g50-80_firmware *
lenovo b50-10_firmware *
lenovo ideapad_100-14iby_firmware *
lenovo z51-70_firmware *
lenovo z41-70_firmware *
lenovo flex_3-1470_firmware *
lenovo u31-70_firmware *
lenovo g50-80m_firmware *
lenovo flex_3-1570_firmware *
lenovo g50-80_touch_v3000_firmware *
lenovo yoga_3_11_firmware *
lenovo z70-80_firmware *
lenovo ideapad_100-15iby_firmware *
lenovo g40-80m_firmware *
lenovo s41-70_firmware *
lenovo s21e_firmware *
lenovo m40-35_firmware *
lenovo g50-80_touch_firmware *
lenovo flex_3-1120_firmware *
lenovo g70-80_firmware *
lenovo y40-80_firmware *
CVE-2015-6971 HIGH

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-77,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-7333 HIGH

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type INF and INF_BY_COMPATIBLE_ID command types could allow a user to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-7334 HIGH

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior where the SUService.exe /type COMMAND type could allow a user to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-7335 MEDIUM

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow a user to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-7336 MEDIUM

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was reported (fixed and publicly disclosed in 2015) in Lenovo System Update version 5.07.0008 and prior that could allow the signature check of an update to be bypassed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2015-7817 HIGH

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide FileReader.jsp input containing directory traversal sequences to read arbitrary text files, via a request to port 40080 or 40443.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
lenovo switch_center *
ibm system_networking_switch_center *
CVE-2015-7818 HIGH

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo switch_center *
ibm system_networking_switch_center *
CVE-2015-7819 MEDIUM

The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
lenovo switch_center *
ibm system_networking_switch_center *
CVE-2015-7820 HIGH

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
lenovo switch_center *
ibm system_networking_switch_center *
CVE-2015-8108 MEDIUM

The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
lenovo emc_firmware 4.1.204.33661
CVE-2015-8109 MEDIUM

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
lenovo lenovo_system_update *
CVE-2015-8110 HIGH

Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo lenovo_system_update *
CVE-2015-8534 HIGH

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privilege escalation vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2015-8535 HIGH

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A directory traversal vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow a user to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2015-8536 MEDIUM

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability was discovered (fixed and publicly disclosed in 2015) in Lenovo Solution Center (LSC) prior to version 3.3.002 that could allow cross-site request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2016-1344 HIGH

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.3sg_3.3.2sg
cisco ios_xe 3.13s_3.13.2as
cisco ios_xe 3.14s_3.14.2s
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.8e_3.8.1e
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.15s_3.15.1cs
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.14s_3.14.1s
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.4s_3.4.3s
cisco ios_xe 3.4sg_3.4.7sg
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.4s_3.4.0as
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.12s_3.12.2s
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.3s_3.3.0s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.3sg_3.3.1sg
cisco ios_xe 3.6e_3.6.2e
lenovo thinkcentre_e75s_firmware *
cisco ios_xe 3.7s_3.7.3s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.17s_3.17.0s
cisco ios_xe 3.7e_3.7.3e
cisco ios_xe 3.16s_3.16.1as
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.4s_3.4.2s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.9s_3.9.0as
cisco ios_xe 3.3sg_3.3.0sg
cisco ios_xe 3.4s_3.4.5s
cisco ios_xe 3.3s_3.3.2s
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.15s_3.15.1s
zzinc keymouse_firmware 3.08
cisco ios_xe 3.4s_3.4.4s
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.4s_3.4.6s
sun opensolaris snv_124
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.10s_3.10.4s
cisco ios_xe 3.3s_3.3.1s
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.4s_3.4.1s
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.4s_3.4.0s
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.7s_3.7.7s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.9s_3.9.0s
netgear jr6150_firmware *
CVE-2016-1350 HIGH

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.9.2s
cisco ios_xe 3.10.0s
cisco ios_xe 3.9.1s
cisco ios_xe 3.8.0s
cisco ios_xe 3.9.1as
cisco ios_xe 3.9.0s
cisco ios_xe 3.11.0s
zzinc keymouse_firmware 3.08
lenovo thinkcentre_e75s_firmware *
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.10.2s
cisco ios_xe 3.8.2s
cisco ios_xe 3.10.1xbs
sun opensolaris snv_124
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.9.0as
cisco ios_xe 3.10.1s
cisco ios_xe 3.8.1s
CVE-2016-1489 MEDIUM

Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww for Android transfer files in cleartext, which allows remote attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-254,

Products Affected

Vendor Product Version
lenovo shareit *
CVE-2016-1490 LOW

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows remote attackers to obtain sensitive file names via a crafted file request to /list.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo shareit *
CVE-2016-1491 MEDIUM

The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when configured to receive files, has a hardcoded password of 12345678, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
lenovo shareit *
CVE-2016-1492 LOW

The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when configured to receive files, does not require a password, which makes it easier for remote attackers to obtain access by leveraging a position within the WLAN coverage area.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lenovo shareit 3.0.18_ww
CVE-2016-1876 HIGH

The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2016-2393 HIGH

Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo fingerprint_manager *
lenovo touch_fingerprint *
CVE-2016-3944 HIGH

UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo accelerator_application -
CVE-2016-4782 HIGH

Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo shareit 3.5.98_ww
CVE-2016-4783 MEDIUM

Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo shareit 3.5.98_ww
CVE-2016-5247 HIGH

The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-254,

Products Affected

Vendor Product Version
lenovo bios -
CVE-2016-5248 LOW

The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2016-5249 HIGH

Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo solution_center *
CVE-2016-5729 MEDIUM

Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 1.5 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo bios_efi_driver -
CVE-2016-6257 LOW

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dell km714_firmware *
dell km632_firmware -
amazonbasics firmware -
logitech unifying_firmware *
lenovo ultraslim_firmware -
CVE-2016-8106 MEDIUM

A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
hp ethernet_10gb_4-port_563sfp+ *
intel ethernet_controller_xl710_firmware *
lenovo converged_hx7500_appliance 5.05
lenovo thinkserver_rd450 5.05
lenovo system_x3500_m5 5.05
hp proliant_xl260a_g9_server *
lenovo system_x3650_m5 5.05
intel ethernet_controller_x710_firmware *
hp ethernet_10gb_2-port_562flr-sfp+ *
lenovo thinkserver_rd350 5.05
lenovo system_x3250_m5 5.05
lenovo thinkserver_td350 5.05
lenovo system_x3750_m4 5.05
lenovo system_x3850_x6 5.05
lenovo converged_hx7510_appliance 5.05
lenovo thinkagile_cx4600 5.05
lenovo thinkserver_sd350 5.05
lenovo system_x3950_x6 5.05
lenovo thinkagile_cx4200 5.05
lenovo converged_hx_series 5.05
lenovo thinkagile_cx2200 5.05
lenovo converged_hx5510_appliance 5.05
lenovo thinkserver_rd650 5.05
hp ethernet_10gb_2-port_562sfp+ *
lenovo system_x3550_m5 5.05
lenovo thinkserver_rd550 5.05
lenovo nextscale_nx360_m5 5.05
lenovo converged_hx5500_appliance 5.05
CVE-2016-8221 LOW

Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2016-8222 MEDIUM

A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lenovo thinkpad_yoga_11e_beema_bios -
lenovo thinkpad_t460p_bios -
lenovo thinkpad_e555_bios -
lenovo thinkpad_l560_bios -
lenovo thinkpad_p50_bios -
lenovo thinkpad_p50s_bios -
lenovo thinkpad_s1_yoga_vpro_bios -
lenovo thinkpad_s3_yoga_14_bios -
lenovo thinkpad_s1_yoga_non_vpro_bios -
lenovo thinkpad_e450_bios -
lenovo thinkpad_x1_tablet_bios -
lenovo thinkpad_11e_broadwell_bios -
lenovo thinkpad_s1_yoga_12_bios -
lenovo thinkpad_s3_s440_bios -
lenovo thinkpad_x1_yoga_bios -
lenovo thinkpad_x240_bios -
lenovo thinkpad_11e_skylake_bios -
lenovo thinkpad_t440_bios -
lenovo thinkpad_t460_bios -
lenovo thinkpad_helix_20ch_bios -
lenovo thinkpad_l460_bios -
lenovo thinkpad_tablet_10_bios -
lenovo thinkpad_w540_bios -
lenovo thinkpad_e565_bios -
lenovo thinkpad_yoga_11e_skylake_bios -
lenovo thinkpad_yoga_260_s1_bios -
lenovo thinkpad_w541_bios -
lenovo thinkpad_x250_broadwell_bios -
lenovo thinkpad_t450s_bios -
lenovo thinkpad_w550s_bios -
lenovo thinkpad_t450_bios -
lenovo thinkpad_t560_bios -
lenovo thinkpad_t440u_bios -
lenovo thinkpad_t540_bios -
lenovo thinkpad_yoga_14_460_s3_bios -
lenovo thinkpad_e450c_bios -
lenovo thinkpad_s540_bios -
lenovo thinkpad_t440s_bios -
lenovo thinkpad_helix_20cg_bios -
lenovo thinkpad_l450_bios -
lenovo thinkpad_x140e_amd_bios -
lenovo thinkpad_s5_yoga_15_bios -
lenovo thinkpad_yoga_11e_broadwell_bios -
lenovo thinkpad_11e_beema_bios -
lenovo thinkpad_t550_bios -
lenovo thinkpad_x260_bios -
lenovo thinkpad_t440p_bios -
lenovo thinkpad_e560_bios -
lenovo thinkpad_l440_bios -
lenovo thinkpad_l540_bios -
lenovo thinkpad_p70_bios -
lenovo thinkpad_11e_braswell_bios -
lenovo thinkpad_yoga_11e_bios -
lenovo thinkpad_t460s_bios -
lenovo thinkpad_x1_carbon_20ax_bios -
lenovo thinkpad_10_ella_2_bios -
lenovo thinkpad_e465_bios -
lenovo thinkpad_x250_sharkbay_bios -
lenovo thinkpad_edge_e540_bios -
lenovo thinkpad_e550_bios -
lenovo thinkpad_tablet_8_bios -
lenovo thinkpad_e455_bios -
lenovo thinkpad_x240s_bios -
lenovo thinkpad_edge_e445_bios -
lenovo thinkpad_edge_e440_bios -
lenovo thinkpad_x1_carbon_bios -
lenovo thinkpad_edge_e545_bios -
lenovo thinkpad_s5_e560p_bios -
lenovo thinkpad_e460_bios -
lenovo thinkpad_e550c_bios -
lenovo thinkpad_x1_carbon_20bx_bios -
lenovo thinkpad_13e_bios -
lenovo thinkpad_t540p_bios -
lenovo thinkpad_yoga_11e_braswell_bios -
CVE-2016-8223 HIGH

During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2016-8224 MEDIUM

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
lenovo notebook_ideapad_510s_12isk_bios -
lenovo notebook_ideapad_300_15ibr_bios -
lenovo notebook_xiaoxin_air_12_bios -
lenovo notebook_e41_80_bios -
lenovo notebook_ideapad_300_14isk_bios -
lenovo notebook_yoga_710_11ikb_bios -
lenovo notebook_e51_80_bios -
lenovo notebook_e31_80_bios -
lenovo thinkserver_ts450_bios -
lenovo notebook_yoga_900_13isk_bios -
lenovo notebook_e40_80_bios -
lenovo bios -
lenovo notebook_k41_80_bios -
lenovo notebook_ideapad_300_14ibr_bios -
lenovo notebook_ideapad_300_17isk_bios -
lenovo notebook_g40_80_bios -
lenovo notebook_yoga_510_15isk_bios -
lenovo notebook_b70_80_bios -
lenovo notebook_yoga_510_14isk_bios -
lenovo notebook_110_15ibr_bios -
lenovo notebook_g50_80_bios -
lenovo notebook_ideapad_300_15isk_bios -
lenovo notebook_yoga_900s_12isk_bios -
lenovo notebook_k21_80_bios -
lenovo notebook_g50_80_touch_bios -
lenovo notebook_110_14ibr_bios -
lenovo notebook_miix_710_12ikb_bios -
lenovo notebook_yoga_710_11isk_bios -
lenovo thinkserver_ts150_bios -
CVE-2016-8225 MEDIUM

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,

Products Affected

Vendor Product Version
lenovo edge_keyboard_driver *
lenovo slim_usb_keyboard_driver *
CVE-2016-8226 MEDIUM

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
lenovo system_x3250_m6_bios -
lenovo nextscale_nx360_m5_bios -
lenovo flex_system_x880_x6_bios -
lenovo system_x3650_m5_bios -
lenovo flex_system_x240_m5_bios -
lenovo system_x3500_m5_bios -
lenovo system_x3950_x6_bios -
lenovo flex_system_x280_m6_bios -
lenovo system_x3550_m5_bios -
lenovo system_x3850_x6_bios -
lenovo flex_system_x480_x6_bios -
CVE-2016-8227 HIGH

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lenovo transition -
CVE-2016-8228 HIGH

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo lenovo_service_bridge -
CVE-2016-8229 MEDIUM

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
lenovo lenovo_service_bridge -
CVE-2016-8230 MEDIUM

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo lenovo_service_bridge -
CVE-2016-8231 MEDIUM

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
lenovo lenovo_service_bridge -
CVE-2016-8233 MEDIUM

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2016-8235 HIGH

Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo customer_care_software_development_kit *
CVE-2016-8236 MEDIUM

Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
lenovo thinkserver_firmware *
CVE-2016-8237 HIGH

Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo updates -
CVE-2017-17833 HIGH

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lenovo thinkserver_td350_firmware *
openslp openslp 1.1.0
lenovo thinkserver_td340_firmware *
lenovo storage_n4610_firmware *
lenovo thinkserver_sd350_firmware -
lenovo thinkserver_rs160_firmware *
lenovo fan_power_controller *
lenovo thinkserver_rd340_firmware *
lenovo cmm *
lenovo thinkserver_rd450_firmware *
lenovo imm2 *
redhat enterprise_linux_server 7.0
lenovo thinkserver_rq750_firmware *
lenovo thinkserver_rd640_firmware *
debian debian_linux 7.0
lenovo thinkserver_rd650_firmware *
lenovo thinksystem_sr630_firmware -
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.6
lenovo imm1 *
lenovo thinkserver_rd350x_firmware -
redhat enterprise_linux_server_eus 7.6
lenovo thinkserver_rd350_firmware *
lenovo thinkserver_ts460_firmware *
lenovo thinkserver_rd550_firmware *
redhat enterprise_linux_desktop 7.0
lenovo storage_n3310_firmware *
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 14.04
lenovo thinkserver_rd450x_firmware -
lenovo bm_nextscale_fan_power_controller *
openslp openslp 1.0.2
canonical ubuntu_linux 16.04
lenovo xclarity_administrator *
lenovo thinkserver_rd350g_firmware -
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_desktop 6.0
lenovo thinksystem_hr650x_firmware -
lenovo thinkserver_rd540_firmware *
lenovo thinkserver_rd440_firmware *
redhat enterprise_linux_workstation 6.0
lenovo flex_system_fc3171_8gb_san_switch_firmware *
redhat enterprise_linux_server_aus 7.6
lenovo thinksystem_hr630x_firmware -
CVE-2017-3740 MEDIUM

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo active_protection_system 1.77.0.7
lenovo active_protection_system 1.77.0.9
lenovo active_protection_system 1.80.3.00
lenovo active_protection_system 1.82.0.10
lenovo active_protection_system 1.34
lenovo active_protection_system 1.40
lenovo active_protection_system 1.32
lenovo active_protection_system 1.30b
lenovo active_protection_system 1.80.11.00
lenovo active_protection_system 1.63
lenovo active_protection_system 1.80.1.00
lenovo active_protection_system 1.72
lenovo active_protection_system 1.23
lenovo active_protection_system 1.78.0.09
lenovo active_protection_system 1.00b
lenovo active_protection_system 1.21
lenovo active_protection_system 1.73
lenovo active_protection_system 1.53
lenovo active_protection_system 1.33b
lenovo active_protection_system 1.82.0.07
lenovo active_protection_system 1.71
lenovo active_protection_system 1.52
lenovo active_protection_system 1.79.0.03
lenovo active_protection_system 1.77.0.26
lenovo active_protection_system 1.61
lenovo active_protection_system 1.50
lenovo active_protection_system 1.01b
lenovo active_protection_system 1.51
lenovo active_protection_system 1.20b
lenovo active_protection_system 1.77.0.20
lenovo active_protection_system 1.22
lenovo active_protection_system 1.62
lenovo active_protection_system 1.74
lenovo active_protection_system 1.78.0.11
lenovo active_protection_system 1.76
lenovo active_protection_system 1.31
lenovo active_protection_system 1.82.0.06
lenovo active_protection_system 1.70
lenovo active_protection_system 1.75
lenovo active_protection_system 1.77.0.5
lenovo active_protection_system 1.77.0.8
lenovo active_protection_system 1.64
lenovo active_protection_system 1.78.0.10
lenovo active_protection_system 1.80.8.00
lenovo active_protection_system 1.54
lenovo active_protection_system 1.41
lenovo active_protection_system 1.81.0.08
lenovo active_protection_system 1.77.0.11
lenovo active_protection_system 1.82.0.03
CVE-2017-3741 LOW

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo power_management 1.67.12.23
lenovo power_management 1.67.12.19
CVE-2017-3742 LOW

In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo connect2 *
CVE-2017-3743 LOW

If multiple users are concurrently logged into a single system where one user is sending a command via the Lenovo ToolsCenter Advanced Settings Utility (ASU), UpdateXpress System Pack Installer (UXSPI) or Dynamic System Analysis (DSA) to a second machine, the other users may be able to see the user ID and clear text password that were used to access the second machine during the time the command is processing.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo advanced_settings_utility *
lenovo toolscenter_dynamic_system_analysis *
lenovo updatexpress_system_pack_installer *
CVE-2017-3744 MEDIUM

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
ibm integrated_management_module_firmware *
lenovo integrated_management_module_firmware *
CVE-2017-3745 LOW

In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2017-3746 HIGH

ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_usb_3.0_ethernet_adapter_driver -
CVE-2017-3747 LOW

Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo nerve_center -
CVE-2017-3751 HIGH

An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
lenovo thinkpad_compact_usb_keyboard_driver -
CVE-2017-3752 MEDIUM

An industry-wide vulnerability has been identified in the implementation of the Open Shortest Path First (OSPF) routing protocol used on some Lenovo switches. Exploitation of these implementation flaws may result in attackers being able to erase or alter the routing tables of one or many routers, switches, or other devices that support OSPF within a routing domain.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
ibm g8264t_firmware *
ibm virtual_fabric_10gb *
ibm g8264_firmware *
lenovo g8124e_firmware *
ibm en2092_1gb_firmware *
ibm g8264cs_firmware *
ibm g8124e_firmware *
ibm g8316_firmware *
lenovo g8296_firmware *
lenovo si4091_firmware *
lenovo fabric_cn4093_10gb_firmware *
lenovo g8332_firmware *
ibm g8052_firmware *
lenovo g8052_firmware *
lenovo g8264_firmware *
lenovo g8264cs_firmware *
ibm layer_2/3_copper_firmware *
lenovo fabric_en4093r_10gb_firmware *
ibm g8124_firmware *
ibm fabric_cn4093_10gb_firmware *
ibm 1:10g_firmware *
ibm fabric_en4093/en4093r_10gb_firmware *
ibm g8332_firmware *
ibm 1g_l2-7_slb *
lenovo g8272_firmware *
CVE-2017-3753 HIGH

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
lenovo thinkserver_ts450_firmware -
lenovo thinkstation_p900_firmware a6kt86a
lenovo thinkcentre_m8500t/s_firmware fbktc5a
lenovo yangtian_mc_h110_firmware m05kt61a
lenovo thinkcentre_m7300z_firmware fvkt42a
lenovo thinkcentre_e73z_(aio)_firmware fgkt49a
lenovo ideacentre_300s-11ish_firmware -
lenovo thinkcentre_m700_firmware m05kt54a
lenovo thinkcentre_m93p_firmware fbktc5a
lenovo thinkstation_s30_(4352)_firmware a2kt54a
lenovo thinkcentre_e74s_firmware m05kt54a
lenovo thinkcentre_m4600t/s_firmware m05kt54a
lenovo thinkserver_rd540_firmware a1tsb5a
lenovo thinkcentre_e73s_firmware fckt78a
lenovo thinkstation_e31_firmware 9skt97a
lenovo yangtian_afq150_firmware fwkt57a
lenovo thinkcentre_edge_62z_firmware f8kt40a
lenovo thinkcentre_x1_aio_firmware m0hkt32a
lenovo yangtian_mc_carrizo-l_firmware -
lenovo thinkcentre_m8350z_firmware fvkt42a
lenovo thinkcentre_m7250z_firmware fgkt46a
lenovo thinkstation_s30_(4351)_firmware a2kt54a
lenovo thinkcentre_m700z_firmware fvkt48a
lenovo thinkserver_ts150_firmware fbktc3a
lenovo thinkcentre_m83_firmware fbktcga
lenovo thinkcentre_e93_firmware fbktc5a
lenovo thinkcentre_m715q_firmware -
lenovo thinkserver_rs140_firmware fbkt91c
lenovo m4500_id_firmware fckt78a
lenovo thinkcentre_m910t/s_firmware -
lenovo thinkcentre_e75_t/s_firmware -
lenovo m4550_id_firmware fckt78a
lenovo thinkcentre_m6600q_firmware fwkt39a
lenovo thinkcentre_m4500q_firmware fhkt66a
lenovo thinkserver_rd340_firmware -
lenovo thinkstation_p310_firmware fwkt57a
lenovo thinkstation_p300_firmware fbktc6a
lenovo thinkcentre_m83z_(aio)_firmware fvkt42a
lenovo yangtian_mc_godavari_firmware m0lkt13a
lenovo s200z_firmware m09kt33a
lenovo thinkcentre_m910q_firmware -
lenovo thinkserver_ts140_firmware fbktc3a
lenovo yangtian_afh81_firmware fckt80a
lenovo thinkcentre_m8300z_firmware fvkt42a
lenovo thinkcentre_m800z_firmware fvkt42a
lenovo thinkserver_ts250_firmware -
lenovo thinkstation_c30_(1137)_firmware a1kt57a
lenovo thinkcentre_m92p_firmware 9skt95a
lenovo thinkserver_rq750_firmware 7.05
lenovo thinkserver_rd440_firmware a0tsb5a
lenovo thinkcentre_m6600t/s_firmware fwkt39a
lenovo thinkcentre_m8600t/s_firmware fwkt39a
lenovo thinkstation_p910_firmware -
lenovo yangtian_s3040_firmware fgkt49a
lenovo thinkserver_ts240_firmware fbktc3a
lenovo thinkcentre_e79_firmware m0lkt12a
lenovo thinkserver_rd640_firmware a1tsb5a
lenovo thinkcentre_m7200z_firmware fgkt46a
lenovo yangtian_me/we_h110_firmware m05kt61a
lenovo thinkcentre_m800_firmware fwkt39a
lenovo ideacentre_700_firmware -
lenovo thinkcentre_m4500t/s_firmware fckt78a
lenovo thinkcentre_m710t/s_firmware -
lenovo v320-15iap_firmware -
lenovo thinkstation_d30_(4353)_firmware a3kt57a
lenovo thinkcentre_m73_firmware fckt78a
lenovo m4500_firmware fckt78a
lenovo thinkcentre_m72e_firmware f1kt71a
lenovo thinkcentre_e93z_(aio)_firmware ffkt43a
lenovo thinkcentre_m73z_(aio)_firmware fgkt46a
lenovo ideacentre_510s-23isu_firmware o2ekt24a
lenovo thinkstation_p410_firmware -
lenovo yangtian_afh110_firmware m05kt73a
lenovo h50-30g_firmware fckt78a
lenovo thinkcentre_m4500k_firmware fckt78a
lenovo thinkstation_p320_firmware -
lenovo thinkstation_p500_firmware a4kt86a
lenovo yangtian_s800_firmware ffkt43a
lenovo thinkcentre_m6500t/s_firmware fbktc5a
lenovo thinkstation_p710_firmware -
lenovo thinkcentre_m8250z_firmware fgkt46a
lenovo thinkserver_td340_firmware a3tsb5a
lenovo thinkcentre_m810z_firmware -
lenovo thinkcentre_e74_firmware m05kt54a
lenovo thinkcentre_m600_firmware m00kt44a
lenovo thinkstation_p700_firmware a5kt86a
lenovo yangtian_mf/wf_h81_firmware fckt80a
lenovo thinkcentre_e73_firmware fckt78a
lenovo thinkcentre_m610_firmware -
lenovo thinkcentre_m900z_firmware fukt39a
lenovo thinkcentre_m900_firmware fwkt39a
lenovo yangtian_mc_h81_firmware fckt80a
lenovo thinkcentre_e74z_firmware fvkt48a
lenovo 63_firmware fckt78a
lenovo thinkstation_d30_(4354)_firmware a3kt57a
lenovo ideacentre_300-20ish_firmware -
lenovo thinkserver_ts550_firmware -
lenovo thinkcentre_m9550z_firmware fukt44a
lenovo ideacentre_510s-08ish_firmware -
lenovo thinkcentre_m79_firmware m0lkt12a
lenovo thinkcentre_m8200z_firmware fgkt46a
lenovo thinkstation_e32_firmware fbktc6a
lenovo thinkcentre_m910x_firmware -
lenovo thinkcentre_m73p_firmware fbktc5a
lenovo thinkcentre_m9500z_firmware fukt44a
lenovo thinkcentre_m92_firmware 9skt95a
lenovo s500_firmware m0kkt24a
lenovo thinkstation_p510_firmware -
lenovo thinkcentre_m6600_firmware fwkt39a
lenovo thinkcentre_m93_firmware fbktc5a
lenovo thinkstation_c30_(1136)_firmware a1kt57a
CVE-2017-3754 HIGH

Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo bios -
CVE-2017-3756 HIGH

A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_t460p_bios -
lenovo thinkpad_l560_bios -
lenovo thinkpad_p50_bios -
lenovo thinkpad_p50s_bios -
lenovo thinkpad_s1_yoga_vpro_bios -
lenovo thinkpad_s3_yoga_14_bios -
lenovo thinkpad_s1_yoga_non_vpro_bios -
lenovo thinkpad_s1_yoga_non_vpro -
lenovo thinkpad_e450_bios -
lenovo thinkpad_t540 -
lenovo thinkpad_x240 -
lenovo thinkpad_t450s -
lenovo thinkpad_11e_broadwell_bios -
lenovo thinkpad_w550s -
lenovo thinkpad_s1_yoga_12_bios -
lenovo thinkpad_s3_s440_bios -
lenovo thinkpad_x1_yoga_bios -
lenovo thinkpad_x250_sharkbay -
lenovo thinkpad_11e_skylake_bios -
lenovo thinkpad_t440_bios -
lenovo thinkpad_l460_bios -
lenovo thinkpad_s1_yoga_vpro -
lenovo thinkpad_e565_bios -
lenovo thinkpad_e450c -
lenovo thinkpad_yoga_260_s1_bios -
lenovo thinkpad_w541_bios -
lenovo thinkpad_s3_s440 -
lenovo thinkpad_x1_carbon_20bx -
lenovo thinkpad_e450 -
lenovo thinkpad_t560_bios -
lenovo thinkpad_t440u_bios -
lenovo thinkpad_yoga_14_460_s3_bios -
lenovo thinkpad_e450c_bios -
lenovo thinkpad_s540_bios -
lenovo thinkpad_t440s_bios -
lenovo thinkpad_helix_20cg_bios -
lenovo thinkpad_t550 -
lenovo thinkpad_11e_beema_bios -
lenovo thinkpad_l540 -
lenovo thinkpad_l440_bios -
lenovo thinkpad_e460 -
lenovo thinkpad_p50s -
lenovo thinkpad_l540_bios -
lenovo thinkpad_edge_e540 -
lenovo thinkpad_p70_bios -
lenovo thinkpad_edge_e445 -
lenovo thinkpad_yoga_11e_bios -
lenovo thinkpad_x1_carbon_20ax_bios -
lenovo thinkpad_10_ella_2 -
lenovo thinkpad_t460p -
lenovo thinkpad_e465_bios -
lenovo thinkpad_tablet_8 -
lenovo thinkpad_edge_e540_bios -
lenovo thinkpad_11e_beema -
lenovo thinkpad_e550_bios -
lenovo thinkpad_tablet_8_bios -
lenovo thinkpad_yoga_14_460_s3 -
lenovo thinkpad_e455_bios -
lenovo thinkpad_x1_tablet -
lenovo thinkpad_x240s_bios -
lenovo thinkpad_x1_carbon_20ax -
lenovo thinkpad_x1_carbon_bios -
lenovo thinkpad_e555 -
lenovo thinkpad_t460s -
lenovo thinkpad_x1_yoga -
lenovo thinkpad_13e_bios -
lenovo thinkpad_yoga_11e_beema -
lenovo thinkpad_t540p_bios -
lenovo thinkpad_s5_e560p -
lenovo thinkpad_helix_20cg -
lenovo thinkpad_t440s -
lenovo thinkpad_yoga_11e_beema_bios -
lenovo thinkpad_helix_20ch -
lenovo thinkpad_l450 -
lenovo thinkpad_e555_bios -
lenovo thinkpad_11e_broadwell -
lenovo thinkpad_edge_e545 -
lenovo thinkpad_x1_carbon -
lenovo thinkpad_p50 -
lenovo thinkpad_x1_tablet_bios -
lenovo thinkpad_t440p -
lenovo thinkpad_t560 -
lenovo thinkpad_x240_bios -
lenovo thinkpad_s5_yoga_15 -
lenovo thinkpad_s3_yoga_14 -
lenovo thinkpad_x240s -
lenovo thinkpad_yoga_11e_skylake -
lenovo thinkpad_t460_bios -
lenovo thinkpad_helix_20ch_bios -
lenovo thinkpad_w541 -
lenovo thinkpad_tablet_10_bios -
lenovo thinkpad_w540_bios -
lenovo thinkpad_yoga_11e_skylake_bios -
lenovo thinkpad_t440 -
lenovo thinkpad_x250_broadwell -
lenovo thinkpad_edge_e440 -
lenovo thinkpad_e465 -
lenovo thinkpad_l560 -
lenovo thinkpad_x250_broadwell_bios -
lenovo thinkpad_e550 -
lenovo thinkpad_x140e_amd -
lenovo thinkpad_t450s_bios -
lenovo thinkpad_w550s_bios -
lenovo thinkpad_e455 -
lenovo thinkpad_t450_bios -
lenovo thinkpad_tablet_10 -
lenovo thinkpad_e550c -
lenovo thinkpad_t540_bios -
lenovo thinkpad_l450_bios -
lenovo thinkpad_x140e_amd_bios -
lenovo thinkpad_s5_yoga_15_bios -
lenovo thinkpad_yoga_11e_broadwell_bios -
lenovo thinkpad_e565 -
lenovo thinkpad_t550_bios -
lenovo thinkpad_x260_bios -
lenovo thinkpad_t440p_bios -
lenovo thinkpad_e560_bios -
lenovo thinkpad_11e_braswell -
lenovo thinkpad_yoga_11e -
lenovo thinkpad_13e -
lenovo thinkpad_11e_braswell_bios -
lenovo thinkpad_t460s_bios -
lenovo thinkpad_yoga_260_s1 -
lenovo thinkpad_e560 -
lenovo thinkpad_10_ella_2_bios -
lenovo thinkpad_x250_sharkbay_bios -
lenovo thinkpad_t540p -
lenovo thinkpad_yoga_11e_braswell -
lenovo thinkpad_t450 -
lenovo thinkpad_l460 -
lenovo thinkpad_edge_e445_bios -
lenovo thinkpad_p70 -
lenovo thinkpad_edge_e440_bios -
lenovo thinkpad_edge_e545_bios -
lenovo thinkpad_yoga_11e_broadwell -
lenovo thinkpad_s5_e560p_bios -
lenovo thinkpad_e460_bios -
lenovo thinkpad_t460 -
lenovo thinkpad_x260 -
lenovo thinkpad_s1_yoga_12 -
lenovo thinkpad_w540 -
lenovo thinkpad_e550c_bios -
lenovo thinkpad_11e_skylake -
lenovo thinkpad_t440u -
lenovo thinkpad_x1_carbon_20bx_bios -
lenovo thinkpad_l440 -
lenovo thinkpad_s540 -
lenovo thinkpad_yoga_11e_braswell_bios -
CVE-2017-3758 HIGH

Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo service_framework -
CVE-2017-3759 MEDIUM

The Lenovo Service Framework Android application accepts some responses from the server without proper validation. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo service_framework -
CVE-2017-3760 MEDIUM

The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. This exposes the application to man-in-the-middle attacks leading to possible remote code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-354,CWE-522,

Products Affected

Vendor Product Version
lenovo service_framework -
CVE-2017-3761 HIGH

The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo service_framework -
CVE-2017-3762 HIGH

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
lenovo fingerprint_manager_pro *
CVE-2017-3763 LOW

An attacker who obtains access to the location where the LXCA file system is stored may be able to access credentials of local LXCA accounts in LXCA versions earlier than 1.3.2.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2017-3764 MEDIUM

A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2017-3765 MEDIUM

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lenovo enterprise_network_operating_system *
CVE-2017-3770 MEDIUM

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2017-3771 MEDIUM

System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkcentre_m710t_firmware *
lenovo aio_e95_firmware *
lenovo thinkcentre_m710s_firmware *
CVE-2017-3774 HIGH

A stack overflow vulnerability was discovered within the web administration service in Integrated Management Module 2 (IMM2) earlier than version 4.70 used in some Lenovo servers and earlier than version 6.60 used in some IBM servers. An attacker providing a crafted user ID and password combination can cause a portion of the authentication routine to overflow its stack, resulting in stack corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lenovo integrated_management_module_2 *
CVE-2017-3775 MEDIUM

Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lenovo flex_system_x480_x6_bios *
lenovo flex_system_x880_bios *
lenovo system_x3850_x6_bios *
lenovo system_x3650_m5_bios *
lenovo system_x3950_x6_bios *
lenovo system_x3500_m5_bios *
lenovo flex_system_x240_m5_bios *
lenovo system_x3250_m6_bios *
lenovo system_x3550_m5_bios *
lenovo flex_system_x280_x6_bios *
lenovo nextscale_nx360_m5_bios *
CVE-2017-3776 MEDIUM

Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo lenovo_help *
CVE-2017-5638 HIGH

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-755,CWE-755,

Products Affected

Vendor Product Version
apache struts 2.5.3
apache struts 2.5.1
oracle weblogic_server 12.2.1.2.0
apache struts 2.3.14.3
apache struts 2.3.20
apache struts 2.3.20.1
apache struts 2.3.11
oracle weblogic_server 10.3.6.0.0
apache struts 2.3.6
apache struts 2.3.31
apache struts 2.3.12
apache struts 2.3.13
apache struts 2.3.14.2
apache struts 2.3.15.3
netapp oncommand_balance -
apache struts 2.3.20.2
lenovo storage_v5030_firmware 7.8.1.0
apache struts 2.3.24.2
apache struts 2.5.9
ibm storwize_v5000_firmware 7.7.1.6
oracle weblogic_server 12.1.3.0.0
apache struts 2.3.21
apache struts 2.3.16.1
ibm storwize_v7000_firmware 7.7.1.6
apache struts 2.3.10
apache struts 2.5.8
apache struts 2.3.26
apache struts 2.3.8
apache struts 2.3.14.1
apache struts 2.3.20.3
apache struts 2.3.23
ibm storwize_v7000_firmware 7.8.1.0
apache struts 2.3.17
apache struts 2.3.15.1
apache struts 2.3.14
apache struts 2.3.16.2
hp server_automation 10.0.0
apache struts 2.3.28
apache struts 2.3.30
hp server_automation 10.1.0
apache struts 2.5.2
arubanetworks clearpass_policy_manager *
apache struts 2.3.5
apache struts 2.3.24
apache struts 2.3.27
apache struts 2.5
apache struts 2.3.19
hp server_automation 9.1.0
apache struts *
apache struts 2.5.10
ibm storwize_v3500_firmware 7.7.1.6
apache struts 2.3.24.3
apache struts 2.3.15.2
apache struts 2.3.28.1
apache struts 2.3.25
apache struts 2.3.15
apache struts 2.5.4
apache struts 2.3.16
apache struts 2.3.29
lenovo storage_v5030_firmware 7.7.1.6
hp server_automation 10.5.0
apache struts 2.3.9
apache struts 2.3.22
apache struts 2.5.7
apache struts 2.5.6
apache struts 2.3.24.1
oracle weblogic_server 12.2.1.1.0
ibm storwize_v5000_firmware 7.8.1.0
ibm storwize_v3500_firmware 7.8.1.0
apache struts 2.3.7
apache struts 2.5.5
apache struts 2.3.16.3
hp server_automation 10.2.0
CVE-2018-12169 MEDIUM

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
intel core_i7 4790
intel core_i7 4950hq
intel core_i5 4590t
lenovo thinkpad_p71 -
intel core_i3 4130
lenovo thinkpad_l480 -
intel core_i5 8350u
intel core_i7 4710mq
intel core_i7 8500y
intel core_i3 5010u
intel core_i7 8850h
intel core_i5 7y54
intel core_i7 4760hq
intel core_i3 4160
intel core_i7 4600u
intel core_i7 4785t
intel core_i3 4340te
intel core_i7 4910mq
intel core_i5 8300h
lenovo thinkpad_p52s -
intel core_i5 7200u
intel core_i5 4402e
intel core_i7 4980hq
intel core_i5 4410e
intel core_i3 5005u
intel core_i5 6442eq
intel core_i5 6500t
intel core_i7 4790t
intel core_i3 4170t
intel core_i5 7300hq
intel core_i5 5350u
intel core_i3 4025u
intel core_i3 4330
intel core_i7 4810mq
intel core_i3 8300t
intel core_i5 5200u
intel core_i3 6102e
intel core_i5 6260u
intel core_i7 4702hq
intel core_i5 7600k
intel core_i7 6660u
intel core_i5 7600
intel core_i5 4422e
intel core_i7 4700mq
intel core_i5 4200h
intel core_i7 6700hq
intel core_i3 8100
intel core_i5 7360u
intel core_i5 8500
intel core_i3 8300
intel core_i3 7300
intel core_i7 6567u
intel core_i7 4790k
intel core_i5 5250u
intel core_i5 6500te
intel core_i5 7500t
intel core_i7 6500u
intel core_i3 4100m
intel core_i3 4370t
intel core_i3 7350k
intel core_i3 4170
intel core_i7 7y75
intel core_i7 6820eq
intel core_i7 4900mq
lenovo thinkpad_e480 -
intel core_i3 4110e
intel core_i3 6167u
intel core_i7 4870hq
intel core_i5 7440hq
intel core_i3 6300t
intel core_i7 4558u
lenovo thinkpad_x1_tablet -
intel core_i5 6300hq
intel core_i5 4260u
intel core_i7 4722hq
intel core_i7 5775r
intel core_i5 4570te
intel core_i7 7600u
intel core_i3 6157u
intel core_i3 4102e
intel core_i7 6970hq
intel core_i5 6440eq
intel core_i3 4020y
intel core_i7 5600u
intel core_i3 4130t
intel core_i7 7660u
intel core_i7 8750h
intel core_i5 8305g
intel core_i7 6820hk
intel core_i7 8700t
lenovo thinkpad_x1_carbon -
intel core_i7 8700b
lenovo thinkpad_p72 -
intel core_i5 4690t
intel core_i7 6700
intel core_i3 4110m
intel core_i5 6402p
intel core_i5 8269u
intel core_i7 4770
intel core_i3 4000m
intel core_i5 4308u
intel core_i5 8500t
intel core_i5 4300u
intel core_i7 6600u
intel core_i3 6100t
intel core_i7 4750hq
intel core_i5 4400e
intel core_i5 4302y
intel core_i3 4030y
intel core_i5 5575r
intel core_i7 4770s
intel core_i3 4100e
intel core_i7 5850hq
lenovo thinkpad_l580 -
intel core_i3 4360t
intel core_i7 8565u
intel core_i5 5300u
intel core_i7 4770te
intel core_i5 7260u
intel core_i5 8400t
intel core_i7 7560u
intel core_i7 4765t
intel core_i7 4770k
intel core_i7 8705g
intel core_i3 6100u
lenovo thinkpad_yoga_370 -
intel core_i5 4310m
intel core_i5 4330m
intel core_i7 7700hq
intel core_i3 7100h
intel core_i3 4150t
lenovo thinkpad_t470s -
intel core_i7 4610m
intel core_i5 7267u
intel core_i7 4700ec
intel core_i3 4160t
intel core_i3 7100e
intel core_i7 6560u
intel core_i7 6870hq
intel core_i7 8559u
intel core_i3 7320
intel core_i7 8700k
intel core_i5 4430s
intel core_i7 8650u
intel core_i7 6770hq
intel core_i5 6300u
intel core_i7 4860hq
intel core_i3 6100h
intel core_i5 4200m
intel core_i5 4300m
intel core_i5 6267u
intel core_i5 4570r
intel core_i7 4702mq
intel core_i3 4360
intel core_i7 8550u
intel core_i5 4220y
intel core_i3 4010u
intel core_i5 8265u
intel core_i5 4278u
lenovo thinkpad_p52 -
intel core_i5 8250u
intel core_i5 7400
intel core_i3 7100t
intel core_i5 4202y
intel core_i5 5287u
intel core_i7 6785r
intel core_i7 4771
intel core_i5 5675c
lenovo thinkpad_e580 -
intel core_i3 4100u
lenovo thinkpad_p51 -
lenovo thinkpad_t480 -
intel core_i5 4310u
intel core_i3 4030u
intel core_i7 5500u
intel core_i5 8259u
intel core_i7 5700hq
intel core_i5 4670
intel core_i7 7700
intel core_i7 8809g
intel core_i5 4460s
intel core_i5 6600t
intel core_i5 4200u
intel core_i5 6287u
intel core_i7 4710hq
intel core_i5 6585r
intel core_i3 7300t
intel core_i5 7400t
intel core_i7 4770r
intel core_i5 7442eq
intel core_i7 5700eq
intel core_i3 8100t
intel core_i5 4570
intel core_i5 4350u
intel core_i5 4360u
intel core_i5 4590s
intel core_i5 4460t
intel core_i5 4690k
intel core_i5 6350hq
intel core_i7 4712hq
intel core_i7 7700k
intel core_i5 7500
intel core_i7 6700te
intel core_i7 4790s
intel core_i7 7820hk
intel core_i3 6320
intel core_i7 7820eq
intel core_i3 7102e
intel core_i3 7101e
lenovo thinkpad_t470p -
intel core_i3 4350t
lenovo thinkpad_l380 -
lenovo thinkpad_t480s -
intel core_i5 8400b
intel core_i3 7167u
intel core_i7 4800mq
intel core_i3 7020u
intel core_i5 4340m
intel core_i5 4460
intel core_i5 8500b
intel core_i3 6300
intel core_i5 8400h
intel core_i3 7100u
intel core_i5 4430
intel core_i5 4670s
intel core_i5 7300u
intel core_i7 4600m
intel core_i5 6200u
intel core_i7 6700k
intel core_i5 5675r
intel core_i5 5257u
intel core_i7 5557u
intel core_i5 7440eq
intel core_i3 4120u
intel core_i5 8600k
intel core_i5 4210u
intel core_i7 7700t
intel core_i3 7100
intel core_i3 4340
intel core_i5 4300y
intel core_i7 4712mq
lenovo thinkpad_x280 -
intel core_i3 8350k
lenovo thinkpad_x1_yoga -
intel core_i3 4150
intel core_i5 4210m
lenovo thinkpad_t580 -
intel core_i5 4690s
intel core_i9 8950hk
intel core_i5 4288u
intel core_i7 4500u
intel core_i3 8100h
intel core_i5 4570s
intel core_i5 4590
lenovo thinkpad_l380_yoga -
intel core_i5 6400
intel core_i5 6600k
intel core_i7 4510u
intel core_i7 4770hq
intel core_i5 4250u
intel core_i5 8200y
intel core_i7 5950hq
intel core_i7 5550u
lenovo thinkpad_t470 -
intel core_i3 6100e
intel core_i7 5650u
intel core_i7 8700
intel core_i3 6100te
intel core_i5 4670k
intel core_i7 5750hq
lenovo thinkpad_t25 -
intel core_i7 6650u
lenovo thinkpad_p51s -
intel core_i3 4010y
intel core_i5 4258u
intel core_i5 6685r
intel core_i3 4330t
intel core_i5 8400
intel core_i3 7130u
intel core_i7 8086k
intel core_i5 4210h
intel core_i3 4350
intel core_i7 4610y
intel core_i7 5775c
intel core_i3 5015u
intel core_i3 8109u
intel core_i7 5820k
intel core_i7 6920hq
lenovo thinkpad_x270 -
intel core_i5 4670t
intel core_i7 6820hq
intel core_i7 4702ec
intel core_i7 4720hq
intel core_i5 6440hq
intel core_i3 4370
intel core_i7 6700t
intel core_i5 7287u
intel core_i3 6006u
intel core_i7 8706g
intel core_i5 7600t
intel core_i7 5850eq
intel core_i7 7820hq
intel core_i3 5157u
intel core_i5 4570t
intel core_i7 7567u
intel core_i7 4770t
intel core_i3 4330te
intel core_i5 6400t
intel core_i7 4850hq
intel core_i3 8145u
lenovo thinkpad_x380_yoga -
intel core_i3 6098p
intel core_i5 4440s
intel core_i5 6600
intel core_i7 4550u
intel core_i5 4402ec
intel core_i3 4158u
intel core_i5 4670r
lenovo thinkpad_11e -
intel core_i3 6100
intel core_i5 6500
intel core_i7 4700eq
intel core_i5 5350h
intel core_i3 5020u
intel core_i7 4578u
intel core_i5 8600
intel core_i3 4005u
intel core_i5 4200y
intel core_i5 6360u
intel core_i5 7y57
intel core_i3 4112e
intel core_i7 4700hq
intel core_i3 7101te
intel core_i7 7920hq
intel core_i7 6822eq
intel core_i7 4650u
lenovo thinkpad_t570 -
intel core_i7 4960hq
intel core_i7 7500u
intel core_i5 4440
intel core_i3 4012y
intel core_i5 4210y
intel core_i7 8709g
intel core_i5 8600t
intel core_i3 8130u
CVE-2018-16089 HIGH

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16090 MEDIUM

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16091 MEDIUM

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16092 MEDIUM

In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16093 MEDIUM

In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
lenovo xclarity_integrator *
CVE-2018-16094 MEDIUM

In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16095 MEDIUM

In System Management Module (SMM) versions prior to 1.06, the SMM records hashed passwords to a debug log when user authentication fails.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16096 MEDIUM

In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-16097 MEDIUM

LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the upload of a certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-434,

Products Affected

Vendor Product Version
lenovo xclarity_integrator *
CVE-2018-16098 HIGH

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
lenovo thinkpad_x230_tablet_firmware -
lenovo thinkpad_twist_firmware -
lenovo thinkpad_t580_firmware -
lenovo thiankpad_l530_firmware -
lenovo thinkpad_x240_firmware -
lenovo thiankpad_p50s_firmware -
lenovo thinkpad_t460s_firmware -
lenovo thinkpad_x240s_firmware -
lenovo synaptics_thinkpad_ultranav_driver 19.3.4.219
lenovo thinkpad_x1_carbon_firmware -
lenovo thiankpad_p52s_firmware -
lenovo thinkpad_x220i_firmware -
lenovo thinkpad_t430i_firmware -
lenovo thinkpad_t440p_firmware -
lenovo thiankpad_p1_firmware -
lenovo synaptics_thinkpad_ultranav_driver 18.0.7.119
lenovo thinkpad_t470s_firmware -
lenovo thinkpad_t550_firmware -
lenovo synaptics_thinkpad_ultranav_driver 18.1.27.42
lenovo thinkpad_x230_firmware -
lenovo synaptics_thinkpad_ultranav_driver 19.0.17.140
lenovo thinkpad_t540p_firmware -
lenovo thinkpad_t540_firmware -
lenovo thinkpad_t440s_firmware -
lenovo thinkpad_t560_firmware -
lenovo thinkpad_w550s_firmware -
lenovo synaptics_thinkpad_ultranav_driver 16.2.19.23
lenovo thinkpad_x230i_firmware -
lenovo synaptics_thinkpad_ultranav_driver 19.5.19.33
lenovo thiankpad_s1_yoga_firmware -
lenovo thinkpad_t440_firmware -
lenovo thinkpad_t520i_firmware -
lenovo thinkpad_x280_firmware -
lenovo thinkpad_x1_hybrid_firmware -
lenovo thinkpad_x1_firmware -
lenovo thinkpad_x230i_tablet_firmware -
lenovo thinkpad_t530_firmware -
lenovo thiankpad_l430_firmware -
lenovo thiankpad_t420i_firmware -
lenovo thinkpad_x1_yoga_firmware -
lenovo thinkpad_t420s_firmware -
lenovo thinkpad_yoga_11e_firmware -
lenovo thinkpad_helix_firmware -
lenovo thiankpad_t420_firmware -
lenovo thinkpad_t470_firmware -
lenovo thinkpad_t431s_firmware -
lenovo thinkpad_w541_firmware -
lenovo thinkpad_t530i_firmware -
lenovo thinkpad_w530_firmware -
lenovo thinkpad_t420si_firmware -
lenovo thiankpad_p70_firmware -
lenovo thinkpad_x220_firmware -
lenovo thinkpad_x230s_firmware -
lenovo thiankpad_p51_firmware -
lenovo thiankpad_x1_extreme_firmware -
lenovo thinkpad_t570_firmware -
lenovo thinkpad_x250_firmware -
lenovo thinkpad_t520_firmware -
lenovo thinkpad_t430s_firmware -
lenovo thinkpad_s230u_firmware -
lenovo thiankpad_s430_firmware -
lenovo thinkpad_w540_firmware -
lenovo thinkpad_x220_tablet_firmware -
lenovo thiankpad_p51s_firmware -
CVE-2018-9062 HIGH

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
lenovo thinkpad_l380_firmware *
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_l580_firmware *
lenovo e42-80_isk_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_s1_firmware *
lenovo v310-15isk_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo e52-80_isk_firmware *
lenovo thinkpad_yoga_11e_firmware *
lenovo v510-14ikb_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo miix_720-12ikb_firmware *
lenovo thinkpad_e580_firmware *
lenovo v310-14ikb_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_p51s_firmware *
lenovo e42-80_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo v510-15ikb_firmware *
lenovo thinkpad_t580_firmware *
lenovo v310-15ikb_firmware *
lenovo thinkpad_t25_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo e52-80_firmware *
lenovo v310-14isk_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_e480_firmware *
CVE-2018-9063 MEDIUM

MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo System Update versions earlier than 5.07.0072 contains a local vulnerability where an attacker entering very large user ID or password can overrun the program's buffer, causing undefined behaviors, such as execution of arbitrary code. No additional privilege is granted to the attacker beyond what is already possessed to run MapDrv.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2018-9064 MEDIUM

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2018-9065 LOW

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service processor user names and passwords for servers previously managed by that LXCA instance, and potentially decrypt those credentials more easily than intended.

CVSS 2.0

Severity: LOW

Problem Type: CWE-312,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2018-9066 HIGH

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result in privileged command execution within LXCA's underlying operating system.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2018-9067 MEDIUM

The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo lenovo_help *
CVE-2018-9068 MEDIUM

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. This information is made available for download through an SFTP server hosted on the IMM2 management network interface. In versions earlier than 4.90 for Lenovo System x and earlier than 6.80 for IBM System x, the credentials to access the SFTP server are hard-coded and described in the IMM2 documentation, allowing an attacker with management network access to obtain the collected FFDC data. After applying the update, the IMM2 will create random SFTP credentials for use with OneCLI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
ibm system_x3630_m4_firmware *
ibm flex_system_x240_m4_firmware *
ibm system_x3100_m5_firmware *
ibm system_x3650_m4_firmware *
ibm flex_system_x880_m4_firmware *
ibm system_x3250_m4_firmware *
ibm system_x3300_m4_firmware *
ibm system_x3530_m4_firmware *
ibm flex_system_x440_m4_firmware *
ibm idataplex_dx360_m4_water_cooled_firmware *
ibm flex_system_x222_m4_firmware *
lenovo system_x3750_m4_firmware *
lenovo system_x3950_x6_firmware *
ibm system_x3650_m4_hd_firmware *
lenovo flex_system_x280_x6_firmware *
lenovo flex_system_x880_firmware *
lenovo system_x3500_m5_firmware *
ibm bladecenter_hs22_firmware *
ibm flex_system_x280_m4_firmware *
lenovo flex_system_x440_m4_firmware *
lenovo system_x3250_m6_firmware *
lenovo system_x3850_x6_firmware *
ibm nextscale_nx360_m4_firmware *
ibm system_x3550_m4_firmware *
ibm flex_system_x220_m4_firmware *
ibm system_x3750_m4_firmware *
ibm system_x3950_x6_firmware *
ibm system_x3850_x6_firmware *
lenovo system_x3650_m5_firmware *
lenovo system_x3550_m5_firmware *
ibm bladecenter_hs23_firmware *
lenovo nextscale_nx360_m5_firmware *
ibm flex_system_x480_m4_firmware *
ibm idataplex_dx360_m4_firmware *
ibm system_x3500_m4_firmware *
lenovo flex_system_x240_m4_firmware *
ibm system_x3250_m5_firmware *
lenovo flex_system_x240_m5_firmware *
lenovo flex_system_x480_x6_firmware *
ibm bladecenter_hs23e_firmware *
ibm system_x3100_m4_firmware *
ibm system_x3650_m4_bd_firmware *
CVE-2018-9069 HIGH

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H 0.7 5.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
hp yoga_510-14isk_firmware *
hp nano110-14ikb_firmware -
hp 710s_plus_touch-13ikb_firmware *
hp 7000_u42_firmware *
lenovo v310-15isk_firmware *
hp lenovo_ideapad_flex_5-1570_firmware *
hp lenovo_ideapad_520s-14ikbr_firmware -
hp 320s-14ikb *
hp lenovo_ideapad_320-14ikb(i+a)_firmware -
hp ideapad_2in1_14_firmware -
hp lenovo_ideapad_flex_5-1470_firmware *
hp lenovo_tianyi_310-15ikb_firmware -
hp 320-17ikbrn *
hp lenovo_ideapad_320-15abr_firmware -
hp lenovo_ideapad_320-15ikb(i+n)_firmware -
hp b320-14ikb_firmware -
hp y520-15ikba_firmware *
hp lenovo_tianyi_310-14ikb_firmware -
lenovo v310-14ikb_firmware *
hp miix_720-12ikb *
hp 320-15ikbrn_touch_firmware *
hp yoga_720-13ikb_firmware *
hp v330-14isk_firmware *
hp yoga_720-15ikb_firmware *
lenovo v510-15ikb_firmware *
hp flex_5-1570_firmware *
hp 520s-14ikb_firmware *
hp 710s_plus-3ikb_firmware *
hp lenovo_y520-15ikba_firmware *
hp nano110-15ikb_firmware *
hp lenovo_v720-14_firmware *
lenovo e52-80_firmware *
hp 510s-14isk_firmware *
hp lenovo_ideapad_720s-14ikb_firmware *
hp lenovo_ideapad_320s-15ikbr_firmware -
hp 310s-14isk_firmware *
hp yoga_310-11iap_firmware *
hp flex_4-1470_firmware *
hp lenovo_ideapad_320-14ikb(i+n)_firmware -
hp v330-14ikb_firmware *
lenovo v510-14ikb_firmware *
hp rescuer_y520-15ikbm_firmware *
hp xiaoxinair13ikbpro_firmware *
hp r720-15ikbn_firmware *
hp lenovo_ideapad_y520-15ikbn_firmware -
hp rescuer_r720-15ikbm_firmware *
hp lenovo_yoga_520-14ikb_firmware *
hp lenovo_yoga_520-15ikb_firmware *
hp 7000-15_u42_firmware *
hp 320-15ikbra_firmware *
hp r720-15ikba_firmware *
hp e43-80_kbl_firmware *
hp y720-15ikb_firmware *
lenovo e42-80_firmware *
hp lenovo_y520-15ikbm_firmware *
hp y520-15ikbn_firmware *
hp 710s_plus-13ikb_16g_firmware *
hp 320-15ikbrn_firmware *
hp yoga_720-13ikbr_firmware *
hp lenovo_y720-15ikb_firmware *
lenovo v310-15ikb_firmware *
hp lenovo_ideapad_320s-14ikbr_firmware -
hp 320s-15isk_firmware *
hp flex_5-1470_firmware *
hp 520-15ikbrn_firmware *
hp 320s-15ikb_firmware *
lenovo v310-14isk_firmware *
hp 720s-13ikb_firmware *
CVE-2018-9070 MEDIUM

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode and enable a web service intended for testing the device. As with most test modes, this provides extra privileges, including changing settings and running code. Lenovo Smart Assistant is an Amazon Alexa-enabled smart speaker developed by Lenovo.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo smart_assistant *
CVE-2018-9071 MEDIUM

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo chassis_management_module_firmware *
CVE-2018-9072 MEDIUM

In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
lenovo xclarity_integrator *
CVE-2018-9073 MEDIUM

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,

Products Affected

Vendor Product Version
lenovo chassis_management_module_firmware *
CVE-2018-9074 MEDIUM

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
lenovo lenovoemc_firmware *
CVE-2018-9075 HIGH

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo lenovoemc_firmware *
CVE-2018-9076 HIGH

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo lenovoemc_firmware *
CVE-2018-9077 HIGH

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo lenovoemc_firmware *
CVE-2018-9078 MEDIUM

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does not prevent the user from uploading SVG images and returns these images within their origin. As a result, malicious users can upload SVG images that contain arbitrary JavaScript that is evaluated when the victim issues a request to download the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo storcenter_px12-450r_firmware 4.1.402.34662
lenovo px12-400r_firmware 4.1.402.34662
lenovo storcenter_px6-300d_firmware 4.1.402.34662
lenovo storcenter_ix2_firmware 4.1.402.34662
lenovo ez_media_&_backup_center_firmware 4.1.402.34662
lenovo px4-400r_firmware 4.1.402.34662
lenovo storcenter_px4-300r_firmware 4.1.402.34662
lenovo storcenter_ix4-300d_firmware 4.1.402.34662
lenovo ix4-300d_firmware 4.1.402.34662
lenovo px4-400d_firmware 4.1.402.34662
lenovo storcenter_px2-300d_firmware 4.1.402.34662
lenovo px12-450r_firmware 4.1.402.34662
lenovo px4-300r_firmware 4.1.402.34662
lenovo storcenter_px4-300d_firmware 4.1.402.34662
lenovo storcenter_ix2-dl_firmware 4.1.402.34662
lenovo px4-300d_firmware 4.1.402.34662
lenovo px2-300d_firmware 4.1.402.34662
lenovo storcenter_px12-400r_firmware 4.1.402.34662
lenovo px6-300d_firmware 4.1.402.34662
lenovo ix2_firmware 4.1.402.34662
CVE-2018-9079 HIGH

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the origin of the device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo storcenter_px12-450r_firmware 4.1.402.34662
lenovo px12-400r_firmware 4.1.402.34662
lenovo storcenter_px6-300d_firmware 4.1.402.34662
lenovo storcenter_ix2_firmware 4.1.402.34662
lenovo ez_media_&_backup_center_firmware 4.1.402.34662
lenovo px4-400r_firmware 4.1.402.34662
lenovo storcenter_px4-300r_firmware 4.1.402.34662
lenovo storcenter_ix4-300d_firmware 4.1.402.34662
lenovo ix4-300d_firmware 4.1.402.34662
lenovo px4-400d_firmware 4.1.402.34662
lenovo storcenter_px2-300d_firmware 4.1.402.34662
lenovo px12-450r_firmware 4.1.402.34662
lenovo px4-300r_firmware 4.1.402.34662
lenovo storcenter_px4-300d_firmware 4.1.402.34662
lenovo storcenter_ix2-dl_firmware 4.1.402.34662
lenovo px4-300d_firmware 4.1.402.34662
lenovo px2-300d_firmware 4.1.402.34662
lenovo storcenter_px12-400r_firmware 4.1.402.34662
lenovo px6-300d_firmware 4.1.402.34662
lenovo ix2_firmware 4.1.402.34662
CVE-2018-9080 MEDIUM

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
lenovo storcenter_px12-450r_firmware 4.1.402.34662
lenovo px12-400r_firmware 4.1.402.34662
lenovo storcenter_px6-300d_firmware 4.1.402.34662
lenovo storcenter_ix2_firmware 4.1.402.34662
lenovo ez_media_&_backup_center_firmware 4.1.402.34662
lenovo px4-400r_firmware 4.1.402.34662
lenovo storcenter_px4-300r_firmware 4.1.402.34662
lenovo storcenter_ix4-300d_firmware 4.1.402.34662
lenovo ix4-300d_firmware 4.1.402.34662
lenovo px4-400d_firmware 4.1.402.34662
lenovo storcenter_px2-300d_firmware 4.1.402.34662
lenovo px12-450r_firmware 4.1.402.34662
lenovo px4-300r_firmware 4.1.402.34662
lenovo storcenter_px4-300d_firmware 4.1.402.34662
lenovo storcenter_ix2-dl_firmware 4.1.402.34662
lenovo px4-300d_firmware 4.1.402.34662
lenovo px2-300d_firmware 4.1.402.34662
lenovo storcenter_px12-400r_firmware 4.1.402.34662
lenovo px6-300d_firmware 4.1.402.34662
lenovo ix2_firmware 4.1.402.34662
CVE-2018-9081 LOW

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo storcenter_px12-450r_firmware 4.1.402.34662
lenovo px12-400r_firmware 4.1.402.34662
lenovo storcenter_px6-300d_firmware 4.1.402.34662
lenovo storcenter_ix2_firmware 4.1.402.34662
lenovo ez_media_&_backup_center_firmware 4.1.402.34662
lenovo px4-400r_firmware 4.1.402.34662
lenovo storcenter_px4-300r_firmware 4.1.402.34662
lenovo storcenter_ix4-300d_firmware 4.1.402.34662
lenovo ix4-300d_firmware 4.1.402.34662
lenovo px4-400d_firmware 4.1.402.34662
lenovo storcenter_px2-300d_firmware 4.1.402.34662
lenovo px12-450r_firmware 4.1.402.34662
lenovo px4-300r_firmware 4.1.402.34662
lenovo storcenter_px4-300d_firmware 4.1.402.34662
lenovo storcenter_ix2-dl_firmware 4.1.402.34662
lenovo px4-300d_firmware 4.1.402.34662
lenovo px2-300d_firmware 4.1.402.34662
lenovo storcenter_px12-400r_firmware 4.1.402.34662
lenovo px6-300d_firmware 4.1.402.34662
lenovo ix2_firmware 4.1.402.34662
CVE-2018-9082 MEDIUM

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
lenovo storcenter_px12-450r_firmware 4.1.402.34662
lenovo px12-400r_firmware 4.1.402.34662
lenovo storcenter_px6-300d_firmware 4.1.402.34662
lenovo storcenter_ix2_firmware 4.1.402.34662
lenovo ez_media_&_backup_center_firmware 4.1.402.34662
lenovo px4-400r_firmware 4.1.402.34662
lenovo storcenter_px4-300r_firmware 4.1.402.34662
lenovo storcenter_ix4-300d_firmware 4.1.402.34662
lenovo ix4-300d_firmware 4.1.402.34662
lenovo px4-400d_firmware 4.1.402.34662
lenovo storcenter_px2-300d_firmware 4.1.402.34662
lenovo px12-450r_firmware 4.1.402.34662
lenovo px4-300r_firmware 4.1.402.34662
lenovo storcenter_px4-300d_firmware 4.1.402.34662
lenovo storcenter_ix2-dl_firmware 4.1.402.34662
lenovo px4-300d_firmware 4.1.402.34662
lenovo px2-300d_firmware 4.1.402.34662
lenovo storcenter_px12-400r_firmware 4.1.402.34662
lenovo px6-300d_firmware 4.1.402.34662
lenovo ix2_firmware 4.1.402.34662
CVE-2018-9083 HIGH

In System Management Module (SMM) versions prior to 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-9084 MEDIUM

In System Management Module (SMM) versions prior to 1.06, if an attacker manages to log in to the device OS, the validation of software updates can be circumvented.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_management_module_firmware *
CVE-2018-9085 MEDIUM

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
ibm system_x3630_m4_firmware *
ibm flex_system_x240_m4_firmware *
ibm system_x3100_m5_firmware *
ibm system_x3650_m4_firmware *
ibm system_x3250_m4_firmware *
ibm system_x3300_m4_firmware *
ibm system_x3530_m4_firmware *
ibm flex_system_x440_m4_firmware *
ibm idataplex_dx360_m4_water_cooled_firmware *
ibm flex_system_x280_x6_firmware *
ibm flex_system_x222_m4_firmware *
lenovo system_x3750_m4_firmware *
ibm flex_system_x880_x6_firmware *
ibm system_x3650_m4_hd_firmware *
ibm flex_system_x480_x6_firmware *
lenovo flex_system_x440_m4_firmware *
ibm system_x3550_m4_firmware *
ibm flex_system_x220_m4_firmware *
ibm system_x3750_m4_firmware *
ibm system_x3950_x6_firmware *
ibm system_x3850_x6_firmware *
ibm bladecenter_hs23_firmware *
ibm idataplex_dx360_m4_firmware *
ibm system_x3500_m4_firmware *
lenovo flex_system_x240_m4_firmware *
ibm system_x3250_m5_firmware *
ibm bladecenter_hs23e_firmware *
ibm system_x3100_m4_firmware *
ibm system_x3650_m4_bd_firmware *
CVE-2018-9086 MEDIUM

In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
lenovo thinkserver_rd640_firmware *
lenovo thinkserver_td340_firmware *
lenovo thinkserver_rd440_firmware *
lenovo thinkserver_rd340_firmware *
CVE-2019-0130 MEDIUM

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H 2.8 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo thinkstation_p920_firmware -
intel rapid_storage_technology_enterprise *
lenovo thinkstation_p520c_firmware -
lenovo thinkstation_p720_firmware -
lenovo thinkstation_p520_firmware -
CVE-2019-0135 MEDIUM

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo thinkstation_p920_firmware -
intel rapid_storage_technology_enterprise *
lenovo thinkstation_p520c_firmware -
lenovo thinkstation_p720_firmware -
lenovo thinkstation_p520_firmware -
CVE-2019-0164 MEDIUM

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
lenovo thinkstation_p910_firmware -
lenovo thinkstation_p410_firmware -
lenovo thinkstation_p510_firmware -
lenovo thinkstation_p710_firmware -
intel turbo_boost_max_technology_3.0 *
CVE-2019-10724 MEDIUM

There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary processes that are running at a higher privilege. The following are affected products and versions: Legion Y520T_Z370 6.0.1.8642, AIO310-20IAP 6.0.1.8642, AIO510-22ISH 6.0.1.8642, AIO510-23ISH 6.0.1.8642, AIO520-22IKL 6.0.1.8642, AIO520-22IKU 6.0.1.8642, AIO520-24IKL 6.0.1.8642, AIO520-24IKU 6.0.1.8642, AIO520-27IKL 6.0.1.8642, AIO720-24IKB 6.0.1.8642, IdeaCentre 520S-23IKU 6.0.1.8642, ThinkCentre M700z 6.0.1.8642, ThinkCentre M800z 6.0.1.8642, ThinkCentre M810z 6.0.1.8642, ThinkCentre M818z 6.0.1.8642, ThinkCentre M900Z 6.0.1.8642, ThinkCentre M910z 6.0.1.8642, V410z(YT S4250) 6.0.1.8642, 330-14IKBR Win10:6.0.1.8652, 330-15IKBR Win10:6.0.1.8652, 330-15IKBR (Brazil) Win10:6.0.1.8652, 330-15IKBR Touch Win10:6.0.1.8652, 330-17IKBR Win10:6.0.1.8652, YOGA 730-13IKB Win10:6.0.1.8644, YOGA 730-15IKB Win10:6.0.1.8644, ThinkPad L560 6.0.1.8644 and 6.0.1.8652, ThinkPad L570 6.0.1.8644 and 6.0.1.8652, ThinkPad P50 6.0.1.8642, ThinkPad P50s 6.0.1.8642, ThinkPad P51s (20Jx, 20Kx) 6.0.1.8642, ThinkPad P51s (20Hx) 6.0.1.8642, ThinkPad P52s 6.0.1.8642, ThinkPad P70 6.0.1.8642, ThinkPad T25 6.0.1.8642, ThinkPad T460s 6.0.1.8642, ThinkPad T470 6.0.1.8642, ThinkPad T470s 6.0.1.8642, ThinkPad T480 6.0.1.8642, ThinkPad T480s 6.0.1.8642, ThinkPad T560 6.0.1.8642, ThinkPad T570 6.0.1.8642, ThinkPad T580 6.0.1.8642, ThinkPad X1 Carbon 8.66.76.72 and 8.66.68.54, ThinkPad X1 Carbon 6th 6.0.1.8642, ThinkPad X1 Carbon, X1 Yoga 8.66.62.92 and 8.66.62.54, ThinkPad X1 Tablet (20Gx) 6.0.1.8642, ThinkPad X1 Tablet (20Jx) 6.0.1.8642, ThinkPad X1 Tablet Gen 3 6.0.1.8642, ThinkPad X1 Yoga (20Jx) 8.66.88.60, ThinkPad X1 Yoga 3rd 6.0.1.8642, ThinkPad X280 6.0.1.8642, ThinkPad Yoga 260, S1 8.66.62.92 and 8.66.62.54.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo v730-15ikb_firmware -
lenovo v410z(yt_s4250)_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_l460_firmware -
lenovo v330-14ikb_firmware -
lenovo thinkpad_e575_firmware -
lenovo v330-15isk_firmware -
lenovo thinkpad_t480_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t570_firmware *
lenovo b330-15ikbr_firmware -
lenovo thinkpad_yoga_370_firmware -
lenovo flex_5-1570(r)_firmware -
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_a275_firmware -
lenovo thinkpad_x380_yoga_firmware -
lenovo thinkpad_s1_3rd_firmware -
lenovo aio310-20iap_firmware *
lenovo thinkpad_l560_firmware *
lenovo yoga_730-13ikb_firmware *
lenovo miix_525-12ikb_firmware -
lenovo v720-14_firmware -
lenovo thinkpad_s5_firmware -
lenovo thinkpad_p51s_firmware *
lenovo v330-15ikb_firmware -
lenovo yoga_730-15ikb_firmware *
lenovo aio720-24ikb_firmware *
lenovo thinkpad_e480_firmware -
lenovo thinkpad_l480_firmware -
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_t25_firmware *
lenovo 720s-15ikb_firmware -
lenovo thinkpad_t470_firmware *
lenovo yoga_book_c930_firmware -
lenovo thinkpad_t470p_firmware -
lenovo 330-14ikbr_firmware *
lenovo thinkpad_l380_firmware -
lenovo yoga_520-14ikbr_firmware -
lenovo thinkpad_s3-s440_firmware -
lenovo k42-80_firmware -
lenovo thinkpad_e460_firmware -
lenovo thinkpad_e485_firmware -
lenovo thinkpad_e570_firmware -
lenovo thinkpad_p40_firmware -
lenovo thinkpad_l580_firmware -
lenovo thinkpad_e585_firmware -
lenovo thinkcentre_m800z_firmware *
lenovo thinkpad_11e_firmware -
lenovo aio520-24iku_firmware *
lenovo thinkcentre_m910z_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo 100e_2nd_gen_firmware -
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_e565_firmware -
lenovo aio510-22ish_firmware *
lenovo thinkpad_s3_yoga_14_firmware -
lenovo thinkpad_e475_firmware -
lenovo thinkpad_x1_yoga_3rd_firmware *
lenovo thinkpad_t460_firmware -
lenovo flex_5-1470(r)_firmware -
lenovo v330-14isk_firmware -
lenovo thinkpad_p52s_firmware *
lenovo e43-80_firmware -
lenovo thinkpad_t560_firmware *
lenovo thinkpad_e560_firmware -
lenovo aio510-23ish_firmware *
lenovo 330-15ikbr_touch_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo aio520-24ikl_firmware *
lenovo thinkpad_l570_firmware *
lenovo 720s_touch-15ikb_firmware -
lenovo thinkpad_a475_firmware -
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo 330-17ikbr_firmware *
lenovo thinkpad_l470_firmware -
lenovo thinkpad_yoga_s1_firmware *
lenovo thinkpad_x260_firmware -
lenovo aio520-22iku_firmware *
lenovo thinkpad_e465_firmware -
lenovo thinkcentre_m818z_firmware *
lenovo aio520-22ikl_firmware *
lenovo aio520-27ikl_firmware *
lenovo e53-80_firmware -
lenovo legion_y520t_z370_firmware *
lenovo thinkpad_e580_firmware -
lenovo thinkpad_t460p_firmware -
lenovo thinkpad_p70_firmware *
lenovo thinkpad_13_firmware -
lenovo thinkpad_e470_firmware -
lenovo thinkpad_l380_yoga_firmware -
lenovo miix_520-12ikb_firmware -
lenovo yoga_720-12ikb_firmware -
lenovo yoga_14_firmware -
lenovo ideacentre_520s-23iku_firmware *
lenovo thinkpad_11e_yoga_firmware -
lenovo yoga_c930-13ikb_firmware -
lenovo thinkpad_t480s_firmware *
lenovo 330-15ikbr_firmware *
lenovo yoga_c930-13ikb_glass_firmware -
lenovo thinkpad_e560p_firmware -
lenovo thinkpad_t580_firmware *
lenovo 300e_2nd_gen_firmware -
lenovo k43c-80_firmware -
lenovo thinkcentre_m700z_firmware *
lenovo thinkcentre_m900z_firmware *
lenovo thinkpad_x270_firmware -
lenovo thinkpad_x1_yoga_firmware *
CVE-2019-18618 LOW

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
hp probook_640_g5_firmware *
lenovo thinkpad_p50_firmware *
synaptics vfs75xx_firmware 5.2.3530.26
synaptics vfs75xx_firmware 5.5.2734.1050
lenovo thinkpad_t480_firmware *
hp elitebook_x360_1030_g3_firmware *
hp elitebook_836_g6_firmware *
lenovo thinkpad_e490_firmware *
hp elitebook_x360_1020_g2_firmware *
synaptics vfs75xx_firmware 5.2.524.26
hp elitebook_840_g5_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_p51s_(20hx)_firmware *
hp elitebook_840_g6_healthcare_edition_firmware *
hp eliteone_1000_g2_firmware *
hp elitebook_x360_830_g6_firmware *
synaptics vfs75xx_firmware 5.5.17.1099
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_e590_firmware *
hp zbook_15u_g6_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_t25_(20k7)_firmware *
lenovo thinkpad_p72_firmware *
hp elitebook_846_g6_firmware *
hp probook_430_g6_firmware *
synaptics vfs75xx_firmware 5.5.35.1058
lenovo thinkpad_t470_(20jx)_firmware *
hp elitebook_745_g6_firmware *
hp pavilion_x360_firmware *
hp zbook_14u_g5_firmware *
synaptics vfs75xx_firmware 5.1.3507.26
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
hp elitebook_x360_1040_g5_firmware *
lenovo thinkpad_p51_firmware *
hp elitebook_x360_830_g5_firmware *
lenovo thinkpad_t570(20jx)_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
hp probook_455_g6_firmware *
lenovo thinkpad_p43s_firmware *
synaptics vfs75xx_firmware 5.5.502.79
lenovo thinkpad_p71_(20hx)_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
hp zbook_15_g5_firmware *
hp pro_x2_612_g2_firmware *
hp zhan_66_pro_13_g2_firmware *
hp zhan_x_13_g2_firmware *
synaptics vfs75xx_firmware 5.5.10.1100
hp elitebook_735_g5_firmware *
synaptics vfs75xx_firmware 5.2.320.26
hp zbook_17_g5_firmware *
lenovo thinkpad_x380_yoga_firmware *
synaptics vfs75xx_firmware 5.2.3109.26
hp probook_450_g6_firmware *
lenovo thinkpad_p51s_(20jx)_firmware *
synaptics vfs75xx_firmware 5.2.5024.26
hp elitebook_x360_1030_g2_firmware *
hp eliteone_1000_g1_firmware *
synaptics vfs75xx_firmware 5.5.512.1051
lenovo thinkpad_t470s_(20jx)_firmware *
hp elitebook_830_g6_firmware *
hp probook_445_g6_firmware *
hp elitebook_836_g5_firmware *
hp elitebook_840_g5_healthcare_edition_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
hp mt45_firmware *
hp envy_x360_firmware *
hp zbook_studio_x360_g5_firmware *
lenovo thinkpad_e490s_firmware *
hp zbook_studio_g5_firmware *
lenovo thinkpad_e480_firmware *
hp spectre_x360_firmware *
hp elitebook_1050_g1_firmware *
hp zhan_66_pro_15_g2_firmware *
lenovo thinkpad_l580_firmware *
hp elitebook_846_g6_healthcare_edition_firmware *
hp probook_440_g6_firmware *
lenovo thinkpad_p52_firmware *
hp elitebook_846_g5_healthcare_edition_firmware *
hp zbook_15u_g5_firmware *
lenovo thinkpad_t490s_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thankpad_a485_firmware *
hp elitebook_745_g5_firmware *
hp elitebook_x360_1040_g6_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_x1_tablet_firmware *
hp zbook_14u_g6_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_s3_firmware *
synaptics vfs75xx_firmware 5.5.4.1116
hp elitebook_755_g5_firmware *
hp probook_445r_g6_firmware *
lenovo thinkpad_s1_3rd_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
lenovo thinkpad_x1_carbon_firmware *
hp elitebook_830_g5_firmware *
hp zhan_66_pro_14_g2_firmware *
synaptics vfs75xx_firmware 5.1.337.26
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_a275_firmware *
lenovo thinkpad_e485_firmware *
synaptics vfs75xx_firmware 5.5.10.1106
lenovo thinkpad_t470s_(20hx)_firmware *
lenovo thinkpad_yoga_s1_firmware *
lenovo thinkpad_x1_extreme_firmware *
hp elitebook_846_g5_firmware *
lenovo thinkpad_x1_yoga_(20jx)_firmware *
hp elite_x2_1012_g2_firmware *
synaptics vfs75xx_firmware 5.5.17.1102
lenovo thinkpad_p1_firmware *
hp elite_x2_1013_g3_firmware *
hp elitebook_x360_1030_g4_firmware *
hp mt44_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_e585_firmware *
hp elitebook_840_g6_firmware *
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_p73_firmware *
hp elite_x2_g4_firmware *
lenovo thinkpad_p70_firmware *
hp probook_650_g5_firmware *
hp elite_slice_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
hp elitebook_850_g6_firmware *
synaptics vfs75xx_firmware 5.1.5.51
synaptics vfs75xx_firmware 5.5.2810.1050
hp zbook_17_g6_firmware *
hp elitebook_1040_g4_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_25_firmware *
synaptics vfs75xx_firmware 5.5.8.1092
hp elitebook_850_g5_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_t580_firmware *
hp zbook_15_g6_firmware *
lenovo thankpad_a475_firmware *
synaptics vfs75xx_firmware 5.3.3541.26
hp elitebook_735_g6_firmware *
lenovo thinkpad_x1_tablet_(20jx)_firmware *
lenovo thinkpad_x1_yoga_firmware *
hp probook_455r_g6_firmware *
lenovo thinkpad_r590_firmware *
CVE-2019-18619 MEDIUM

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-763,

Products Affected

Vendor Product Version
lenovo thinkpad_p50_firmware *
synaptics vfs75xx_firmware 5.5.15.1102
synaptics vfs75xx_firmware 5.2.3530.26
synaptics vfs75xx_firmware 5.5.2734.1050
lenovo thinkpad_t480_firmware *
synaptics vfs75xx_firmware 5.5.2811.1050
lenovo thinkpad_e490_firmware *
synaptics vfs75xx_firmware 5.2.524.26
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_p51s_(20hx)_firmware *
hp envy_17-bw0xxx_firmware *
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_e590_firmware *
hp envy_15m-cn0xxx_x360_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_t25_(20k7)_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_t470_(20jx)_firmware *
hp envy_15-dr1xxx_x360_(validity_fps)_firmware *
hp pavilion_x360_14t-cd100_firmware *
synaptics vfs75xx_firmware 5.5.11.1106
hp envy_17-ce1xxx_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_t570(20jx)_firmware *
lenovo thinkpad_t570_(20hx)_firmware *
hp envy_-_17t-ce000_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_p71_(20hx)_firmware *
lenovo thinkpad_t470_(20hx)_firmware *
synaptics vfs75xx_firmware 5.6.23.1000
hp pavilion_x360_-_15t-dq000_firmware *
hp envy_13-aq0xxx_firmware *
hp envy_15-cn1xxx_x360_firmware *
hp envy_13-aq1xxx_firmware *
hp envy_15-dr0xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_x380_yoga_firmware *
synaptics vfs75xx_firmware 6.0.32.1104
synaptics vfs75xx_firmware 5.2.225.26
synaptics vfs75xx_firmware 5.5.38.1058
lenovo thinkpad_p51s_(20jx)_firmware *
hp envy_15-cn0xxx_x360_firmware *
lenovo thinkpad_t470s_(20jx)_firmware *
hp pavilion_x360_-_15t-dq100_firmware *
hp envy_15-dr0xxx_x360_firmware *
hp envy_x360_-_15t-dr100_firmware *
hp envy_17m-ce0xxx_firmware *
lenovo thinkpad_yoga_260_firmware *
hp envy_x360_-_15t-dr000_firmware *
lenovo thinkpad_p51s_(20kx)_firmware *
hp envy_-_13t-ah100_firmware *
hp envy_15m-dr1xxx_x360_firmware *
hp envy_17m-ce1xxx_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_e480_firmware *
hp spectre_x360_firmware *
hp envy_x360_-_15t-dr000_(validity_fps)_firmware *
lenovo thinkpad_l580_firmware *
hp envy_17-ce0xxx_firmware *
hp pavilion_14-dh0xxx_x360_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_t490s_firmware *
synaptics vfs75xx_firmware 6.0.42.1107
hp envy_15m-dr1xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_x1_carbon_(20hx)_firmware *
hp pavilion_14m-dh0xxx_x360_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
synaptics vfs75xx_firmware 5.2.318.26
lenovo thinkpad_x1_yoga_4th_gen_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thankpad_a485_firmware *
hp envy_15m-dr0xxx_x360_(validity_fps)_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_s3_firmware *
hp pavilion_x360_14t-dh000_firmware *
lenovo thinkpad_s1_3rd_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x1_carbon_(20kx)_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_a275_firmware *
lenovo thinkpad_e485_firmware *
hp pavilion_15_firmware *
hp envy_-_17t-bw000_firmware *
lenovo thinkpad_t470s_(20hx)_firmware *
lenovo thinkpad_yoga_s1_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_x1_yoga_(20jx)_firmware *
lenovo thinkpad_p1_firmware *
hp envy_15m-dr0xxx_x360_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_e585_firmware *
lenovo thinkpad_p1_gen_2_firmware *
hp pavilion_x360_-_14t-cd000_firmware *
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
hp envy_-_17t-ce100_firmware *
synaptics vfs75xx_firmware 5.3.3539.26
hp envy_13-ah1xxx_firmware *
hp envy_x360_-_15t-dr100_(validity_fps)_firmware *
lenovo thinkpad_x390_firmware *
hp envy_x360_-_15t-cn000_firmware *
hp pavilion_14m-cd0xxx_x360_firmware *
lenovo thinkpad_25_firmware *
synaptics vfs75xx_firmware 5.5.8.1096
hp pavilion_14-cd1xxx_x360_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_t580_firmware *
lenovo thankpad_a475_firmware *
lenovo thinkpad_x1_tablet_(20jx)_firmware *
synaptics vfs75xx_firmware 5.5.10.1093
hp envy_-_13t-aq100_firmware *
hp pavilion_14-cd2xxx_x360_firmware *
lenovo thinkpad_x1_yoga_firmware *
synaptics vfs75xx_firmware 6.0.14.1108
hp envy_15-dr1xxx_x360_firmware *
lenovo thinkpad_r590_firmware *
hp envy_17m-bw0xxx_firmware *
synaptics vfs75xx_firmware 5.5.3.1116
hp envy_13-ah0xxx_firmware *
CVE-2019-19705

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading.

Products Affected

Vendor Product Version
lenovo ideacentre_310s-08iap_firmware *
lenovo legion_y720_tower_firmware *
lenovo thinkcentre_m8300z_firmware *
lenovo v410z(yt_s4250)_firmware *
lenovo thinkpad_l460_firmware *
lenovo thinkpad_p50_firmware *
lenovo lenovo_v320-15iap_firmware *
lenovo thinkcentre_m7300z_firmware *
lenovo thinkpad_t480_firmware *
lenovo legion_y920_tower_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkcentre_m6600t/s_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_t570_firmware *
lenovo yangtian_mc_h110_firmware *
lenovo thinkpad_t460s_firmware *
lenovo ideacentre_310a-15iap_firmware *
lenovo thinkpad_yoga_11e_3rd_gen_firmware *
lenovo aio310-20iap_firmware *
lenovo thinkpad_l560_firmware *
lenovo yangtian_mc_h110_pci_firmware *
lenovo thinkcentre_m910q_firmware *
lenovo thinkcentre_m9500z_firmware *
lenovo thinkpad_yoga_11e_4th_gen_firmware *
lenovo thinkpad_p51s_firmware *
lenovo aio720-24ikb_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_t25_firmware *
lenovo ideacentre_620s-03ikl_firmware *
lenovo ideacentre_610s-02ish_firmware *
lenovo thinkserver_ts140_firmware *
lenovo thinkcentre_m8350z_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkcentre_e95z_firmware *
lenovo thinkcentre_m715q_firmware *
lenovo aio_910-27ish_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkserver_ts150_firmware *
lenovo thinkserver_ts550_firmware *
lenovo thinkcentre_m710t/s_firmware *
lenovo thinkcentre_m710e_firmware *
lenovo ideacentre_510s-08ish_firmware *
lenovo ideacentre_700_firmware *
lenovo ideacentre_510s-08ikl_firmware *
lenovo thinkcentre_m9550z_firmware *
lenovo yangtian_afq150_firmware *
lenovo thinkcentre_m800z_firmware *
lenovo thinkcentre_m8600t/s_firmware *
lenovo thinkpad_l470_firmware *
lenovo yangtian_tc/wc_h110_pci_firmware *
lenovo aio520-24iku_firmware *
lenovo thinkcentre_m910x_firmware *
lenovo thinkcentre_e74z_firmware *
lenovo thinkpad_x250_firmware *
lenovo thinkcentre_m910z_firmware *
lenovo thinkstation_p310_firmware *
lenovo thinkserver_ts450_firmware *
lenovo thinkpad_l450_firmware *
lenovo thinkcentre_m800_firmware *
lenovo ideacentre_310-15asr_firmware *
lenovo thinkpad_t470s_firmware *
lenovo yangtian_me/we_h110_firmware *
lenovo thinkpad_l580_firmware *
lenovo aio510-22ish_firmware *
lenovo thinkcentre_m900_firmware *
lenovo thinkserver_ts240_firmware *
lenovo thinkpad_t470p_firmware *
lenovo legion_y720t_amd_firmware *
lenovo thinkcentre_m700t/s_firmware *
lenovo thinkpad_x270_firmware *
lenovo yangtian_mf/wf_h110_pci_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo yangtian_ytm6900e-00_firmware *
lenovo aio510-23ish_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo aio520-24ikl_firmware *
lenovo ideacentre_510-15abr_firmware *
lenovo thinkpad_l570_firmware *
lenovo sydney_e3_h110_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo ideacentre_300s-11ish_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo thinkpad_s3_3rd_gen_firmware *
lenovo thinkpad_a275_firmware *
lenovo thinkstation_p318_firmware *
lenovo aio520-22iku_firmware *
lenovo yangtian_afh110_firmware *
lenovo thinkcentre_m818z_firmware *
lenovo thinkpad_l380_firmware *
lenovo aio300-23isu_firmware *
lenovo thinkpad_13_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo ideacentre_310-15iap_firmware *
lenovo v310z(yt_s3150)_firmware *
lenovo thinkcentre_m710q_firmware *
lenovo aio520-22ikl_firmware *
lenovo thinkpad_t450_firmware *
lenovo thinkcentre_m6600q_firmware *
lenovo aio520-27ikl_firmware *
lenovo thinkpad_t460p_firmware *
lenovo legion_y520t_z370_firmware *
lenovo thinkcentre_m715t/s_firmware *
lenovo ideacentre_510-15ikl_firmware *
lenovo thinkpad_t450s_firmware *
lenovo v510z_(yt_s5250)_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkcentre_m910_t/s_firmware *
lenovo thinkpad_a475_firmware *
lenovo ideacentre_720-18asr_firmware *
lenovo thinkpad_s2_yoga_3rd_gen_firmware *
lenovo thinkpad_l480_firmware *
lenovo qt_a7400_firmware *
lenovo yta8900f_firmware *
lenovo thinkstation_p320_tiny_firmware *
lenovo ideacentre_520s-23iku_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkstation_p320_firmware *
lenovo thinkcentre_e74s_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkcentre_m700q_firmware *
lenovo thinkserver_ts250_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkcentre_x1_aio_firmware *
lenovo thinkpad_l13_yoga_firmware *
lenovo thinkpad_s2_yoga_4th_gen_firmware *
lenovo thinkcentre_m700z_firmware *
lenovo thinkcentre_m900z_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkcentre_m6600_firmware *
lenovo yangtian_s4150_firmware *
lenovo thinkstation_p330_firmware *
lenovo aio_y910-27ish_firmware *
CVE-2019-19756 LOW

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N 1.5 5.8
nvd@nist.gov 6.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 0.8 5.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
lenovo xclarity_administrator 2.6.0
CVE-2019-19757 LOW

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered a Document Object Model (DOM) based cross-site scripting vulnerability in versions prior to 2.6.6 that could allow JavaScript code to be executed in the user's web browser if a specially crafted link is visited. The JavaScript code is executed on the user's system, not executed on LXCA itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-19758 MEDIUM

A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
lenovo ez_media_&_backup_center_ix2_firmware *
lenovo ez_media_&_backup_center_ix2-dl_firmware *
CVE-2019-6149 HIGH

An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
lenovo dynamic_power_reduction *
CVE-2019-6154 MEDIUM

A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
lenovo bootable_usb *
CVE-2019-6156 LOW

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

CVSS 2.0

Severity: LOW

Problem Type: CWE-667,

Products Affected

Vendor Product Version
lenovo thinkcentre_m910s_firmware *
lenovo v530-24icb(yt_s5350)_firmware *
lenovo v410z(yt_s4250)_firmware *
lenovo thinkcentre_e93_(twr)_firmware *
lenovo thinkcentre_m4500t_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo yangtian_ytm6900e-00_firmware -
lenovo m4500_id_firmware -
lenovo thinkcentre_e73_(sff)_firmware -
lenovo thinkstation_p520_firmware -
lenovo thinkcentre_m710e_firmware -
lenovo yangtian_mc_h81_firmware -
lenovo aio520-22ikl_firmware -
lenovo thinkpad_e570p_firmware *
lenovo thinkstation_p920_firmware -
lenovo thinkcentre_e73_(twr)_firmware -
lenovo thinkcentre_m4500s_firmware -
lenovo thinkcentre_m920z_firmware -
lenovo ideacentre_300s-11ish_firmware -
lenovo qitian_m4650_firmware -
lenovo lenovo_63_firmware -
lenovo thinkstation_p300_firmware *
lenovo legion_y520t_z370_firmware -
lenovo aio520-22iku_firmware -
lenovo thinkcentre_m720q_firmware *
lenovo thinkcentre_m93_firmware *
lenovo thinkcentre_m910q_firmware *
lenovo yangtian_mf/wf_h110_pci_firmware -
lenovo thinkstation_p310_firmware -
lenovo thinkcentre_m710t_firmware -
lenovo legion_c530-19icb_firmware *
lenovo thinkcentre_m4500k_firmware -
lenovo thinkcentre_m700s_firmware -
lenovo thinkcentre_m73_(sff)_firmware -
lenovo thinkcentre_m6600s_firmware *
lenovo thinkcentre_m93p_(sff)_firmware *
lenovo thinkcentre_e74_firmware -
lenovo aio520-24ikl_firmware -
lenovo ideacentre_510a-15icb_firmware *
lenovo thinkcentre_m6500t_firmware *
lenovo thinkcentre_e74z_firmware -
lenovo thinkcentre_m910t_firmware *
lenovo thinkcentre_m4600s_firmware -
lenovo thinkstation_s30_refresh_firmware -
lenovo 530s-07icb_firmware -
lenovo thinkcentre_e95z_firmware *
lenovo aio_910-27ish_firmware *
lenovo thinkcentre_e96z_firmware *
lenovo thinkcenter_m700z_firmware -
lenovo thinkcentre_m720t_firmware *
lenovo thinkcentre_m800z_firmware -
lenovo ideacentre_620s-03ikl_firmware -
lenovo yangtian_me/we_h110_firmware -
lenovo thinkcentre_m920x_firmware *
lenovo qt_m410_firmware -
lenovo thinkstation_c30_refresh_firmware -
lenovo thinkpad_t460_firmware *
lenovo thinkcentre_e93_(sff)_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo qt_a7400_firmware -
lenovo v530-22icb(yt_s4350)_firmware *
lenovo thinkcentre_m700t_firmware -
lenovo thinkcentre_m818z_firmware -
lenovo thinkpad_e560p_firmware *
lenovo thinkcentre_m8500s_firmware *
lenovo ideacentre_700_firmware *
lenovo qitian_m4550_firmware -
lenovo thinkpad_x380_yoga_firmware *
lenovo qitian_4500_firmware -
lenovo thinkcentre_m920s_firmware *
lenovo thinkstation_d30_refresh_firmware -
lenovo thinkstation_p700_firmware -
lenovo yangtian_afq150_firmware *
lenovo qt_m415_firmware -
lenovo thinkcentre_m9500z_firmware -
lenovo legion_y720_tower_firmware -
lenovo aio520-24iku_firmware -
lenovo 330-15igm_firmware *
lenovo 510s-08ikl_firmware -
lenovo m4550_id_firmware -
lenovo thinkcentre_m6600t_firmware *
lenovo thinkcentre_m73_(twr)_firmware -
lenovo thinkcentre_m910z_firmware -
lenovo thinkcentre_m700z_firmware -
lenovo thinkstation_p520c_firmware -
lenovo qt_b415_firmware -
lenovo thinkcentre_m910x_firmware *
lenovo thinkstation_p720_firmware -
lenovo thinkcentre_m83_(tiny)_firmware *
lenovo thinkcentre_m7300z_firmware -
lenovo thinkcentre_m8500t_firmware *
lenovo thinkstation_p910_firmware -
lenovo thinkcentre_m900z_firmware -
lenovo thinkcentre_e75s_firmware -
lenovo thinkcentre_m8350z_firmware -
lenovo qitian_b4650_firmware -
lenovo qitian_b4550_firmware -
lenovo thinkpad_e480_firmware *
lenovo thinkcentre_m83z_(aio)_firmware -
lenovo thinkcentre_m800_firmware *
lenovo qitian_m4600_firmware -
lenovo thinkpad_l580_firmware *
lenovo aio520-27ikl_firmware -
lenovo thinkcentre_m900_firmware *
lenovo thinkcentre_m8600t_firmware *
lenovo 510-15ikl_firmware -
lenovo yangtian_ms/ws_h81_firmware -
lenovo thinkcentre_m93p_tiny_firmware *
lenovo ideacentre_720-18icb_firmware *
lenovo thinkcentre_e74s_firmware -
lenovo yangtian_tc/wc_h110_pci_firmware -
lenovo yangtian_mf/wf_h81_pci_firmware -
lenovo legion_t530-28icb_firmware *
lenovo thinkstation_p500_firmware -
lenovo thinkpad_e580_firmware *
lenovo thinkcentre_m820z_firmware -
lenovo yangtian_tc/wcc_h81_pci_firmware -
lenovo thinkstation_p410_firmware -
lenovo thinkcentre_m8600s_firmware *
lenovo aio_y910-27ish_firmware -
lenovo thinkstation_e32_firmware *
lenovo legion_c730-19ico_firmware *
lenovo thinkcentre_m710s_firmware -
lenovo yangtian_afh110_firmware -
lenovo thinkstation_p318_firmware *
lenovo thinkcentre_m4500q_firmware -
lenovo thinkstation_p710_firmware -
lenovo thinkcentre_s510_firmware -
lenovo ideacentre_510-15icb_firmware *
lenovo v520t-15ikl_firmware -
lenovo thinkstation_p330_tiny_firmware *
lenovo v310z(yt_s3150)_firmware *
lenovo thinkcentre_m810z_firmware -
lenovo yangtian_afh81_firmware -
lenovo legion_t730-28ico_firmware *
lenovo thinkcentre_m710q_firmware *
lenovo ideacentre_730s-24ikb_firmware *
lenovo 330-14igm_firmware *
lenovo thinkcentre_m6600q_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkcentre_x1_aio_firmware -
lenovo v510z_(yt_s5250)_firmware *
lenovo thinkcentre_e75t_firmware -
lenovo thinkcentre_m9550z_firmware -
lenovo thinkpad_l480_firmware *
lenovo thinkcentre_m73_tiny_firmware -
lenovo yangtian_mc_h110_pci_firmware -
lenovo yta8900f_firmware *
lenovo thinkstation_p320_tiny_firmware *
lenovo v520s-08ikl_firmware -
lenovo thinkcentre_m610_firmware *
lenovo ideacentre_520s-23iku_firmware *
lenovo thinkcenter_m800z_firmware -
lenovo legion_y920_tower_firmware -
lenovo thinkcentre_m6500s_firmware *
lenovo thinkcentre_m4600t_firmware -
lenovo thinkcentre_m83_(twr)_firmware *
lenovo yangtian_mc_h110_firmware -
lenovo ideacentre_300-20ish_firmware -
lenovo thinkcentre_m93p_(twr)_firmware *
lenovo thinkstation_p320_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkcentre_e73s_firmware -
lenovo aio300-23isu(c5130)_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkcentre_m700q_firmware *
lenovo m4500_firmware -
lenovo ideacentre_510s-08ish_firmware -
lenovo thinkstation_p900_firmware -
lenovo thinkcentre_m8300z_firmware -
lenovo thinkcentre_m6600_firmware *
lenovo thinkpad_s5_firmware *
lenovo h50-30g_desktop_firmware -
lenovo thinkstation_p330_firmware *
lenovo thinkstation_p510_firmware -
lenovo thinkcentre_m83_(sff)_firmware *
lenovo thinkcentre_m73p_firmware *
CVE-2019-6157 MEDIUM

In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
ibm system_x3630_m4_firmware *
ibm flex_system_x240_m4_firmware *
ibm system_x3100_m5_firmware *
ibm system_x3650_m4_firmware *
ibm flex_system_x880_m4_firmware *
ibm system_x3250_m4_firmware *
ibm system_x3300_m4_firmware *
ibm system_x3530_m4_firmware *
ibm flex_system_x440_m4_firmware *
ibm idataplex_dx360_m4_water_cooled_firmware *
ibm flex_system_x222_m4_firmware *
lenovo system_x3750_m4_firmware *
lenovo system_x3950_x6_firmware *
ibm system_x3650_m4_hd_firmware *
lenovo flex_system_x280_x6_firmware *
lenovo flex_system_x880_firmware *
lenovo system_x3500_m5_firmware *
ibm bladecenter_hs22_firmware *
ibm flex_system_x280_m4_firmware *
lenovo flex_system_x440_m4_firmware *
lenovo system_x3250_m6_firmware *
lenovo system_x3850_x6_firmware *
ibm nextscale_nx360_m4_firmware *
ibm system_x3550_m4_firmware *
ibm flex_system_x220_m4_firmware *
ibm system_x3750_m4_firmware *
ibm system_x3950_x6_firmware *
ibm system_x3850_x6_firmware *
lenovo system_x3650_m5_firmware *
lenovo system_x3550_m5_firmware *
ibm bladecenter_hs23_firmware *
lenovo nextscale_nx360_m5_firmware *
ibm flex_system_x480_m4_firmware *
ibm idataplex_dx360_m4_firmware *
ibm system_x3500_m4_firmware *
lenovo flex_system_x240_m4_firmware *
ibm system_x3250_m5_firmware *
lenovo flex_system_x240_m5_firmware *
lenovo flex_system_x480_x6_firmware *
ibm bladecenter_hs23e_firmware *
ibm system_x3100_m4_firmware *
ibm system_x3650_m4_bd_firmware *
CVE-2019-6158 MEDIUM

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6159 MEDIUM

A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo system_x3400_m3_firmware -
lenovo system_x3690_x5_firmware -
lenovo system_x3500_m2_firmware -
lenovo system_x3950_x5_firmware -
lenovo system_x3500_m3_firmware -
lenovo system_x_idataplex_dx360_m3_firmware -
lenovo bladecenter_hs22v_firmware -
lenovo system_x3850_x5_firmware -
lenovo bladecenter_hx5_firmware -
lenovo system_x3630_m3_firmware -
lenovo system_x_idataplex_dx360_m2_firmware -
lenovo system_x3560_m2_firmware -
lenovo bladecenter_hs22_firmware -
lenovo system_x3650_m3_firmware -
lenovo system_x3550_m3_firmware -
CVE-2019-6160 MEDIUM

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo ix12-300r_firmware *
lenovo px12-350r_firmware *
lenovo storcenter_ix4-200rl_firmware *
lenovo storcenter_ix2-200_firmware *
lenovo storcenter_ix4-200d_firmware *
lenovo home_media_network_hard_drive_firmware *
CVE-2019-6161 MEDIUM

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-384,

Products Affected

Vendor Product Version
lenovo cp_storage_block_firmware *
CVE-2019-6163 MEDIUM

A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2019-6165 MEDIUM

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
lenovo yoga_700-14isk_firmware -
lenovo yoga_700-11isk_firmware -
CVE-2019-6166 MEDIUM

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
lenovo service_bridge *
CVE-2019-6167 HIGH

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo service_bridge *
CVE-2019-6168 HIGH

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo service_bridge *
CVE-2019-6169 MEDIUM

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
lenovo service_bridge *
CVE-2019-6170 MEDIUM

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_s2_yoga_4th_gen_firmware -
lenovo yangtian_ytm6900e-00_firmware -
lenovo v330-14ikb_firmware -
lenovo thinkpad_t440s_firmware *
lenovo thinkpad_tablet_8_firmware -
lenovo aio520-22ikl_firmware -
lenovo legion_t730-28ico_firmware -
lenovo legion_y7000p-1060_firmware -
lenovo rescuer_y7000(1060)_firmware -
lenovo flex_5-1570(r)_firmware -
lenovo thinkcentre_m910s_firmware -
lenovo thinkpad_e490_firmware -
lenovo thinkpad_s3_3rd_gen_firmware -
lenovo thinkpad_x1_extreme_firmware -
lenovo thinkpad_l450_firmware -
lenovo thinkcentre_m920s_firmware -
lenovo thinkcentre_m710t_firmware -
lenovo l340-15iwl_firmware -
lenovo 720s-15ikb_firmware -
lenovo thinkpad_t440_firmware *
lenovo thinkcentre_e74z_firmware -
lenovo thinkcentre_m715q_firmware -
lenovo thinkcentre_m800z_firmware -
lenovo thinkpad_s531_firmware *
lenovo thinkcentre_m6600_firmware -
lenovo thinkcentre_m920x_firmware -
lenovo rescuer_y7000p(1060)_firmware -
lenovo s340-14iwl_firmware -
lenovo a340-24_iwl_firmware -
lenovo 510s-08ikl_firmware -
lenovo thinkcentre_m700z_firmware -
lenovo s540-15iwl_firmware -
lenovo qt_b415_firmware -
lenovo thinkpad_p51s_firmware -
lenovo thinkpad_yoga_260-s1_firmware -
lenovo thinkpad_t570_firmware -
lenovo thinkcentre_m900z_firmware -
lenovo thinkcentre_m93z_(aio)_firmware -
lenovo yoga530-14ikb_firmware -
lenovo thinkpad_t450_firmware -
lenovo aio520-27ikl_firmware -
lenovo 330-17ikbr_firmware -
lenovo thinkpad_t460_firmware -
lenovo thinkpad_e550_firmware -
lenovo thinkcentre_e73_firmware -
lenovo s145-14iwl_firmware -
lenovo thinkstation_p318_firmware -
lenovo thinkpad_e560_firmware -
lenovo thinkpad_t480s_firmware -
lenovo legion_y730-15ich_firmware -
lenovo thinkcentre_m715t_firmware -
lenovo ideacentre_730s-24ikb_firmware -
lenovo s145-15ikb_firmware -
lenovo aio_330-20ast_firmware -
lenovo 330-14ikbr_firmware -
lenovo thinkpad_p72_firmware -
lenovo thinkstation_p300_firmware -
lenovo thinkcentre_m90n-1_firmware -
lenovo thinkstation_p320_firmware -
lenovo miix_720-12ikb_firmware -
lenovo thinkpad_l470_firmware -
lenovo thinkcentre_m4500q_firmware -
lenovo zhaoyang_e43-80_kbl_firmware -
lenovo aio_520-24ast_firmware -
lenovo yangtian_mf_h81_pci_firmware -
lenovo 530s-15ikb_firmware -
lenovo thinkcentre_m810z_firmware -
lenovo a340-22_iwl_firmware -
lenovo thinkpad_p53s_firmware -
lenovo a340-22icb_firmware -
lenovo v110-15ikb_firmware -
lenovo flex-14iwl_firmware -
lenovo thinkcentre_m8600t_firmware -
lenovo xiaoxin_air_13iwl_firmware -
lenovo thinkcentre_m610_firmware -
lenovo thinkpad_t460p_firmware -
lenovo thinkpad_e490s_firmware -
lenovo thinkpad_13_firmware -
lenovo thinkpad_x1_tablet_firmware -
lenovo thinkpad_r590_firmware -
lenovo yoga_730-15iwl_firmware -
lenovo yangtian_me_h110_firmware -
lenovo ideacentre_510a-15icb_firmware -
lenovo lenovo_v720-14ikb_firmware -
lenovo l340-15irh_firmware -
lenovo thinkcentre_m710q_firmware -
lenovo ideacentre_300-20ish_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo v130-15ikb_firmware -
lenovo thinkpad_t490s_firmware -
lenovo thinkpad_x240_firmware *
lenovo ideacentre_510s-08ish_firmware -
lenovo v530-22icb(yt_s4350)_firmware -
lenovo rescuer_y7000p_firmware -
lenovo yoga_730-15ikb_firmware -
lenovo 730s-13iwl_firmware -
lenovo thinkpad_l390_yoga_firmware -
lenovo thinkpad_w540_firmware *
lenovo thinkcentre_m4500t_firmware -
lenovo thinkcentre_m720q_firmware -
lenovo s145-15iwl_firmware -
lenovo thinkpad_x140e_firmware -
lenovo v410z(yt_s4250)_firmware -
lenovo v330-15isk_firmware -
lenovo thinkpad_x240s_firmware *
lenovo yangtian_mc_h81_firmware -
lenovo thinkpad_s540_firmware -
lenovo thinkpad_t480_firmware -
lenovo 330-15ikb_firmware -
lenovo v310-15ikb_firmware -
lenovo xiaoxin_tide_7000-15_u22_firmware -
lenovo aio520-22iku_firmware -
lenovo thinkpad_t490_firmware -
lenovo legion_t530-28icb_firmware -
lenovo thinkcentre_m73p_firmware -
lenovo yangtian_wc_h110_pci_firmware -
lenovo thinkpad_e480_firmware -
lenovo v310-14ikb_firmware -
lenovo thinkpad_p51_firmware -
lenovo thinksystem_hr650x_(skl)_firmware -
lenovo thinkcentre_m4600s_firmware -
lenovo l340-15iwltouch_firmware -
lenovo 130-15ikb_firmware -
lenovo c340-14iwl_firmware -
lenovo 330c-14ikb_firmware -
lenovo qt_a7400_firmware -
lenovo thinkpad_l380_firmware -
lenovo thinkcentre_m818z_firmware -
lenovo 330-15ich_firmware -
lenovo xiaoxin-14_2019iwl_firmware -
lenovo thinkcentre_m910q_firmware -
lenovo e42-80_firmware -
lenovo legion_y530-15ich_firmware -
lenovo thinkpad_e570_firmware -
lenovo v320-17ikbr_firmware -
lenovo wei5-15ikb_firmware -
lenovo thinkpad_l580_firmware -
lenovo yangtian_we_h110_firmware -
lenovo thinkpad_x131e_firmware -
lenovo 340c-15iwl_firmware -
lenovo thinkpad_11e_firmware -
lenovo yoga_730-13iwl_firmware -
lenovo thinkcentre_m910z_firmware -
lenovo thinkcentre_m8500s_firmware -
lenovo yangtian_wf_h110_pci_firmware -
lenovo thinkpad_p52_firmware -
lenovo yangtian_tc_h81_pci_firmware -
lenovo thinkpad_tablet_10_firmware -
lenovo thinkcentre_m6600q_firmware -
lenovo legion_y740-17ichg_firmware -
lenovo ideacentre_700_firmware -
lenovo v510-15ikb_firmware -
lenovo xx_chao5000-ikbra_firmware -
lenovo thinkpad_t460s_firmware -
lenovo v330-14isk_firmware -
lenovo 530s-15iwl_firmware -
lenovo v510-14ikb_firmware -
lenovo xiaoxin-15_2019iwl_firmware -
lenovo thinkcentre_e74s_firmware -
lenovo thinkpad_s5_2nd_generation_firmware -
lenovo e52-80_firmware -
lenovo v330-15igm_firmware -
lenovo 330-17ikb_firmware -
lenovo thinkpad_x260_firmware -
lenovo thinkcentre_m900_firmware -
lenovo thinkpad_t540p_firmware *
lenovo thinkpad_s2_yoga_3rd_gen_firmware -
lenovo zhaoyang_k42-80_firmware -
lenovo yangtian_afh81_firmware -
lenovo thinkpad_t440p_firmware *
lenovo s530-13iwl_firmware -
lenovo thinkcentre_m8500t_firmware -
lenovo thinkpad_e590_firmware -
lenovo thinkcentre_m715s_firmware -
lenovo thinkcentre_e93_firmware -
lenovo thinkcentre_m9550z_firmware -
lenovo 530s-14iwl_firmware -
lenovo legion_t530-28apr_reflash_firmware -
lenovo k43c-80_firmware -
lenovo legion_y740-17irhg_firmware -
lenovo legion_y9000p_2019_firmware -
lenovo thinkcentre_m8300z_firmware -
lenovo thinkpad_x270_firmware -
lenovo legion_c530-19icb_firmware -
lenovo 720s-14ikbr_firmware -
lenovo 330c-15ikbr_firmware -
lenovo yoga_730-13ikb_firmware -
lenovo thinkpad_p1_firmware -
lenovo thinkpad_x390_firmware -
lenovo v530-24icb(yt_s5350)_firmware -
lenovo thinkpad_yoga_370_firmware -
lenovo ideacentre_300s-11ish_firmware -
lenovo legion_y520t_z370_firmware -
lenovo thinkpad_x380_yoga_firmware -
lenovo thinkpad_s1_3rd_firmware -
lenovo legion_y530-15ich(1060)_firmware -
lenovo thinkpad_p43s_(20rx)_firmware -
lenovo thinkpad_s5_firmware -
lenovo qitian_b5900_firmware -
lenovo thinkcentre_m715q_rr_firmware -
lenovo 330c-15ikb_firmware -
lenovo thinkcentre_m720t_firmware -
lenovo thinkcentre_m4500k_firmware -
lenovo 330-15ikbr_touch_firmware -
lenovo thinkpad_l570_firmware -
lenovo legion_c730-19ico_firmware -
lenovo thinkpad_t560_firmware -
lenovo 130-14ikb_firmware -
lenovo s340-15iwl_firmware -
lenovo xiaoxin_air-14iwl_2019_firmware -
lenovo yoga_520-14ikb_firmware -
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m700s_firmware -
lenovo thinkcentre_m600_firmware -
lenovo thinkcentre_e74_firmware -
lenovo thinkpad_t590_firmware -
lenovo thinkpad_r490_firmware -
lenovo xiaoxin_air_15ikbr_firmware -
lenovo s145-14ikb_firmware -
lenovo qitian_a815_firmware -
lenovo thinkpad_e450c_firmware -
lenovo rescuer_y7000_firmware -
lenovo legion_y740-15ichg_firmware -
lenovo qitian_4500_firmware -
lenovo thinkcentre_m6500t_firmware -
lenovo thinkcentre_m720s_firmware -
lenovo qt_m415_firmware -
lenovo thinkcentre_m9500z_firmware -
lenovo aio520-24iku_firmware -
lenovo thinkpad_s1_yoga_firmware -
lenovo thinkcentre_e95z_firmware -
lenovo thinkcentre_m73_firmware -
lenovo yta8900f_firmware -
lenovo thinkpad_x250_firmware -
lenovo thinkcentre_e75s_firmware -
lenovo thinkcentre_m8350z_firmware -
lenovo legion_y740-15irhg_firmware -
lenovo wei5-14ikb_firmware -
lenovo qitian_m4600_firmware -
lenovo yoga_11e_4th_gen_firmware -
lenovo thinkcentre_m9350z_firmware -
lenovo a340-24icb_firmware -
lenovo thinkpad_t470s_firmware -
lenovo thinkpad_p71_firmware -
lenovo thinkstation_p330_firmware -
lenovo ideacentre_720-18apr_firmware -
lenovo 720s_touch-15ikb_firmware -
lenovo v320-15ikb_firmware -
lenovo l340-17irh_firmware -
lenovo xiaoxin-14iwl_qc_2019_firmware -
lenovo thinkpad_l590_firmware -
lenovo v510z_(yt_s5250)_firmware -
lenovo thinkcentre_m700q_firmware -
lenovo ideacentre_720-18icb_firmware -
lenovo xiaoxin_air_14iwl_firmware -
lenovo thinkpad_s5_yoga_15_firmware -
lenovo thinkpad_e580_firmware -
lenovo thinkstation_e32_firmware -
lenovo thinkpad_e470_firmware -
lenovo thinkpad_s3_firmware -
lenovo thinkpad_p53_firmware -
lenovo thinkpad_l380_yoga_firmware -
lenovo v310-14isk_firmware -
lenovo flex_6-1470_firmware -
lenovo yangtian_mc_h110_pci_firmware -
lenovo v520s-08ikl_firmware -
lenovo flex-15iwl_firmware -
lenovo yangtian_mc_h110_firmware -
lenovo thinkcentre_e73s_firmware -
lenovo m4500_firmware -
lenovo legion_y9000k_2019_firmware -
lenovo yangtian_wf_h81_pci_firmware -
lenovo thinkcentre_m910x_firmware -
lenovo legion_t530-28icb_reflash_firmware -
lenovo yangtian_ms_h81_firmware -
lenovo yangtian_afq150_firmware -
lenovo thinkcentre_m920q_firmware -
lenovo v730-15ikb_firmware -
lenovo 330-17ich_firmware -
lenovo c340-15iwl_firmware -
lenovo thinkpad_l460_firmware -
lenovo m4500_id_firmware -
lenovo thinkcentre_m710e_firmware -
lenovo 530s-14ikb_firmware -
lenovo legion_y730-17ich_firmware -
lenovo thinkcentre_m4500s_firmware -
lenovo v130-14ikb_firmware -
lenovo thinkcentre_m920z_firmware -
lenovo thinkpad_t550_firmware -
lenovo qitian_m4650_firmware -
lenovo s540-14iwl_firmware -
lenovo thinkpad_e550c_firmware -
lenovo y7000_2019_1050_firmware -
lenovo thinkstation_p310_firmware -
lenovo ideacentre_310s-08igm_firmware -
lenovo v330-15ikb_firmware -
lenovo thinkpad_w541_firmware *
lenovo thinkpad_l480_firmware -
lenovo thinkpad_w550s_firmware -
lenovo xiaoxin_air_14ikbr_firmware -
lenovo aio520-24ikl_firmware -
lenovo thinkpad_p50s_firmware -
lenovo ideacentre_310s-08asr_firmware -
lenovo a340-22ast_firmware -
lenovo yogo_a940-27icb_firmware -
lenovo thinkcentre_m83_firmware -
lenovo legion_t530-28apr_firmware -
lenovo thinkpad_x1_yoga_firmware -
lenovo qt_m410_firmware -
lenovo thinkpad_t470p_firmware -
lenovo thinkpad_yoga_11e_firmware -
lenovo thinkcentre_m800_firmware -
lenovo xiaoxin_air-15iwl_2019_firmware -
lenovo thinksystem_odc5200-cn650s_firmware -
lenovo thinkcentre_m700t_firmware -
lenovo 330-15ikbr_firmware -
lenovo thinkpad_p73_firmware -
lenovo qitian_m4550_firmware -
lenovo thinkpad_e460_firmware -
lenovo thinkpad_t25_firmware -
lenovo m4550_id_firmware -
lenovo xiaoxin_tide_7000-15_u42_firmware -
lenovo thinkcentre_m725s_firmware -
lenovo thinkcentre_m910t_firmware -
lenovo thinkcentre_m7300z_firmware -
lenovo yangtian_mf_h110_pci_firmware -
lenovo thinkcentre_m8600s_firmware -
lenovo thinkstation_p320_tiny_firmware -
lenovo yangtian_tc_h110_pci_firmware -
lenovo thinkpad_helix_firmware *
lenovo qitian_b4650_firmware -
lenovo qitian_b4550_firmware -
lenovo thinkcentre_m83z_(aio)_firmware -
lenovo thinkpad_t580_firmware -
lenovo thinkcentre_m79_firmware -
lenovo 510-15ikl_firmware -
lenovo thinkpad_x1_carbon_firmware -
lenovo thinkcentre_e96z_firmware -
lenovo thinkpad_e450_firmware -
lenovo zhaoyang_e53-80_firmware -
lenovo ideacentre_510-15icb_firmware -
lenovo s540-14iwl_touch_firmware -
lenovo aio_330-20igm_firmware -
lenovo aio520-24arr_firmware -
lenovo thinkcentre_m820z_firmware -
lenovo thinkcentre_m93_firmware -
lenovo v530s-07icb_firmware -
lenovo thinkcentre_m6600s_firmware -
lenovo flex_6-14ikb_firmware -
lenovo thinkpad_t450s_firmware -
lenovo thinkcentre_m710s_firmware -
lenovo yoga_s730-13iwl_firmware -
lenovo yangtian_afh110_firmware -
lenovo thinkpad_p50_firmware -
lenovo thinkcentre_s510_firmware -
lenovo thinkpad_x280_firmware -
lenovo v520t-15ikl_firmware -
lenovo thinkcentre_m93p_firmware -
lenovo thinkcentre_m6600t_firmware -
lenovo l340-17iwl_firmware -
lenovo v310z(yt_s3150)_firmware -
lenovo thinkpad_p70_firmware -
lenovo v310-15isk_firmware -
lenovo v540-24iwl(yt_s5430)_firmware -
lenovo v320-14ikb_firmware -
lenovo yangtian_wcc_h81_pci_firmware -
lenovo thinkpad_l490_firmware -
lenovo 330-14ikb_firmware -
lenovo s340-15iwl_touch_firmware -
lenovo s940-14iwl_firmware -
lenovo thinkpad_x390_yoga_firmware -
lenovo thinkpad_t470_firmware -
lenovo thinkcentre_x1_aio_firmware -
lenovo thinkcentre_e75t_firmware -
lenovo 340c-15ikb_firmware -
lenovo thinkpad_10_firmware -
lenovo thinkcentre_m73_tiny_firmware -
lenovo xiaoxin_air_15iwl_firmware -
lenovo thinkstation_p330_tiny_firmware -
lenovo thinkcentre_m4600t_firmware -
lenovo yoga_11e_3rd_gen_firmware -
lenovo 63_firmware -
lenovo v110-14ikb_firmware -
lenovo thinkpad_e560p_firmware -
lenovo thinkpad_l560_firmware -
lenovo thinkcentre_m920t_firmware -
lenovo s340-14iwl_touch_firmware -
lenovo thinksystem_hr630x_(skl)_firmware -
lenovo thinkpad_p52s_firmware -
lenovo thinkcentre_m6500s_firmware -
lenovo h50-30g_desktop_firmware -
lenovo yangtian_ws_h81_firmware -
CVE-2019-6171 HIGH

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo 20m5_firmware -
lenovo 20da_firmware -
lenovo 20mv_firmware -
lenovo 20h1_firmware -
lenovo 20ku_firmware -
lenovo 20lx_firmware -
lenovo 20mu_firmware -
lenovo 20h4_firmware -
lenovo 20fv_firmware -
lenovo 20b7_firmware -
lenovo 20aq_firmware -
lenovo 20g5_firmware -
lenovo 20hv_firmware -
lenovo 20hu_firmware -
lenovo 20kc_firmware -
lenovo 20mw_firmware -
lenovo 20h8_firmware -
lenovo 20lj_firmware -
lenovo 20g4_firmware -
lenovo 20al_firmware -
lenovo 20ab_firmware -
lenovo 20dd_firmware -
lenovo 20bf_firmware -
lenovo 20hm_firmware -
lenovo 20k5_firmware -
lenovo 20an_firmware -
lenovo 20bg_firmware -
lenovo 20j7_firmware -
lenovo 246x_firmware -
lenovo 20bm_firmware -
lenovo 20m6_firmware -
lenovo 20ak_firmware -
lenovo 20ln_firmware -
lenovo 20fm_firmware -
lenovo 20g8_firmware -
lenovo 20mx_firmware -
lenovo 232x_firmware -
lenovo 20h6_firmware -
lenovo 20jr_firmware -
lenovo 20m8_firmware -
lenovo 20df_firmware -
lenovo 34xx_firmware -
lenovo 20a7_firmware -
lenovo 336x_firmware -
lenovo 242x_firmware -
lenovo 20k6_firmware -
lenovo 20bx_firmware -
lenovo 20a8_firmware -
lenovo 20ja_firmware -
lenovo 20aa_firmware -
lenovo 20j6_firmware -
lenovo 20ey_firmware -
lenovo 20eg_firmware -
lenovo 20l2_firmware -
lenovo 30eh_firmware -
lenovo 3xxx_firmware -
lenovo 20kn_firmware -
lenovo 20et_firmware -
lenovo 20ju_firmware -
lenovo 20j2_firmware -
lenovo 20aj_firmware -
lenovo 20m7_firmware -
lenovo 20b0_firmware -
lenovo 20b3_firmware -
lenovo 20bw_firmware -
lenovo 20n8_firmware -
lenovo 248x_firmware -
lenovo 20am_firmware -
lenovo 20ht_firmware -
lenovo 20dc_firmware -
lenovo 20jj_firmware -
lenovo 20fw_firmware -
lenovo 20ds_firmware -
lenovo 20ga_firmware -
lenovo 235x_firmware -
lenovo 20dg_firmware -
lenovo 20hn_firmware -
lenovo 20aw_firmware -
lenovo 239x_firmware -
lenovo 20ns_firmware -
lenovo 20a9_firmware -
lenovo 230x_firmware -
lenovo 20ks_firmware -
lenovo 20ng_firmware -
lenovo 234x_firmware -
lenovo 247x_firmware -
lenovo 20d9_firmware -
lenovo 20nn_firmware -
lenovo 20nt_firmware -
lenovo 233x_firmware -
lenovo 20b6_firmware -
lenovo 20lm_firmware -
lenovo 20ac_firmware -
lenovo 20e0_firmware -
lenovo 20kd_firmware -
lenovo 20ev_firmware -
lenovo 20nq_firmware -
lenovo 20nr_firmware -
lenovo 20be_firmware -
lenovo 243x_firmware -
lenovo 20dt_firmware -
lenovo 20ar_firmware -
lenovo 20kq_firmware -
lenovo 20nu_firmware -
lenovo 20j5_firmware -
lenovo 20lr_firmware -
lenovo 20lq_firmware -
lenovo 20kv_firmware -
lenovo 20f2_firmware -
lenovo 20kt_firmware -
lenovo 20f5_firmware -
lenovo 20n9_firmware -
lenovo 20bl_firmware -
lenovo 20dq_firmware -
lenovo 337x_firmware -
lenovo 20f1_firmware -
lenovo 20h5_firmware -
lenovo 20g9_firmware -
lenovo 20jv_firmware -
lenovo 20j1_firmware -
lenovo 20ex_firmware -
lenovo 20ls_firmware -
lenovo 20fn_firmware -
lenovo 344x_firmware -
lenovo 20dh_firmware -
lenovo 20f6_firmware -
lenovo 20h2_firmware -
lenovo 20fx_firmware -
lenovo 20de_firmware -
lenovo 20lt_firmware -
lenovo 20dj_firmware -
lenovo 20j4_firmware -
lenovo 20kl_firmware -
lenovo 20jh_firmware -
lenovo 20hs_firmware -
lenovo 20eu_firmware -
lenovo 343x_firmware -
lenovo 20gb_firmware -
lenovo 20dr_firmware -
lenovo 20bu_firmware -
lenovo 20bv_firmware -
lenovo 20lh_firmware -
lenovo 20ew_firmware -
lenovo 20ef_firmware -
lenovo 20fu_firmware -
lenovo 244x_firmware -
lenovo 20jq_firmware -
lenovo 20km_firmware -
CVE-2019-6172 MEDIUM

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_s2_yoga_4th_gen_firmware -
lenovo yangtian_ytm6900e-00_firmware -
lenovo v330-14ikb_firmware -
lenovo thinkpad_t440s_firmware *
lenovo thinkpad_tablet_8_firmware -
lenovo aio520-22ikl_firmware -
lenovo legion_t730-28ico_firmware -
lenovo legion_y7000p-1060_firmware -
lenovo rescuer_y7000(1060)_firmware -
lenovo flex_5-1570(r)_firmware -
lenovo thinkcentre_m910s_firmware -
lenovo thinkpad_e490_firmware -
lenovo thinkpad_s3_3rd_gen_firmware -
lenovo thinkpad_x1_extreme_firmware -
lenovo thinkpad_l450_firmware -
lenovo thinkcentre_m920s_firmware -
lenovo thinkcentre_m710t_firmware -
lenovo l340-15iwl_firmware -
lenovo 720s-15ikb_firmware -
lenovo thinkpad_t440_firmware *
lenovo thinkcentre_e74z_firmware -
lenovo thinkcentre_m715q_firmware -
lenovo thinkcentre_m800z_firmware -
lenovo thinkpad_s531_firmware *
lenovo thinkcentre_m6600_firmware -
lenovo thinkcentre_m920x_firmware -
lenovo rescuer_y7000p(1060)_firmware -
lenovo s340-14iwl_firmware -
lenovo a340-24_iwl_firmware -
lenovo 510s-08ikl_firmware -
lenovo thinkcentre_m700z_firmware -
lenovo s540-15iwl_firmware -
lenovo qt_b415_firmware -
lenovo thinkpad_p51s_firmware -
lenovo thinkpad_yoga_260-s1_firmware -
lenovo thinkpad_t570_firmware -
lenovo thinkcentre_m900z_firmware -
lenovo thinkcentre_m93z_(aio)_firmware -
lenovo yoga530-14ikb_firmware -
lenovo thinkpad_t450_firmware -
lenovo aio520-27ikl_firmware -
lenovo 330-17ikbr_firmware -
lenovo thinkpad_t460_firmware -
lenovo thinkpad_e550_firmware -
lenovo thinkcentre_e73_firmware -
lenovo s145-14iwl_firmware -
lenovo thinkstation_p318_firmware -
lenovo thinkpad_e560_firmware -
lenovo thinkpad_t480s_firmware -
lenovo legion_y730-15ich_firmware -
lenovo thinkcentre_m715t_firmware -
lenovo ideacentre_730s-24ikb_firmware -
lenovo s145-15ikb_firmware -
lenovo aio_330-20ast_firmware -
lenovo 330-14ikbr_firmware -
lenovo thinkpad_p72_firmware -
lenovo thinkstation_p300_firmware -
lenovo thinkcentre_m90n-1_firmware -
lenovo thinkstation_p320_firmware -
lenovo miix_720-12ikb_firmware -
lenovo thinkpad_l470_firmware -
lenovo thinkcentre_m4500q_firmware -
lenovo zhaoyang_e43-80_kbl_firmware -
lenovo aio_520-24ast_firmware -
lenovo yangtian_mf_h81_pci_firmware -
lenovo 530s-15ikb_firmware -
lenovo thinkcentre_m810z_firmware -
lenovo a340-22_iwl_firmware -
lenovo thinkpad_p53s_firmware -
lenovo a340-22icb_firmware -
lenovo v110-15ikb_firmware -
lenovo flex-14iwl_firmware -
lenovo thinkcentre_m8600t_firmware -
lenovo xiaoxin_air_13iwl_firmware -
lenovo thinkcentre_m610_firmware -
lenovo thinkpad_t460p_firmware -
lenovo thinkpad_e490s_firmware -
lenovo thinkpad_13_firmware -
lenovo thinkpad_x1_tablet_firmware -
lenovo thinkpad_r590_firmware -
lenovo yoga_730-15iwl_firmware -
lenovo yangtian_me_h110_firmware -
lenovo ideacentre_510a-15icb_firmware -
lenovo lenovo_v720-14ikb_firmware -
lenovo l340-15irh_firmware -
lenovo thinkcentre_m710q_firmware -
lenovo ideacentre_300-20ish_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo v130-15ikb_firmware -
lenovo thinkpad_t490s_firmware -
lenovo thinkpad_x240_firmware *
lenovo ideacentre_510s-08ish_firmware -
lenovo v530-22icb(yt_s4350)_firmware -
lenovo rescuer_y7000p_firmware -
lenovo yoga_730-15ikb_firmware -
lenovo 730s-13iwl_firmware -
lenovo thinkpad_l390_yoga_firmware -
lenovo thinkpad_w540_firmware *
lenovo thinkcentre_m4500t_firmware -
lenovo thinkcentre_m720q_firmware -
lenovo s145-15iwl_firmware -
lenovo thinkpad_x140e_firmware -
lenovo v410z(yt_s4250)_firmware -
lenovo v330-15isk_firmware -
lenovo thinkpad_x240s_firmware *
lenovo yangtian_mc_h81_firmware -
lenovo thinkpad_s540_firmware -
lenovo thinkpad_t480_firmware -
lenovo 330-15ikb_firmware -
lenovo v310-15ikb_firmware -
lenovo xiaoxin_tide_7000-15_u22_firmware -
lenovo aio520-22iku_firmware -
lenovo thinkpad_t490_firmware -
lenovo legion_t530-28icb_firmware -
lenovo thinkcentre_m73p_firmware -
lenovo yangtian_wc_h110_pci_firmware -
lenovo thinkpad_e480_firmware -
lenovo v310-14ikb_firmware -
lenovo thinkpad_p51_firmware -
lenovo thinksystem_hr650x_(skl)_firmware -
lenovo thinkcentre_m4600s_firmware -
lenovo l340-15iwltouch_firmware -
lenovo 130-15ikb_firmware -
lenovo c340-14iwl_firmware -
lenovo 330c-14ikb_firmware -
lenovo qt_a7400_firmware -
lenovo thinkpad_l380_firmware -
lenovo thinkcentre_m818z_firmware -
lenovo 330-15ich_firmware -
lenovo xiaoxin-14_2019iwl_firmware -
lenovo thinkcentre_m910q_firmware -
lenovo e42-80_firmware -
lenovo legion_y530-15ich_firmware -
lenovo thinkpad_e570_firmware -
lenovo v320-17ikbr_firmware -
lenovo wei5-15ikb_firmware -
lenovo thinkpad_l580_firmware -
lenovo yangtian_we_h110_firmware -
lenovo thinkpad_x131e_firmware -
lenovo 340c-15iwl_firmware -
lenovo thinkpad_11e_firmware -
lenovo yoga_730-13iwl_firmware -
lenovo thinkcentre_m910z_firmware -
lenovo thinkcentre_m8500s_firmware -
lenovo yangtian_wf_h110_pci_firmware -
lenovo thinkpad_p52_firmware -
lenovo yangtian_tc_h81_pci_firmware -
lenovo thinkpad_tablet_10_firmware -
lenovo thinkcentre_m6600q_firmware -
lenovo legion_y740-17ichg_firmware -
lenovo ideacentre_700_firmware -
lenovo v510-15ikb_firmware -
lenovo xx_chao5000-ikbra_firmware -
lenovo thinkpad_t460s_firmware -
lenovo v330-14isk_firmware -
lenovo 530s-15iwl_firmware -
lenovo v510-14ikb_firmware -
lenovo xiaoxin-15_2019iwl_firmware -
lenovo thinkcentre_e74s_firmware -
lenovo thinkpad_s5_2nd_generation_firmware -
lenovo e52-80_firmware -
lenovo v330-15igm_firmware -
lenovo 330-17ikb_firmware -
lenovo thinkpad_x260_firmware -
lenovo thinkcentre_m900_firmware -
lenovo thinkpad_t540p_firmware *
lenovo thinkpad_s2_yoga_3rd_gen_firmware -
lenovo zhaoyang_k42-80_firmware -
lenovo yangtian_afh81_firmware -
lenovo thinkpad_t440p_firmware *
lenovo s530-13iwl_firmware -
lenovo thinkcentre_m8500t_firmware -
lenovo thinkpad_e590_firmware -
lenovo thinkcentre_m715s_firmware -
lenovo thinkcentre_e93_firmware -
lenovo thinkcentre_m9550z_firmware -
lenovo 530s-14iwl_firmware -
lenovo legion_t530-28apr_reflash_firmware -
lenovo k43c-80_firmware -
lenovo legion_y740-17irhg_firmware -
lenovo legion_y9000p_2019_firmware -
lenovo thinkcentre_m8300z_firmware -
lenovo thinkpad_x270_firmware -
lenovo legion_c530-19icb_firmware -
lenovo 720s-14ikbr_firmware -
lenovo 330c-15ikbr_firmware -
lenovo yoga_730-13ikb_firmware -
lenovo thinkpad_p1_firmware -
lenovo thinkpad_x390_firmware -
lenovo v530-24icb(yt_s5350)_firmware -
lenovo thinkpad_yoga_370_firmware -
lenovo ideacentre_300s-11ish_firmware -
lenovo legion_y520t_z370_firmware -
lenovo thinkpad_x380_yoga_firmware -
lenovo thinkpad_s1_3rd_firmware -
lenovo legion_y530-15ich(1060)_firmware -
lenovo thinkpad_p43s_(20rx)_firmware -
lenovo thinkpad_s5_firmware -
lenovo qitian_b5900_firmware -
lenovo thinkcentre_m715q_rr_firmware -
lenovo 330c-15ikb_firmware -
lenovo thinkcentre_m720t_firmware -
lenovo thinkcentre_m4500k_firmware -
lenovo 330-15ikbr_touch_firmware -
lenovo thinkpad_l570_firmware -
lenovo legion_c730-19ico_firmware -
lenovo thinkpad_t560_firmware -
lenovo 130-14ikb_firmware -
lenovo s340-15iwl_firmware -
lenovo xiaoxin_air-14iwl_2019_firmware -
lenovo yoga_520-14ikb_firmware -
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m700s_firmware -
lenovo thinkcentre_m600_firmware -
lenovo thinkcentre_e74_firmware -
lenovo thinkpad_t590_firmware -
lenovo thinkpad_r490_firmware -
lenovo xiaoxin_air_15ikbr_firmware -
lenovo s145-14ikb_firmware -
lenovo qitian_a815_firmware -
lenovo thinkpad_e450c_firmware -
lenovo rescuer_y7000_firmware -
lenovo legion_y740-15ichg_firmware -
lenovo qitian_4500_firmware -
lenovo thinkcentre_m6500t_firmware -
lenovo thinkcentre_m720s_firmware -
lenovo qt_m415_firmware -
lenovo thinkcentre_m9500z_firmware -
lenovo aio520-24iku_firmware -
lenovo thinkpad_s1_yoga_firmware -
lenovo thinkcentre_e95z_firmware -
lenovo thinkcentre_m73_firmware -
lenovo yta8900f_firmware -
lenovo thinkpad_x250_firmware -
lenovo thinkcentre_e75s_firmware -
lenovo thinkcentre_m8350z_firmware -
lenovo legion_y740-15irhg_firmware -
lenovo wei5-14ikb_firmware -
lenovo qitian_m4600_firmware -
lenovo yoga_11e_4th_gen_firmware -
lenovo thinkcentre_m9350z_firmware -
lenovo a340-24icb_firmware -
lenovo thinkpad_t470s_firmware -
lenovo thinkpad_p71_firmware -
lenovo thinkstation_p330_firmware -
lenovo ideacentre_720-18apr_firmware -
lenovo 720s_touch-15ikb_firmware -
lenovo v320-15ikb_firmware -
lenovo l340-17irh_firmware -
lenovo xiaoxin-14iwl_qc_2019_firmware -
lenovo thinkpad_l590_firmware -
lenovo v510z_(yt_s5250)_firmware -
lenovo thinkcentre_m700q_firmware -
lenovo ideacentre_720-18icb_firmware -
lenovo xiaoxin_air_14iwl_firmware -
lenovo thinkpad_s5_yoga_15_firmware -
lenovo thinkpad_e580_firmware -
lenovo thinkstation_e32_firmware -
lenovo thinkpad_e470_firmware -
lenovo thinkpad_s3_firmware -
lenovo thinkpad_p53_firmware -
lenovo thinkpad_l380_yoga_firmware -
lenovo v310-14isk_firmware -
lenovo flex_6-1470_firmware -
lenovo yangtian_mc_h110_pci_firmware -
lenovo v520s-08ikl_firmware -
lenovo flex-15iwl_firmware -
lenovo yangtian_mc_h110_firmware -
lenovo thinkcentre_e73s_firmware -
lenovo m4500_firmware -
lenovo legion_y9000k_2019_firmware -
lenovo yangtian_wf_h81_pci_firmware -
lenovo thinkcentre_m910x_firmware -
lenovo legion_t530-28icb_reflash_firmware -
lenovo yangtian_ms_h81_firmware -
lenovo yangtian_afq150_firmware -
lenovo thinkcentre_m920q_firmware -
lenovo v730-15ikb_firmware -
lenovo 330-17ich_firmware -
lenovo c340-15iwl_firmware -
lenovo thinkpad_l460_firmware -
lenovo m4500_id_firmware -
lenovo thinkcentre_m710e_firmware -
lenovo 530s-14ikb_firmware -
lenovo legion_y730-17ich_firmware -
lenovo thinkcentre_m4500s_firmware -
lenovo v130-14ikb_firmware -
lenovo thinkcentre_m920z_firmware -
lenovo thinkpad_t550_firmware -
lenovo qitian_m4650_firmware -
lenovo s540-14iwl_firmware -
lenovo thinkpad_e550c_firmware -
lenovo y7000_2019_1050_firmware -
lenovo thinkstation_p310_firmware -
lenovo ideacentre_310s-08igm_firmware -
lenovo v330-15ikb_firmware -
lenovo thinkpad_w541_firmware *
lenovo thinkpad_l480_firmware -
lenovo thinkpad_w550s_firmware -
lenovo xiaoxin_air_14ikbr_firmware -
lenovo aio520-24ikl_firmware -
lenovo thinkpad_p50s_firmware -
lenovo ideacentre_310s-08asr_firmware -
lenovo a340-22ast_firmware -
lenovo yogo_a940-27icb_firmware -
lenovo thinkcentre_m83_firmware -
lenovo legion_t530-28apr_firmware -
lenovo thinkpad_x1_yoga_firmware -
lenovo qt_m410_firmware -
lenovo thinkpad_t470p_firmware -
lenovo thinkpad_yoga_11e_firmware -
lenovo thinkcentre_m800_firmware -
lenovo xiaoxin_air-15iwl_2019_firmware -
lenovo thinksystem_odc5200-cn650s_firmware -
lenovo thinkcentre_m700t_firmware -
lenovo 330-15ikbr_firmware -
lenovo thinkpad_p73_firmware -
lenovo qitian_m4550_firmware -
lenovo thinkpad_e460_firmware -
lenovo thinkpad_t25_firmware -
lenovo m4550_id_firmware -
lenovo xiaoxin_tide_7000-15_u42_firmware -
lenovo thinkcentre_m725s_firmware -
lenovo thinkcentre_m910t_firmware -
lenovo thinkcentre_m7300z_firmware -
lenovo yangtian_mf_h110_pci_firmware -
lenovo thinkcentre_m8600s_firmware -
lenovo thinkstation_p320_tiny_firmware -
lenovo yangtian_tc_h110_pci_firmware -
lenovo thinkpad_helix_firmware *
lenovo qitian_b4650_firmware -
lenovo qitian_b4550_firmware -
lenovo thinkcentre_m83z_(aio)_firmware -
lenovo thinkpad_t580_firmware -
lenovo thinkcentre_m79_firmware -
lenovo 510-15ikl_firmware -
lenovo thinkpad_x1_carbon_firmware -
lenovo thinkcentre_e96z_firmware -
lenovo thinkpad_e450_firmware -
lenovo zhaoyang_e53-80_firmware -
lenovo ideacentre_510-15icb_firmware -
lenovo s540-14iwl_touch_firmware -
lenovo aio_330-20igm_firmware -
lenovo aio520-24arr_firmware -
lenovo thinkcentre_m820z_firmware -
lenovo thinkcentre_m93_firmware -
lenovo v530s-07icb_firmware -
lenovo thinkcentre_m6600s_firmware -
lenovo flex_6-14ikb_firmware -
lenovo thinkpad_t450s_firmware -
lenovo thinkcentre_m710s_firmware -
lenovo yoga_s730-13iwl_firmware -
lenovo yangtian_afh110_firmware -
lenovo thinkpad_p50_firmware -
lenovo thinkcentre_s510_firmware -
lenovo thinkpad_x280_firmware -
lenovo v520t-15ikl_firmware -
lenovo thinkcentre_m93p_firmware -
lenovo thinkcentre_m6600t_firmware -
lenovo l340-17iwl_firmware -
lenovo v310z(yt_s3150)_firmware -
lenovo thinkpad_p70_firmware -
lenovo v310-15isk_firmware -
lenovo v540-24iwl(yt_s5430)_firmware -
lenovo v320-14ikb_firmware -
lenovo yangtian_wcc_h81_pci_firmware -
lenovo thinkpad_l490_firmware -
lenovo 330-14ikb_firmware -
lenovo s340-15iwl_touch_firmware -
lenovo s940-14iwl_firmware -
lenovo thinkpad_x390_yoga_firmware -
lenovo thinkpad_t470_firmware -
lenovo thinkcentre_x1_aio_firmware -
lenovo thinkcentre_e75t_firmware -
lenovo 340c-15ikb_firmware -
lenovo thinkpad_10_firmware -
lenovo thinkcentre_m73_tiny_firmware -
lenovo xiaoxin_air_15iwl_firmware -
lenovo thinkstation_p330_tiny_firmware -
lenovo thinkcentre_m4600t_firmware -
lenovo yoga_11e_3rd_gen_firmware -
lenovo 63_firmware -
lenovo v110-14ikb_firmware -
lenovo thinkpad_e560p_firmware -
lenovo thinkpad_l560_firmware -
lenovo thinkcentre_m920t_firmware -
lenovo s340-14iwl_touch_firmware -
lenovo thinksystem_hr630x_(skl)_firmware -
lenovo thinkpad_p52s_firmware -
lenovo thinkcentre_m6500s_firmware -
lenovo h50-30g_desktop_firmware -
lenovo yangtian_ws_h81_firmware -
CVE-2019-6173 MEDIUM

A DLL search path vulnerability could allow privilege escalation in some Lenovo installation packages, prior to version 1.2.9.3, during installation if an attacker already has administrative privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
lenovo installation_package *
CVE-2019-6175 HIGH

A denial of service vulnerability was reported in Lenovo System Update versions prior to 5.07.0088 that could allow configuration files to be written to non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2019-6176 MEDIUM

A potential vulnerability reported in ThinkPad USB-C Dock Firmware version 3.7.2 may allow a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_usb-c_dock_firmware 3.7.2
CVE-2019-6177 HIGH

A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
lenovo solution_center 03.12.003
CVE-2019-6178 MEDIUM

An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo storecenter_ix2-200_firmware 3.2.16.30221
lenovo storecenter_ix4-200d_firmware 3.2.16.30221
lenovo home_media_network_hard_drive_firmware 3.2.16.30221
lenovo storecenter_ix4-200rl_firmware 2.1.50.30227
lenovo ix12-300r_firmware 4.0.24.34808
lenovo px12-350r_firmware 4.0.24.34808
lenovo storecenter_ix4-200d_firmware 2.1.50.30227
lenovo storecenter_ix2-200_firmware 2.1.50.30227
CVE-2019-6179 MEDIUM

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior to version 7.7.0, and Lenovo XClarity Integrator (LXCI) for VMWare vCenter prior to version 6.1.0 that could allow information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
lenovo xclarity_integrator *
lenovo xclarity_administrator *
CVE-2019-6180 LOW

A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6181 MEDIUM

A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. The JavaScript code is not executed on LXCA itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6182 MEDIUM

A stored CSV Injection vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to store malformed data in LXCA Jobs and Event Log data, that could result in crafted formulas stored in an exported CSV file. The crafted formula is not executed on LXCA itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6183 HIGH

A denial of service vulnerability has been reported in Lenovo Energy Management Driver for Windows 10 versions prior to 15.11.29.7 that could cause systems to experience a blue screen error. Lenovo Energy Management is a client utility. Lenovo XClarity Energy Manager is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo energy_management *
CVE-2019-6184 MEDIUM

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo customer_engagement_service 2.0.21.1
CVE-2019-6186 MEDIUM

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2019-6187 MEDIUM

A stored CSV Injection vulnerability was reported in Lenovo XClarity Controller (XCC) that could allow an administrative or other appropriately permissioned user to store malformed data in certain XCC server informational fields, that could result in crafted formulas being stored in an exported CSV file. The crafted formula is not executed on XCC itself and has no effect on the server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1236,

Products Affected

Vendor Product Version
lenovo xclarity_controller *
CVE-2019-6188 HIGH

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_s2_yoga_4th_gen_firmware -
lenovo yangtian_ytm6900e-00_firmware -
lenovo v330-14ikb_firmware -
lenovo thinkpad_t440s_firmware *
lenovo thinkpad_tablet_8_firmware -
lenovo aio520-22ikl_firmware -
lenovo legion_t730-28ico_firmware -
lenovo legion_y7000p-1060_firmware -
lenovo rescuer_y7000(1060)_firmware -
lenovo flex_5-1570(r)_firmware -
lenovo thinkcentre_m910s_firmware -
lenovo thinkpad_e490_firmware -
lenovo thinkpad_s3_3rd_gen_firmware -
lenovo thinkpad_x1_extreme_firmware -
lenovo thinkpad_l450_firmware -
lenovo thinkcentre_m920s_firmware -
lenovo thinkcentre_m710t_firmware -
lenovo l340-15iwl_firmware -
lenovo 720s-15ikb_firmware -
lenovo thinkpad_t440_firmware *
lenovo thinkcentre_e74z_firmware -
lenovo thinkcentre_m715q_firmware -
lenovo thinkcentre_m800z_firmware -
lenovo thinkpad_s531_firmware *
lenovo thinkcentre_m6600_firmware -
lenovo thinkcentre_m920x_firmware -
lenovo rescuer_y7000p(1060)_firmware -
lenovo s340-14iwl_firmware -
lenovo a340-24_iwl_firmware -
lenovo 510s-08ikl_firmware -
lenovo thinkcentre_m700z_firmware -
lenovo s540-15iwl_firmware -
lenovo qt_b415_firmware -
lenovo thinkpad_p51s_firmware -
lenovo thinkpad_yoga_260-s1_firmware -
lenovo thinkpad_t570_firmware -
lenovo thinkcentre_m900z_firmware -
lenovo thinkcentre_m93z_(aio)_firmware -
lenovo yoga530-14ikb_firmware -
lenovo thinkpad_t450_firmware -
lenovo aio520-27ikl_firmware -
lenovo 330-17ikbr_firmware -
lenovo thinkpad_t460_firmware -
lenovo thinkpad_e550_firmware -
lenovo thinkcentre_e73_firmware -
lenovo s145-14iwl_firmware -
lenovo thinkstation_p318_firmware -
lenovo thinkpad_e560_firmware -
lenovo thinkpad_t480s_firmware -
lenovo legion_y730-15ich_firmware -
lenovo thinkcentre_m715t_firmware -
lenovo ideacentre_730s-24ikb_firmware -
lenovo s145-15ikb_firmware -
lenovo aio_330-20ast_firmware -
lenovo 330-14ikbr_firmware -
lenovo thinkpad_p72_firmware -
lenovo thinkstation_p300_firmware -
lenovo thinkcentre_m90n-1_firmware -
lenovo thinkstation_p320_firmware -
lenovo miix_720-12ikb_firmware -
lenovo thinkpad_l470_firmware -
lenovo thinkcentre_m4500q_firmware -
lenovo zhaoyang_e43-80_kbl_firmware -
lenovo aio_520-24ast_firmware -
lenovo yangtian_mf_h81_pci_firmware -
lenovo 530s-15ikb_firmware -
lenovo thinkcentre_m810z_firmware -
lenovo a340-22_iwl_firmware -
lenovo thinkpad_p53s_firmware -
lenovo a340-22icb_firmware -
lenovo v110-15ikb_firmware -
lenovo flex-14iwl_firmware -
lenovo thinkcentre_m8600t_firmware -
lenovo xiaoxin_air_13iwl_firmware -
lenovo thinkcentre_m610_firmware -
lenovo thinkpad_t460p_firmware -
lenovo thinkpad_e490s_firmware -
lenovo thinkpad_13_firmware -
lenovo thinkpad_x1_tablet_firmware -
lenovo thinkpad_r590_firmware -
lenovo yoga_730-15iwl_firmware -
lenovo yangtian_me_h110_firmware -
lenovo ideacentre_510a-15icb_firmware -
lenovo lenovo_v720-14ikb_firmware -
lenovo l340-15irh_firmware -
lenovo thinkcentre_m710q_firmware -
lenovo ideacentre_300-20ish_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo v130-15ikb_firmware -
lenovo thinkpad_t490s_firmware -
lenovo thinkpad_x240_firmware *
lenovo ideacentre_510s-08ish_firmware -
lenovo v530-22icb(yt_s4350)_firmware -
lenovo rescuer_y7000p_firmware -
lenovo yoga_730-15ikb_firmware -
lenovo 730s-13iwl_firmware -
lenovo thinkpad_l390_yoga_firmware -
lenovo thinkpad_w540_firmware *
lenovo thinkcentre_m4500t_firmware -
lenovo thinkcentre_m720q_firmware -
lenovo s145-15iwl_firmware -
lenovo thinkpad_x140e_firmware -
lenovo v410z(yt_s4250)_firmware -
lenovo v330-15isk_firmware -
lenovo thinkpad_x240s_firmware *
lenovo yangtian_mc_h81_firmware -
lenovo thinkpad_s540_firmware -
lenovo thinkpad_t480_firmware -
lenovo 330-15ikb_firmware -
lenovo v310-15ikb_firmware -
lenovo xiaoxin_tide_7000-15_u22_firmware -
lenovo aio520-22iku_firmware -
lenovo thinkpad_t490_firmware -
lenovo legion_t530-28icb_firmware -
lenovo thinkcentre_m73p_firmware -
lenovo yangtian_wc_h110_pci_firmware -
lenovo thinkpad_e480_firmware -
lenovo v310-14ikb_firmware -
lenovo thinkpad_p51_firmware -
lenovo thinksystem_hr650x_(skl)_firmware -
lenovo thinkcentre_m4600s_firmware -
lenovo l340-15iwltouch_firmware -
lenovo 130-15ikb_firmware -
lenovo c340-14iwl_firmware -
lenovo 330c-14ikb_firmware -
lenovo qt_a7400_firmware -
lenovo thinkpad_l380_firmware -
lenovo thinkcentre_m818z_firmware -
lenovo 330-15ich_firmware -
lenovo xiaoxin-14_2019iwl_firmware -
lenovo thinkcentre_m910q_firmware -
lenovo e42-80_firmware -
lenovo legion_y530-15ich_firmware -
lenovo thinkpad_e570_firmware -
lenovo v320-17ikbr_firmware -
lenovo wei5-15ikb_firmware -
lenovo thinkpad_l580_firmware -
lenovo yangtian_we_h110_firmware -
lenovo thinkpad_x131e_firmware -
lenovo 340c-15iwl_firmware -
lenovo thinkpad_11e_firmware -
lenovo yoga_730-13iwl_firmware -
lenovo thinkcentre_m910z_firmware -
lenovo thinkcentre_m8500s_firmware -
lenovo yangtian_wf_h110_pci_firmware -
lenovo thinkpad_p52_firmware -
lenovo yangtian_tc_h81_pci_firmware -
lenovo thinkpad_tablet_10_firmware -
lenovo thinkcentre_m6600q_firmware -
lenovo legion_y740-17ichg_firmware -
lenovo ideacentre_700_firmware -
lenovo v510-15ikb_firmware -
lenovo xx_chao5000-ikbra_firmware -
lenovo thinkpad_t460s_firmware -
lenovo v330-14isk_firmware -
lenovo 530s-15iwl_firmware -
lenovo v510-14ikb_firmware -
lenovo xiaoxin-15_2019iwl_firmware -
lenovo thinkcentre_e74s_firmware -
lenovo thinkpad_s5_2nd_generation_firmware -
lenovo e52-80_firmware -
lenovo v330-15igm_firmware -
lenovo 330-17ikb_firmware -
lenovo thinkpad_x260_firmware -
lenovo thinkcentre_m900_firmware -
lenovo thinkpad_t540p_firmware *
lenovo thinkpad_s2_yoga_3rd_gen_firmware -
lenovo zhaoyang_k42-80_firmware -
lenovo yangtian_afh81_firmware -
lenovo thinkpad_t440p_firmware *
lenovo s530-13iwl_firmware -
lenovo thinkcentre_m8500t_firmware -
lenovo thinkpad_e590_firmware -
lenovo thinkcentre_m715s_firmware -
lenovo thinkcentre_e93_firmware -
lenovo thinkcentre_m9550z_firmware -
lenovo 530s-14iwl_firmware -
lenovo legion_t530-28apr_reflash_firmware -
lenovo k43c-80_firmware -
lenovo legion_y740-17irhg_firmware -
lenovo legion_y9000p_2019_firmware -
lenovo thinkcentre_m8300z_firmware -
lenovo thinkpad_x270_firmware -
lenovo legion_c530-19icb_firmware -
lenovo 720s-14ikbr_firmware -
lenovo 330c-15ikbr_firmware -
lenovo yoga_730-13ikb_firmware -
lenovo thinkpad_p1_firmware -
lenovo thinkpad_x390_firmware -
lenovo v530-24icb(yt_s5350)_firmware -
lenovo thinkpad_yoga_370_firmware -
lenovo ideacentre_300s-11ish_firmware -
lenovo legion_y520t_z370_firmware -
lenovo thinkpad_x380_yoga_firmware -
lenovo thinkpad_s1_3rd_firmware -
lenovo legion_y530-15ich(1060)_firmware -
lenovo thinkpad_p43s_(20rx)_firmware -
lenovo thinkpad_s5_firmware -
lenovo qitian_b5900_firmware -
lenovo thinkcentre_m715q_rr_firmware -
lenovo 330c-15ikb_firmware -
lenovo thinkcentre_m720t_firmware -
lenovo thinkcentre_m4500k_firmware -
lenovo 330-15ikbr_touch_firmware -
lenovo thinkpad_l570_firmware -
lenovo legion_c730-19ico_firmware -
lenovo thinkpad_t560_firmware -
lenovo 130-14ikb_firmware -
lenovo s340-15iwl_firmware -
lenovo xiaoxin_air-14iwl_2019_firmware -
lenovo yoga_520-14ikb_firmware -
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m700s_firmware -
lenovo thinkcentre_m600_firmware -
lenovo thinkcentre_e74_firmware -
lenovo thinkpad_t590_firmware -
lenovo thinkpad_r490_firmware -
lenovo xiaoxin_air_15ikbr_firmware -
lenovo s145-14ikb_firmware -
lenovo qitian_a815_firmware -
lenovo thinkpad_e450c_firmware -
lenovo rescuer_y7000_firmware -
lenovo legion_y740-15ichg_firmware -
lenovo qitian_4500_firmware -
lenovo thinkcentre_m6500t_firmware -
lenovo thinkcentre_m720s_firmware -
lenovo qt_m415_firmware -
lenovo thinkcentre_m9500z_firmware -
lenovo aio520-24iku_firmware -
lenovo thinkpad_s1_yoga_firmware -
lenovo thinkcentre_e95z_firmware -
lenovo thinkcentre_m73_firmware -
lenovo yta8900f_firmware -
lenovo thinkpad_x250_firmware -
lenovo thinkcentre_e75s_firmware -
lenovo thinkcentre_m8350z_firmware -
lenovo legion_y740-15irhg_firmware -
lenovo wei5-14ikb_firmware -
lenovo qitian_m4600_firmware -
lenovo yoga_11e_4th_gen_firmware -
lenovo thinkcentre_m9350z_firmware -
lenovo a340-24icb_firmware -
lenovo thinkpad_t470s_firmware -
lenovo thinkpad_p71_firmware -
lenovo thinkstation_p330_firmware -
lenovo ideacentre_720-18apr_firmware -
lenovo 720s_touch-15ikb_firmware -
lenovo v320-15ikb_firmware -
lenovo l340-17irh_firmware -
lenovo xiaoxin-14iwl_qc_2019_firmware -
lenovo thinkpad_l590_firmware -
lenovo v510z_(yt_s5250)_firmware -
lenovo thinkcentre_m700q_firmware -
lenovo ideacentre_720-18icb_firmware -
lenovo xiaoxin_air_14iwl_firmware -
lenovo thinkpad_s5_yoga_15_firmware -
lenovo thinkpad_e580_firmware -
lenovo thinkstation_e32_firmware -
lenovo thinkpad_e470_firmware -
lenovo thinkpad_s3_firmware -
lenovo thinkpad_p53_firmware -
lenovo thinkpad_l380_yoga_firmware -
lenovo v310-14isk_firmware -
lenovo flex_6-1470_firmware -
lenovo yangtian_mc_h110_pci_firmware -
lenovo v520s-08ikl_firmware -
lenovo flex-15iwl_firmware -
lenovo yangtian_mc_h110_firmware -
lenovo thinkcentre_e73s_firmware -
lenovo m4500_firmware -
lenovo legion_y9000k_2019_firmware -
lenovo yangtian_wf_h81_pci_firmware -
lenovo thinkcentre_m910x_firmware -
lenovo legion_t530-28icb_reflash_firmware -
lenovo yangtian_ms_h81_firmware -
lenovo yangtian_afq150_firmware -
lenovo thinkcentre_m920q_firmware -
lenovo v730-15ikb_firmware -
lenovo 330-17ich_firmware -
lenovo c340-15iwl_firmware -
lenovo thinkpad_l460_firmware -
lenovo m4500_id_firmware -
lenovo thinkcentre_m710e_firmware -
lenovo 530s-14ikb_firmware -
lenovo legion_y730-17ich_firmware -
lenovo thinkcentre_m4500s_firmware -
lenovo v130-14ikb_firmware -
lenovo thinkcentre_m920z_firmware -
lenovo thinkpad_t550_firmware -
lenovo qitian_m4650_firmware -
lenovo s540-14iwl_firmware -
lenovo thinkpad_e550c_firmware -
lenovo y7000_2019_1050_firmware -
lenovo thinkstation_p310_firmware -
lenovo ideacentre_310s-08igm_firmware -
lenovo v330-15ikb_firmware -
lenovo thinkpad_w541_firmware *
lenovo thinkpad_l480_firmware -
lenovo thinkpad_w550s_firmware -
lenovo xiaoxin_air_14ikbr_firmware -
lenovo aio520-24ikl_firmware -
lenovo thinkpad_p50s_firmware -
lenovo ideacentre_310s-08asr_firmware -
lenovo a340-22ast_firmware -
lenovo yogo_a940-27icb_firmware -
lenovo thinkcentre_m83_firmware -
lenovo legion_t530-28apr_firmware -
lenovo thinkpad_x1_yoga_firmware -
lenovo qt_m410_firmware -
lenovo thinkpad_t470p_firmware -
lenovo thinkpad_yoga_11e_firmware -
lenovo thinkcentre_m800_firmware -
lenovo xiaoxin_air-15iwl_2019_firmware -
lenovo thinksystem_odc5200-cn650s_firmware -
lenovo thinkcentre_m700t_firmware -
lenovo 330-15ikbr_firmware -
lenovo thinkpad_p73_firmware -
lenovo qitian_m4550_firmware -
lenovo thinkpad_e460_firmware -
lenovo thinkpad_t25_firmware -
lenovo m4550_id_firmware -
lenovo xiaoxin_tide_7000-15_u42_firmware -
lenovo thinkcentre_m725s_firmware -
lenovo thinkcentre_m910t_firmware -
lenovo thinkcentre_m7300z_firmware -
lenovo yangtian_mf_h110_pci_firmware -
lenovo thinkcentre_m8600s_firmware -
lenovo thinkstation_p320_tiny_firmware -
lenovo yangtian_tc_h110_pci_firmware -
lenovo thinkpad_helix_firmware *
lenovo qitian_b4650_firmware -
lenovo qitian_b4550_firmware -
lenovo thinkcentre_m83z_(aio)_firmware -
lenovo thinkpad_t580_firmware -
lenovo thinkcentre_m79_firmware -
lenovo 510-15ikl_firmware -
lenovo thinkpad_x1_carbon_firmware -
lenovo thinkcentre_e96z_firmware -
lenovo thinkpad_e450_firmware -
lenovo zhaoyang_e53-80_firmware -
lenovo ideacentre_510-15icb_firmware -
lenovo s540-14iwl_touch_firmware -
lenovo aio_330-20igm_firmware -
lenovo aio520-24arr_firmware -
lenovo thinkcentre_m820z_firmware -
lenovo thinkcentre_m93_firmware -
lenovo v530s-07icb_firmware -
lenovo thinkcentre_m6600s_firmware -
lenovo flex_6-14ikb_firmware -
lenovo thinkpad_t450s_firmware -
lenovo thinkcentre_m710s_firmware -
lenovo yoga_s730-13iwl_firmware -
lenovo yangtian_afh110_firmware -
lenovo thinkpad_p50_firmware -
lenovo thinkcentre_s510_firmware -
lenovo thinkpad_x280_firmware -
lenovo v520t-15ikl_firmware -
lenovo thinkcentre_m93p_firmware -
lenovo thinkcentre_m6600t_firmware -
lenovo l340-17iwl_firmware -
lenovo v310z(yt_s3150)_firmware -
lenovo thinkpad_p70_firmware -
lenovo v310-15isk_firmware -
lenovo v540-24iwl(yt_s5430)_firmware -
lenovo v320-14ikb_firmware -
lenovo yangtian_wcc_h81_pci_firmware -
lenovo thinkpad_l490_firmware -
lenovo 330-14ikb_firmware -
lenovo s340-15iwl_touch_firmware -
lenovo s940-14iwl_firmware -
lenovo thinkpad_x390_yoga_firmware -
lenovo thinkpad_t470_firmware -
lenovo thinkcentre_x1_aio_firmware -
lenovo thinkcentre_e75t_firmware -
lenovo 340c-15ikb_firmware -
lenovo thinkpad_10_firmware -
lenovo thinkcentre_m73_tiny_firmware -
lenovo xiaoxin_air_15iwl_firmware -
lenovo thinkstation_p330_tiny_firmware -
lenovo thinkcentre_m4600t_firmware -
lenovo yoga_11e_3rd_gen_firmware -
lenovo 63_firmware -
lenovo v110-14ikb_firmware -
lenovo thinkpad_e560p_firmware -
lenovo thinkpad_l560_firmware -
lenovo thinkcentre_m920t_firmware -
lenovo s340-14iwl_touch_firmware -
lenovo thinksystem_hr630x_(skl)_firmware -
lenovo thinkpad_p52s_firmware -
lenovo thinkcentre_m6500s_firmware -
lenovo h50-30g_desktop_firmware -
lenovo yangtian_ws_h81_firmware -
CVE-2019-6189 MEDIUM

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2019-6190 LOW

Lenovo was notified of a potential denial of service vulnerability, affecting various versions of BIOS for Lenovo Desktop, Desktop - All in One, and ThinkStation, that could cause PCRs to be cleared intermittently after resuming from sleep (S3) on systems with Intel TXT enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@lenovo.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-665,

Products Affected

Vendor Product Version
lenovo thinkcentre_m910s_firmware *
lenovo thinkcentre_m8300z_firmware *
lenovo ideacentre_310s-08igm_firmware *
lenovo qt_m415_firmware *
lenovo thinkcentre_m710s_firmware *
lenovo thinkcentre_s510_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m7300z_firmware *
lenovo aio_330-20ast_firmware *
lenovo thinkcentre_m820z_firmware *
lenovo thinkcentre_m4500k_desktop_firmware *
lenovo yangtian_mc_h110_firmware *
lenovo qitian_4500_desktop_firmware *
lenovo thinkstation_p700_firmware *
lenovo v410z_firmware *
lenovo thinkstation_p300_firmware *
lenovo aio520-24arr_firmware *
lenovo qt_b415_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo thinkcentre_m93_firmware *
lenovo yangtian_mc_h110_pci_firmware *
lenovo thinkcentre_m910q_firmware *
lenovo thinkcentre_m9500z_firmware *
lenovo yangtian_mf_h81_pci_desktop_firmware *
lenovo legion_c530-19icb_firmware *
lenovo thinkcentre_e93_firmware *
lenovo thinkstation_p500_firmware *
lenovo legion_t530-28apr_reflash_firmware *
lenovo thinkcentre_m6600s_firmware *
lenovo qitian_m4550_desktop_firmware *
lenovo v540-24iwl_firmware *
lenovo thinkcentre_m83_firmware *
lenovo aio_520-24ast_firmware *
lenovo qt_m410_firmware *
lenovo thinkcentre_m8350z_firmware *
lenovo ideacentre_510a-15icb_firmware *
lenovo thinkcentre_m6500t_firmware *
lenovo thinkcentre_m910t_firmware *
lenovo yangtian_wcc_h81_pci_desktop_firmware *
lenovo thinkcentre_m73_tiny_firmware *
lenovo thinkcentre_e95z_firmware *
lenovo yangtian_mc_h81_desktop_firmware *
lenovo thinkcentre_m715q_firmware *
lenovo ideacentre_720-18apr_firmware *
lenovo yangtian_wf_h110_pci_firmware *
lenovo thinkcentre_e96z_firmware *
lenovo v310z_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo qitian_b4550_desktop_firmware *
lenovo thinkcentre_m710e_firmware *
lenovo v520s-08ikl_firmware *
lenovo thinkcentre_m8500s_firmware *
lenovo yangtian_ws_h81_desktop_firmware *
lenovo legion_t530-28icb_reflash_firmware *
lenovo ideacentre_700_firmware *
lenovo v530s-07icb_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m700t_firmware *
lenovo thinkstation_p720_firmware *
lenovo thinkcentre_m79_firmware *
lenovo thinkstation_p910_firmware *
lenovo lenovo_v330-15igm_firmware *
lenovo lenovo_63_desktop_firmware *
lenovo m4550_id_desktop_firmware *
lenovo thinkcentre_m9550z_firmware *
lenovo yangtian_afq150_firmware *
lenovo thinkcentre_m715s_firmware *
lenovo thinkcentre_m4500q_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkcentre_m715q_rr_firmware *
lenovo thinkcentre_m800z_firmware *
lenovo thinkcentre_m6600t_firmware *
lenovo a340-22ast_firmware *
lenovo thinkcentre_m4600s_firmware *
lenovo aio520-24iku_firmware *
lenovo thinkcentre_e75s_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m910x_firmware *
lenovo thinkcentre_e74z_firmware *
lenovo a340-22_iwl_firmware *
lenovo m4500_desktop_firmware *
lenovo thinkstation_c30_refresh_firmware *
lenovo thinkcenter_m700z_firmware *
lenovo thinkcentre_m910z_firmware *
lenovo thinkcentre_m8500t_firmware *
lenovo yogo_a940-27icb_firmware *
lenovo thinkstation_p310_firmware *
lenovo 510-15ikl_firmware *
lenovo yangtian_ms_h81_desktop_firmware *
lenovo v530-22icb_firmware *
lenovo thinkstation_p510_firmware *
lenovo thinkcentre_m800_firmware *
lenovo thinkcentre_e74_firmware *
lenovo thinkcentre_m9350z_firmware *
lenovo thinkcentre_m900_firmware *
lenovo thinkcentre_m8600t_firmware *
lenovo thinkcentre_m920z_firmware *
lenovo ideacentre_720-18icb_firmware *
lenovo thinkstation_p410_firmware *
lenovo h50-30g_desktop_firmware *
lenovo yangtian_ytm6900e-00_firmware *
lenovo thinkstation_p520_firmware *
lenovo thinkcentre_m715t_firmware *
lenovo yangtian_afh81_desktop_firmware *
lenovo legion_t530-28icb_firmware *
lenovo thinkcenter_m800z_firmware *
lenovo yangtian_wf_h81_pci_desktop_firmware *
lenovo thinkstation_p900_firmware *
lenovo thinkcentre_m8600s_firmware *
lenovo thinkstation_e32_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo legion_c730-19ico_firmware *
lenovo thinkstation_p318_firmware *
lenovo thinkcentre_m4500t_desktop_firmware *
lenovo aio520-22iku_firmware *
lenovo thinkstation_s30_refresh_firmware *
lenovo yangtian_afh110_firmware *
lenovo ideacentre_510-15icb_firmware *
lenovo thinkcentre_e73_desktop_firmware *
lenovo yangtian_we_h110_firmware *
lenovo a340-24_iwl_firmware *
lenovo thinkcentre_m83z_firmware *
lenovo thinkcentre_m818z_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo thinkcentre_m90n-1_firmware *
lenovo v510z_firmware *
lenovo 510s-08ikl_firmware *
lenovo legion_t730-28ico_firmware *
lenovo yangtian_tc_h81_pci_desktop_firmware *
lenovo thinkcentre_m710q_firmware *
lenovo ideacentre_730s-24ikb_firmware *
lenovo thinkcentre_m6600q_firmware *
lenovo aio520-27ikl_firmware *
lenovo yangtian_me_h110_firmware *
lenovo thinkcentre_m73_desktop_firmware *
lenovo legion_y520t_z370_firmware *
lenovo thinkcentre_e73s_desktop_firmware *
lenovo thinkcentre_m600_firmware *
lenovo v520t-15ikl_firmware *
lenovo a340-22icb_firmware *
lenovo thinkcentre_m710t_firmware *
lenovo qitian_b4650_firmware *
lenovo qt_a7400_firmware *
lenovo yta8900f_firmware *
lenovo thinkstation_p320_tiny_firmware *
lenovo thinkcentre_m610_firmware *
lenovo thinkcentre_m700s_firmware *
lenovo thinkcentre_m725s_firmware *
lenovo thinkcentre_m4600t_firmware *
lenovo thinkcentre_e75t_firmware *
lenovo thinkcentre_m6500s_firmware *
lenovo qitian_a815_firmware *
lenovo yangtian_wc_h110_pci_firmware *
lenovo qitian_m4600_firmware *
lenovo qitian_m4650_firmware *
lenovo thinkstation_p320_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkcentre_e74s_firmware *
lenovo thinkcentre_m93z_firmware *
lenovo ideacentre_310s-08asr_firmware *
lenovo thinkcentre_m700q_firmware *
lenovo thinkstation_p710_firmware *
lenovo yangtian_mf_h110_pci_firmware *
lenovo thinkcentre_x1_aio_firmware *
lenovo v530-24icb_firmware *
lenovo aio_330-20igm_firmware *
lenovo legion_t530-28apr_firmware *
lenovo yangtian_tc_h110_pci_firmware *
lenovo thinkcentre_m700z_firmware *
lenovo thinkstation_d30_refresh_firmware *
lenovo thinkcentre_m900z_firmware *
lenovo thinkcentre_m93p_firmware *
lenovo thinkcentre_m6600_firmware *
lenovo thinkstation_p330_firmware *
lenovo thinkstation_p520c_firmware *
lenovo thinkcentre_m73p_firmware *
lenovo qitian_b5900_firmware *
lenovo thinkcentre_m4500s_desktop_firmware *
lenovo a340-24icb_firmware *
lenovo m4500_id_desktop_firmware *
CVE-2019-6191 MEDIUM

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo paper 1.0.0.22
CVE-2019-6192 LOW

A potential vulnerability has been reported in Lenovo Power Management Driver versions prior to 1.67.17.48 leading to a buffer overflow which could cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-120,

Products Affected

Vendor Product Version
lenovo power_management_driver *
CVE-2019-6193 MEDIUM

An information disclosure vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow unauthenticated access to some configuration files which may contain usernames, license keys, IP addresses, and encrypted password hashes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@lenovo.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-200,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6194 MEDIUM

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.6.6 that could allow information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2019-6195 LOW

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,CWE-269,

Products Affected

Vendor Product Version
lenovo xclarity_controller *
CVE-2019-6196 MEDIUM

A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
lenovo installation_package *
CVE-2020-8316 LOW

A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to read files on the system with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N 0.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2020-8317 MEDIUM

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
lenovo drivers_management *
CVE-2020-8318 HIGH

A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System Interface Foundation prior to version that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2020-8319 HIGH

A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2020-8320 MEDIUM

An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-489,CWE-269,

Products Affected

Vendor Product Version
lenovo thinkpad_l460_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_t495s_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_e475_firmware *
lenovo thinkpad_r14_firmware *
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_l13_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_yoga_11e_3rd_gen_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_e14_firmware *
lenovo thinkpad_l560_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_yoga_11e_4th_gen_firmware *
lenovo thinkpad_p51s_firmware *
lenovo thinkpad_e570_firmware *
lenovo thinkpad_13_2nd_gen_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_t25_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkpad_a285_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkpad_e560p_firmware *
lenovo thinkpad_e465_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_l470_firmware *
lenovo thinkpad_e555_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_e560_firmware *
lenovo thinkpad_e480_firmware *
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_t490s_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_x395_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_yoga_11e_5th_gen_firmware *
lenovo thinkpad_a485_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_s3_gen_2_firmware *
lenovo thinkpad_s3_firmware *
lenovo thinkpad_l570_firmware *
lenovo thinkpad_s1_3rd_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_s3_3rd_gen_firmware *
lenovo thinkpad_e470_firmware *
lenovo thinkpad_a275_firmware *
lenovo thinkpad_e485_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_l380_firmware *
lenovo thinkpad_13_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_s1_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_e585_firmware *
lenovo thinkpad_11e_firmware *
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_a475_firmware *
lenovo thinkpad_s2_yoga_3rd_gen_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_e455_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_e575_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_t495_firmware *
lenovo thinkpad_e460_firmware *
lenovo thinkpad_l1415_firmware *
lenovo thinkpad_s2_yoga_4th_gen_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_s5_firmware *
lenovo thinkpad_r590_firmware *
lenovo thinkpad_e15_firmware *
lenovo thinkpad_e565_firmware *
CVE-2020-8321 MEDIUM

A potential vulnerability in the SMI callback function used in the System Lock Preinstallation driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo 330-17ich_firmware -
lenovo c340-15iwl_firmware -
lenovo yoga_730-13ikb_firmware -
lenovo c340-15iml_firmware -
lenovo s145-15iwl_firmware -
lenovo 130-15ast_firmware -
lenovo 530s-14arr_firmware -
lenovo 530s-14ikb_firmware -
lenovo legion_y540-15irh_firmware -
lenovo legion_y730-17ich_firmware -
lenovo v330-15ast_firmware -
lenovo yoga_c740-14iml_firmware -
lenovo v130-14ikb_firmware -
lenovo legion_y7000p-1060_firmware -
lenovo rescuer_y7000(1060)_firmware -
lenovo 330-15ikb_firmware -
lenovo thinkstation_p700_firmware *
lenovo xiaoxin-14igm_qc_2019_firmware -
lenovo s540-14iwl_firmware -
lenovo legion_y545_pg0_firmware -
lenovo y7000_2019_1050_firmware -
lenovo e43-80_kbl_firmware -
lenovo 330c-15ikb_firmware -
lenovo s145-15igm_firmware -
lenovo 330-15ikbr_touch_firmware -
lenovo xiaoxin-13iml_firmware -
lenovo 130-14ikb_firmware -
lenovo s340-15iwl_firmware -
lenovo xiaoxin_air-14iwl_2019_firmware -
lenovo thinkstation_p500_firmware *
lenovo v130-14ast_firmware -
lenovo xiaoxin_air_14ikbr_firmware -
lenovo legion_y7000p_pg0_firmware -
lenovo l340-15api_firmware -
lenovo s530-13iml_firmware -
lenovo yoga_530-14arr_firmware -
lenovo 330-15arr_touch_firmware -
lenovo s540-15iwl_gtx_firmware -
lenovo 130-15ikb_firmware -
lenovo 330-15igm_firmware -
lenovo ideapad_5_15iil05_firmware -
lenovo lenovo_v320-17ikb_firmware -
lenovo c340-14iwl_firmware -
lenovo xiaoxin_air_15ikbr_firmware -
lenovo xx-14kb_qc_2019_firmware -
lenovo s145-14ikb_firmware -
lenovo 330c-14ikb_firmware -
lenovo xiaoxin_air-15iwl_2019_firmware -
lenovo 330-15ich_firmware -
lenovo 340c-15igm_firmware -
lenovo 330-15ikbr_firmware -
lenovo rescuer_y7000_firmware -
lenovo xiaoxin-14_2019iwl_firmware -
lenovo yoga_s740-14iil_firmware -
lenovo legion_y740-15ichg_firmware -
lenovo rescuer_y7000p(1060)_firmware -
lenovo legion_y540-17irh_firmware -
lenovo lenovo_e41-25_firmware -
lenovo legion_y530-15ich_firmware -
lenovo s340-14iwl_firmware -
lenovo thinkstation_p720_firmware *
lenovo v320-17ikbr_firmware -
lenovo legion_y7000p_2019_firmware -
lenovo c340-14api_firmware -
lenovo thinkstation_p910_firmware *
lenovo legion_y540-17_pg0_firmware -
lenovo s145-14igm_firmware -
lenovo thinkstation_p920_firmware *
lenovo c340-15iil_firmware -
lenovo 340c-15iwl_firmware -
lenovo yoga_730-13iwl_firmware -
lenovo s340-15iml_firmware -
lenovo s540-15iwl_firmware -
lenovo l340-15iwl_touch_firmware -
lenovo c340-14iml_firmware -
lenovo ideapad_3_17iml05_firmware -
lenovo yoga_530-14ikb_firmware -
lenovo ideapad_3_15iil05_firmware -
lenovo s145-14_firmware -
lenovo l340-15api_touch_firmware -
lenovo 330-15arr_firmware -
lenovo legion_y740-15irhg_firmware -
lenovo wei5-14ikb_firmware -
lenovo yoga_c940_firmware -
lenovo legion_y740-17ichg_firmware -
lenovo thinkstation_p510_firmware *
lenovo v330-14igm_firmware -
lenovo v130-14igm_firmware -
lenovo legion_y540-15_pg0_firmware -
lenovo d335-10igm_firmware -
lenovo 330-17ikbr_firmware -
lenovo v330-14isk_firmware -
lenovo 530s-15iwl_firmware -
lenovo ideapad_3_14_firmware -
lenovo v330-14ast_firmware -
lenovo s145-14iwl_firmware -
lenovo xiaoxin-15_2019iwl_firmware -
lenovo legion_y7000_2019_firmware -
lenovo thinkstation_p410_firmware *
lenovo l340-17api_firmware -
lenovo s550-14iil_firmware -
lenovo s340-14iil_firmware -
lenovo s540-14api_firmware -
lenovo thinkstation_p520_firmware *
lenovo s540-14iwl_touch_firmware -
lenovo legion_y730-15ich_firmware -
lenovo 720s-13arr_firmware -
lenovo e4-14arr_firmware -
lenovo thinkstation_p900_firmware *
lenovo s145-15ikb_firmware -
lenovo 330-14ikbr_firmware -
lenovo v330-14arr_firmware -
lenovo flex_6-14ikb_firmware -
lenovo v320-15ikb_firmware -
lenovo flex_6-14arr_firmware -
lenovo yoga_c740-15iml_firmware -
lenovo l340-17irh_firmware -
lenovo xiaoxin-14iwl_qc_2019_firmware -
lenovo 330-17ikb_firmware -
lenovo xiaoxin_air_14arr_firmware -
lenovo 330-14igm_firmware -
lenovo xiaoxin_air_14iwl_firmware -
lenovo legion_y530-15ich-1060_firmware -
lenovo s340-13iml_firmware -
lenovo yoga_c930_glass_firmware -
lenovo ideapad_3_15_firmware -
lenovo zhaoyang_k42-80_firmware -
lenovo 320c-15ikb_firmware -
lenovo 530s-15ikb_firmware -
lenovo l340-17iwl_firmware -
lenovo s530-13iwl_firmware -
lenovo v320-14ikb_firmware -
lenovo flex-14iwl_firmware -
lenovo l3_15iml05_firmware -
lenovo xiaoxin_air_13iwl_firmware -
lenovo 330-14ikb_firmware -
lenovo s340-15iwl_touch_firmware -
lenovo 130-14ast_firmware -
lenovo yoga_730-15iwl_firmware -
lenovo ideapad_3_14iil05_firmware -
lenovo 340c-15ikb_firmware -
lenovo xiaoxin_air_15iwl_firmware -
lenovo flex_6-1470_firmware -
lenovo yoga_720-12ikb_firmware -
lenovo lenovo_v720-14ikb_firmware -
lenovo legion_y7000_pg0_firmware -
lenovo v145-14ast_firmware -
lenovo l340-15irh_firmware -
lenovo flex-15iwl_firmware -
lenovo 530s-14iwl_firmware -
lenovo yoga_c930-13ikb_firmware -
lenovo s340-14api_firmware -
lenovo s340-15api_firmware -
lenovo legion_y545_firmware -
lenovo s340-14_firmware -
lenovo s340-14iml_firmware -
lenovo s540-14iml_firmware -
lenovo s340-14iwl_touch_firmware -
lenovo thinkstation_p710_firmware *
lenovo s540-15iml_firmware -
lenovo legion_y9000k_2019_firmware -
lenovo k43c-80_firmware -
lenovo rescuer_y7000p_firmware -
lenovo v145-15ast_firmware -
lenovo legion_y740-17irhg_firmware -
lenovo legion_y9000p_2019_firmware -
lenovo yoga_730-15ikb_firmware -
lenovo 720s-14ikbr_firmware -
lenovo d330-10igm_firmware -
lenovo thinkstation_p520c_firmware *
lenovo 330c-15ikbr_firmware -
lenovo v130-15ast_firmware -
CVE-2020-8322 MEDIUM

A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo v730-15ikb_firmware -
lenovo v130-15igm_firmware -
lenovo s540-13api_firmware -
lenovo v330-15isk_firmware -
lenovo k22-80_firmware -
lenovo s145-14ast_firmware -
lenovo k32-80_kbl_firmware -
lenovo v110-14ast_firmware -
lenovo xx-14api_qc_2019_firmware -
lenovo s145-15ast_firmware -
lenovo v110-15ast_firmware -
lenovo 340c-15ast_firmware -
lenovo s750-iil_firmware -
lenovo 6_pro-13-iwl_firmware -
lenovo 720s_touch-15ikb_firmware -
lenovo e52-80_firmware -
lenovo 340c-15api_firmware -
lenovo v340-iml_firmware -
lenovo 14iwl_firmware -
lenovo v330-15ikb_firmware -
lenovo yoga_s730-13iwl_firmware -
lenovo 720s-15ikb_firmware -
lenovo v330-15igm_firmware -
lenovo miix_720-12ikb_firmware -
lenovo v340-iil_firmware -
lenovo thinkbook_13s-iwl_firmware -
lenovo thinkbook_14s-iwl_firmware -
lenovo 6_pro-14-iwl_firmware -
lenovo k4-iwl_firmware -
lenovo 330-15ast_firmware -
lenovo e53-80_firmware -
lenovo 330-14ast_firmware -
lenovo s940-14iwl_firmware -
lenovo xiaoxin_14-ast_qc_2019_firmware -
lenovo e42-80_firmware -
lenovo k32-80_skl_firmware -
lenovo wei5-15ikb_firmware -
lenovo c640-iml_firmware -
lenovo v720-12_firmware -
lenovo v730-13ikb_firmware -
lenovo k3_firmware -
lenovo v730-13isk_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo v110-14ikb_firmware -
lenovo v130-15ikb_firmware -
lenovo v310-15igm_firmware -
lenovo 330-17ast_firmware -
lenovo v540s-13_firmware -
lenovo 730s-13iwl_firmware -
lenovo s145-14api_firmware -
lenovo s145-15api_firmware -
CVE-2020-8323 MEDIUM

A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo v730-15ikb_firmware -
lenovo thinkpad_w540_firmware *
lenovo thinkpad_l460_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_t495s_firmware *
lenovo thinkpad_t440s_firmware *
lenovo v330-15isk_firmware -
lenovo k22-80_firmware -
lenovo thinkpad_t480_firmware *
lenovo thinkpad_x240s_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_t540_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_e475_firmware *
lenovo thinkpad_r14_firmware *
lenovo thinkpad_t460s_firmware *
lenovo v110-15ast_firmware -
lenovo thinkpad_l13_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_yoga_11e_3rd_gen_firmware *
lenovo thinkpad_p53s_firmware *
lenovo s750-iil_firmware -
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_e14_firmware *
lenovo thinkpad_l560_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_yoga_11e_4th_gen_firmware *
lenovo thinkpad_p51s_firmware *
lenovo 340c-15api_firmware -
lenovo 14iwl_firmware -
lenovo v330-15ikb_firmware -
lenovo thinkpad_w541_firmware *
lenovo thinkpad_e570_firmware *
lenovo thinkpad_13_2nd_gen_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_t25_firmware *
lenovo 720s-15ikb_firmware -
lenovo thinkpad_t440_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkpad_a285_firmware *
lenovo v340-iil_firmware -
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_w550s_firmware *
lenovo thinkpad_x1_carbon_(20ax)_firmware *
lenovo thinkpad_x1_carbon_(20bx)_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_t460_firmware *
lenovo 330-15ast_firmware -
lenovo thinkpad_e560p_firmware *
lenovo xiaoxin_14-ast_qc_2019_firmware -
lenovo thinkpad_s5_yoga_15_firmware *
lenovo thinkpad_e465_firmware *
lenovo e42-80_firmware -
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_s1_yoga_vpro_firmware *
lenovo thinkpad_x140e_firmware *
lenovo wei5-15ikb_firmware -
lenovo c640-iml_firmware -
lenovo v730-13ikb_firmware -
lenovo thinkpad_l470_firmware *
lenovo k3_firmware -
lenovo thinkpad_e555_firmware *
lenovo thinkpad_x250_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo 330-17ast_firmware -
lenovo v540s-13_firmware -
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_helix_firmware *
lenovo thinkpad_e560_firmware *
lenovo s145-14api_firmware -
lenovo s145-15api_firmware -
lenovo thinkpad_e480_firmware *
lenovo v130-15igm_firmware -
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_s540_firmware *
lenovo thinkpad_s1_yoga_firmware *
lenovo thinkpad_t490s_firmware *
lenovo s540-13api_firmware -
lenovo s145-14ast_firmware -
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_x395_firmware *
lenovo k32-80_kbl_firmware -
lenovo v110-14ast_firmware -
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo xx-14api_qc_2019_firmware -
lenovo thinkpad_l590_firmware *
lenovo s145-15ast_firmware -
lenovo thinkpad_r490_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_yoga_11e_5th_gen_firmware *
lenovo 340c-15ast_firmware -
lenovo thinkpad_a485_firmware *
lenovo 6_pro-13-iwl_firmware -
lenovo thinkpad_e580_firmware *
lenovo thinkpad_s3_gen_2_firmware *
lenovo thinkpad_s3_firmware *
lenovo thinkpad_l570_firmware *
lenovo 720s_touch-15ikb_firmware -
lenovo thinkpad_s1_3rd_firmware *
lenovo e52-80_firmware -
lenovo thinkpad_x390_yoga_firmware *
lenovo v340-iml_firmware -
lenovo thinkpad_x1_carbon_firmware *
lenovo thinkpad_s3_3rd_gen_firmware *
lenovo thinkpad_e470_firmware *
lenovo yoga_s730-13iwl_firmware -
lenovo thinkpad_a275_firmware *
lenovo v330-15igm_firmware -
lenovo miix_720-12ikb_firmware -
lenovo thinkpad_e485_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_t540p_firmware *
lenovo thinkbook_13s-iwl_firmware -
lenovo thinkpad_l380_firmware *
lenovo thinkbook_14s-iwl_firmware -
lenovo thinkpad_13_firmware *
lenovo thinkpad_p1_firmware *
lenovo 6_pro-14-iwl_firmware -
lenovo thinkpad_s1_firmware *
lenovo thinkpad_t440p_firmware *
lenovo k4-iwl_firmware -
lenovo thinkpad_t460p_firmware *
lenovo e53-80_firmware -
lenovo thinkpad_e585_firmware *
lenovo 330-14ast_firmware -
lenovo thinkpad_11e_firmware *
lenovo s940-14iwl_firmware -
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_a475_firmware *
lenovo k32-80_skl_firmware -
lenovo thinkpad_s2_yoga_3rd_gen_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_e455_firmware *
lenovo thinkpad_yoga_11e_(20dx)_firmware *
lenovo thinkpad_x390_firmware *
lenovo v720-12_firmware -
lenovo thinkpad_t550_firmware *
lenovo thinkpad_t480s_firmware *
lenovo v730-13isk_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo v110-14ikb_firmware -
lenovo v130-15ikb_firmware -
lenovo v310-15igm_firmware -
lenovo thinkpad_x240_firmware *
lenovo thinkpad_e575_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_t495_firmware *
lenovo thinkpad_e460_firmware *
lenovo thinkpad_l1415_firmware *
lenovo thinkpad_s2_yoga_4th_gen_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_s5_firmware *
lenovo thinkpad_r590_firmware *
lenovo thinkpad_e15_firmware *
lenovo 730s-13iwl_firmware -
lenovo thinkpad_e565_firmware *
CVE-2020-8324 LOW

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 1.8 3.6
psirt@lenovo.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N 1.3 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-347,CWE-20,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2020-8326 MEDIUM

An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-428,CWE-428,

Products Affected

Vendor Product Version
lenovo drivers_management *
CVE-2020-8327 HIGH

A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,CWE-269,

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2020-8329 HIGH

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
psirt@lenovo.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo lj6700dn_firmware *
lenovo m8960dnf_firmware *
lenovo lj4010dn_firmware *
CVE-2020-8330 HIGH

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
psirt@lenovo.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo lj6700dn_firmware *
lenovo m8960dnf_firmware *
lenovo lj4010dn_firmware *
CVE-2020-8332 MEDIUM

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
lenovo flex_system_x440_firmware *
lenovo bladecenter_hs23e_firmware *
lenovo flex_system_x220_firmware *
lenovo system_x3650_m4_firmware *
lenovo system_x3650_m4_bd_firmware *
lenovo bladecenter_hs23_firmware *
lenovo system_x3650_m4_hd_firmware *
lenovo flex_system_x240_firmware *
lenovo idataplex_dx360_m4_water_cooled_firmware *
lenovo system_x3750_m4_firmware *
lenovo compute_node-x440_firmware *
lenovo system_x3300_m4_firmware *
lenovo nextscale_nx360_m4_firmware *
lenovo idataplex_dx360_m4_firmware *
lenovo system_x3530_m4_firmware *
lenovo system_x3500_m4_firmware *
lenovo system_x3550_m4_firmware *
lenovo system_x3630_m4_firmware *
CVE-2020-8333 HIGH

A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo m4550_firmware *
lenovo qitian_m4550_firmware *
lenovo thinkcentre_m9350z_firmware *
lenovo yangtian_mc_h81_firmware *
lenovo 63_firmware *
lenovo yangtian_wcc_h81_pci_firmware *
lenovo qitian_b4550_firmware *
lenovo yangtian_afh81_firmware *
lenovo thinkstation_p300_firmware *
lenovo thinkcentre_m4500q_firmware *
lenovo thinkcentre_e73_firmware *
lenovo thinkcentre_m4500k_firmware *
lenovo thinkstation_d30_firmware *
lenovo thinkstation_s30_firmware *
lenovo m4500_firmware *
lenovo thinkcentre_m93z_firmware *
lenovo thinkstation_e32_firmware *
lenovo thinkcentre_e93_firmware *
lenovo qitian_4500_firmware *
lenovo thinkstation_c30_firmware *
lenovo thinkcentre_m4500s_firmware *
lenovo yangtian_mf_h81_pci_firmware *
lenovo yangtian_wf_h81_pci_firmware *
lenovo yangtian_tc_h81_pci_firmware *
lenovo h50-30g_firmware *
lenovo thinkcentre_e73s_firmware *
lenovo thinkcentre_m4500t_firmware *
CVE-2020-8334 MEDIUM

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
lenovo thinkpad_t495s_firmware -
lenovo thinkpad_x395_firmware -
lenovo thinkpad_a285_firmware -
lenovo thinkpad_a475_firmware -
lenovo thinkpad_t495_firmware -
lenovo thinkpad_a485_firmware -
lenovo thinkpad_a275_firmware -
CVE-2020-8335 MEDIUM

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r0xuj70w; A485, BIOS versions up to r0wuj65w; T495 BIOS versions up to r12uj55w; T495s/X395, BIOS versions up to r13uj47w, while the emergency-reset button is pressed which may allow for unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_a275_firmware *
lenovo thinkpad_x1_carbon_(20bx)_firmware *
lenovo thinkpad_t495s_jazz_firmware *
lenovo thinkpad_a475_firmware *
lenovo thinkpad_a285_firmware *
lenovo thinkpad_a485_firmware *
lenovo thinkpad_x395_firmware *
lenovo thinkpad_t495_drift_firmware *
CVE-2020-8336 MEDIUM

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_x1_extreme_(20mx)_firmware *
lenovo thinkpad_p53_(20qx)_firmware *
lenovo thinkpad_x1_yoga_(20sx)_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_t490_(20rx)_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x390_(20qx)_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_x1_yoga_(20qx)_firmware *
lenovo thinkpad_x1_extreme_(20qx)_firmware *
lenovo thinkpad_x1_carbon_(20qx)_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_r14_firmware *
lenovo thinkpad_r490_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_e14_firmware *
lenovo thinkpad_s3_gen_2_firmware *
lenovo thinkpad_s3_firmware *
lenovo thinkpad_p53s_(20nx)_firmware *
lenovo thinkpad_t490_(20qx)_firmware *
lenovo thinkpad_p52_(20mx)_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_p1_(20qx)_firmware *
lenovo thinkpad_t490_(20nx)_firmware *
lenovo thinkpad_l1415_gen_1_firmware *
lenovo thinkpad_t590_(20nx)_firmware *
lenovo thinkpad_p72_(20mx)_firmware *
lenovo thinkpad_s2_yoga_4th_gen_firmware *
lenovo thinkpad_p73_(20qx)_firmware *
lenovo thinkpad_p43s_(20rx)_firmware *
lenovo thinkpad_x390_(20sx)_firmware *
lenovo thinkpad_r590_firmware *
lenovo thinkpad_p1_(20mx)_firmware *
lenovo thinkpad_e15_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_t490s_(20nx)_firmware *
lenovo thinkpad_x1_carbon_(20rx)_firmware *
lenovo thinkpad_l13_1st_gen_firmware *
CVE-2020-8338 HIGH

A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-426,CWE-426,

Products Affected

Vendor Product Version
lenovo diagnostics *
CVE-2020-8340 MEDIUM

A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), prior to version 5.60, embedded Baseboard Management Controller (BMC) web interface during an internal security review. This vulnerability could allow JavaScript code to be executed in the user's web browser if the user is convinced to visit a crafted URL, possibly through phishing. Successful exploitation requires specific knowledge about the user’s network to be included in the crafted URL. Impact is limited to the normal access restrictions and permissions of the user clicking the crafted URL, and subject to the user being able to connect to and already being authenticated to IMM2 or other systems. The JavaScript code is not executed on IMM2 itself.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
psirt@lenovo.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 2.8 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
lenovo integrated_management_module_2 *
CVE-2020-8341 LOW

In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_t590_(20nx)_firmware *
lenovo thinkpad_x1_yoga_(20qx)_firmware *
lenovo thinkpad_t490_(20qx)_firmware *
lenovo thinkpad_x390_(20sx)_firmware *
lenovo thinkpad_x1_carbon_(20qx)_firmware *
lenovo thinkpad_t490s_(20nx)_firmware *
lenovo thinkpad_t490_(20rx)_firmware *
lenovo thinkpad_t490_(20nx)_firmware *
lenovo thinkpad_x390_(20qx)_firmware *
lenovo thinkpad_t495_drift_firmware *
CVE-2020-8342 MEDIUM

A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-362,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2020-8345 MEDIUM

A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
lenovo hardware_scan *
CVE-2020-8346 LOW

A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System Interface Foundation prior to version 1.1.19.5 that could allow configuration files to be written to non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2020-8347 MEDIUM

A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
lenovo enterprise_network_disk 6.1
CVE-2020-8348 MEDIUM

A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
lenovo enterprise_network_disk 6.1
CVE-2020-8349 MEDIUM

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-94,

Products Affected

Vendor Product Version
lenovo cloud_networking_operating_system *
CVE-2020-8350 MEDIUM

An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
lenovo thinkpad_stack_wireless_router_firmware *
CVE-2020-8351 MEDIUM

A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,CWE-269,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2020-8352 LOW

In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 0.9 1.4
nvd@nist.gov 2.4 LOW CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 0.9 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-358,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkcentre_m4500t_firmware -
lenovo yangtian_mf_firmware -
lenovo yangtian_ms_firmware -
lenovo yangtian_afh81_firmware -
lenovo thinkcentre_m4500k_firmware -
lenovo thinkcentre_m73_firmware -
lenovo yangtian_wcc_h81_pci_firmware -
lenovo thinkcentre_e73_firmware -
lenovo yangtian_mc_h81_firmware -
lenovo yangtian_wf_h81_pci_firmware -
lenovo yangtian_tc_firmware -
lenovo qitian_m4550_firmware -
lenovo thinkcentre_m4500s_firmware -
lenovo qitian_4500_firmware -
lenovo yangtian_ws_h81_firmware -
lenovo qitian_b4550_firmware -
CVE-2020-8353 MEDIUM

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkstation_p330_tiny_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkstation_p340t_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p330t_firmware *
lenovo thinkcentre_m920z_firmware *
lenovo thinkstation_p340s_firmware *
lenovo thinkstation_p330s_firmware *
lenovo thinkcentre_m910z_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
CVE-2020-8354 HIGH

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-367,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo notebook_firmware -
CVE-2020-8355 MEDIUM

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2020-8356 MEDIUM

An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwords, if specified, for the Syslog and SMTP forwarders are written to an internal LXCO log file in clear text. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
lenovo xclarity_orchestrator *
CVE-2020-8357 LOW

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, that could allow configuration files to be written to non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3417 MEDIUM

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in the First Failure Data Capture (FFDC) service log. The FFDC service log is only generated when requested by a privileged LXCO user and it is only accessible to the privileged LXCO user that requested the file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
psirt@lenovo.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-319,

Products Affected

Vendor Product Version
lenovo xclarity_orchestrator *
CVE-2021-3451 LOW

A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow configuration files to be written to non-standard locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3452 MEDIUM

A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo bios -
CVE-2021-3453 LOW

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 0.9 3.6
psirt@lenovo.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-693,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo v130-15igm_firmware -
lenovo thinkpad_t550_firmware n11et53w
lenovo ideacentre_aio_5-24imb05_firmware *
lenovo thinkpad_w550s_firmware n11et53w
lenovo ideapad_slim_1-14ast-05_firmware -
lenovo yoga_s940-14iwl_firmware -
lenovo ideapad_slim_1-11ast-05_firmware -
lenovo ideapad_s940-14iwl_firmware -
lenovo v330-15isk_firmware -
lenovo 730s-13iml_firmware -
lenovo v330-15ikb_firmware -
lenovo thinkpad_yoga_15_firmware n19et65w
lenovo ideapad_1-14igl05_firmware -
lenovo yoga_s940-14iil_firmware -
lenovo ideapad_s940-14iil_firmware -
lenovo yoga_s730-13iml_firmware -
lenovo ideacentre_aio_5-74imb05_firmware *
lenovo thinkpad_x1_carbon_3rd_gen_firmware n14et55w
lenovo ideapad_1-11igl05_firmware -
lenovo thinkpad_helix_firmware n17etb4w
lenovo thinkpad_x250_firmware n10et62w
CVE-2021-3462 MEDIUM

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo power_management_driver *
CVE-2021-3463 MEDIUM

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H 0.6 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
lenovo power_management_driver *
CVE-2021-3464 HIGH

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, that could allow privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3473 MEDIUM

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator (LXCA) is used to perform the backup/restore. The backup/restore password typically exists in this internal log buffer for less than 10 minutes before being overwritten. Generating an FFDC service log will include the log buffer contents, including the backup/restore password if present. The FFDC service log is only generated when requested by a privileged XCC user and it is only accessible to the privileged XCC user that requested the file. The backup/restore password is not captured if the backup/restore is initiated directly from XCC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6
psirt@lenovo.com 4.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,CWE-312,

Products Affected

Vendor Product Version
lenovo xclarity_controller 2.14_psi338i
lenovo xclarity_controller 1.10_tgbt12q
lenovo xclarity_controller 4.40_tei3b2p
lenovo xclarity_controller 6.00_cdi370q
CVE-2021-3519 MEDIUM

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H 0.9 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,CWE-287,

Products Affected

Vendor Product Version
lenovo ideacentre_310s-08igm_firmware *
lenovo ideacentre_510s-07icb_firmware *
lenovo thinkcentre_m710s_firmware *
lenovo thinkcentre_m75s_gen_2_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkcentre_qt_b415_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo ideacentre_c5-14mb05_firmware *
lenovo thinkcentre_m820z_firmware *
lenovo thinkcentre_m70a_gen_2_firmware *
lenovo thinkcentre_m720e_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkstation_p520_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m60e_tiny_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo v530-15arr_firmware *
lenovo thinkstation_p340_tiny_firmware *
lenovo v50t-13imb_g2_firmware *
lenovo v520s_firmware *
lenovo thinkcentre_qt_m410_firmware *
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo v55t-15api_firmware *
lenovo thinkcentre_qt_m415_firmware *
lenovo ideacentre_510a-15arr_firmware *
lenovo thinkcentre_e75_t/s_firmware *
lenovo thinkcentre_m710e_firmware *
lenovo thinkcentre_m710t_firmware *
lenovo v530s-07icb_firmware *
lenovo ideacentre_5-14imb05_firmware *
lenovo thinkstation_p720_firmware *
lenovo thinkcentre_m75t_gen_2_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo ideacentre_510s-07ick_firmware *
lenovo v530s-07icr_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo v530-15icr_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo v330_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkstation_p340_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m630e_firmware *
lenovo v520_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo thinkstation_p520c_firmware *
CVE-2021-3550 MEDIUM

A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, that could allow privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3599 HIGH

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_x1_extreme_gen_3_firmware *
lenovo thinkpad_e15_gen_3_firmware *
lenovo thinkpad_l460_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_11e_4th_gen_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_p14s_gen_1_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_t15_gen_2_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x12_detachable_gen_1_firmware *
lenovo thinkpad_l390_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo v130-15igm_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_p15v_gen_1_firmware *
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_l13_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_yoga_11e_3rd_gen_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_yoga_gen_5_firmware *
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_e14_firmware *
lenovo v330-15ikb_firmware *
lenovo thinkpad_l560_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_yoga_11e_4th_gen_firmware *
lenovo thinkpad_p51s_firmware *
lenovo thinkpad_10_firmware *
lenovo thinkpad_p15s_gen_2_firmware *
lenovo thinkpad_x1_nano_gen_1_firmware *
lenovo thinkpad_e570_firmware *
lenovo thinkpad_t14_gen_1_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_yoga_15_firmware *
lenovo thinkpad_p15s_gen_1_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkpad_x1_carbon_gen_7_firmware *
lenovo thinkpad_x13_yoga_gen_2_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_w550s_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_s2_yoga_gen_6_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkpad_l13_gen_2_firmware *
lenovo thinkpad_l15_gen_2_firmware *
lenovo thinkpad_x13_yoga_gen_1_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_x1_tablet_gen_3_firmware *
lenovo thinkpad_13_gen_2_firmware *
lenovo thinkpad_l470_firmware *
lenovo ideapad_s940-14iwl_firmware *
lenovo thinkpad_x1_carbon_5th_gen_kabylake_firmware *
lenovo thinkpad_e14_gen_3_firmware *
lenovo thinkpad_x250_firmware *
lenovo thinkpad_l15_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_s2_gen_6_firmware *
lenovo thinkpad_t14s_gen_2_firmware *
lenovo thinkpad_x1_carbon_3rd_gen_firmware *
lenovo thinkpad_helix_firmware *
lenovo thinkpad_p14s_gen_2_firmware *
lenovo thinkpad_e480_firmware *
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_x1_tablet_gen_2_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_s540_firmware *
lenovo thinkpad_x1_carbon_5th_gen_skylake_firmware *
lenovo thinkpad_t15_firmware *
lenovo thinkpad_t490s_firmware *
lenovo ideapad_yoga_s940-14iwl_firmware *
lenovo thinkpad_x1_carbon_gen_6_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo v330-15isk_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_t14s_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_x1_yoga_1st_gen_firmware *
lenovo thinkpad_yoga_11e_5th_gen_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_l570_firmware *
lenovo thinkpad_x1_carbon_gen_8_firmware *
lenovo thinkpad_x1_titanium_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_t15p_gen_1_firmware *
lenovo thinkpad_t14_gen_2_firmware *
lenovo thinkpad_e470_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_t15g_gen_1_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_11e_3rd_gen_firmware *
lenovo thinkpad_p17_gen_1_firmware *
lenovo thinkpad_l380_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_t440p_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_e15_gen_2_firmware *
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_x13_gen_2_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_p15_gen_1_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_25_firmware *
lenovo thinkpad_t550_firmware *
lenovo thinkpad_e14_gen_2_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_p1_gen_3_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_x1_fold_gen_1_firmware *
lenovo thinkpad_l13_yoga_gen_2_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_l13_yoga_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_e15_firmware *
lenovo thinkpad_x1_carbon_4th_gen_firmware *
lenovo thinkpad_x13_gen_1_firmware *
CVE-2021-3614 MEDIUM

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-636,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo ideapad_flex_5-14alc05_firmware -
lenovo v130-15igm_firmware -
lenovo ideapad_1-14ada05_firmware fqcn19ww
lenovo ideapad_slim_1-14ast-05_firmware -
lenovo ideapad_slim_1-11ast-05_firmware -
lenovo v130-15ikb_firmware -
lenovo ideapad_s940-14iwl_firmware -
lenovo v330-15isk_firmware -
lenovo v330-15ikb_firmware -
lenovo ideapad_1-11ada05_firmware fqcn19ww
lenovo ideapad_yoga_s730-13iml_firmware -
lenovo ideapad_1-14igl05_firmware -
lenovo ideapad_yoga_c940-15irh_firmware -
lenovo 300e_2nd_gen_firmware -
lenovo ideapad_s940-14iil_firmware -
lenovo ideapad_flex_5-15alc05_firmware -
lenovo ideapad_730-13iml_firmware -
lenovo ideapad_1-11igl05_firmware -
lenovo ideapad_yoga_s940-14iil_firmware -
lenovo ideapad_yoga_s940-14iwl_firmware -
lenovo 100e_2nd_gen_firmware -
CVE-2021-3615 MEDIUM

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo smart_camera_x3_firmware *
lenovo smart_camera_c2e_firmware *
lenovo smart_camera_x5_firmware *
CVE-2021-3616 HIGH

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerability is the same as CNVD-2020-68651.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-285,NVD-CWE-Other,

Products Affected

Vendor Product Version
lenovo smart_camera_x3_firmware *
lenovo smart_camera_c2e_firmware *
lenovo smart_camera_x5_firmware *
CVE-2021-3617 MEDIUM

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020-68652.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,CWE-77,

Products Affected

Vendor Product Version
lenovo smart_camera_x3_firmware *
lenovo smart_camera_c2e_firmware *
lenovo smart_camera_x5_firmware *
CVE-2021-3633 MEDIUM

A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,CWE-427,

Products Affected

Vendor Product Version
lenovo drivers_management *
CVE-2021-3718 MEDIUM

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.9 3.6
psirt@lenovo.com 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-232,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_l380_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_s2_yoga_gen_6_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_l15_gen_1_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_11e_4th_gen_celeron_firmware *
lenovo thinkpad_l13_gen_2_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x12_detachable_gen_1_firmware *
lenovo thinkpad_l390_firmware *
lenovo thinkpad_11e_4th_gen_i7_firmware *
lenovo thinkpad_t490_firmware *
lenovo thinkpad_l14_gen_1_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_11e_5th_gen_firmware *
lenovo thinkpad_l13_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_13_gen_2_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_l13_yoga_gen_2_firmware *
lenovo thinkpad_l15_firmware *
lenovo thinkpad_11e_4th_gen_i3_firmware *
lenovo thinkpad_l13_yoga_firmware *
lenovo thinkpad_s2_gen_6_firmware *
lenovo thinkpad_11e_3rd_gen_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_11e_4th_gen_i5_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_t590_firmware *
CVE-2021-3719 HIGH

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkcentre_m800_firmware *
lenovo thinkstation_p900_firmware *
lenovo thinkcentre_m93_firmware *
lenovo thinkcentre_m73_firmware *
lenovo thinkcentre_m900_firmware *
lenovo thinkcentre_e93_firmware *
lenovo thinkstation_p500_firmware *
lenovo thinkcentre_x1_firmware *
lenovo thinkcentre_m600_firmware *
lenovo thinkcentre_m8500t/s_firmware *
lenovo thinkcentre_m83_firmware *
lenovo thinkcentre_m93p_firmware *
lenovo thinkstation_p700_firmware *
lenovo thinkcentre_m6500t/s_firmware *
lenovo thinkcentre_m73p_firmware *
lenovo thinkstation_p300_firmware *
lenovo thinkcentre_m818z_firmware *
lenovo thinkcentre_m900x_firmware *
lenovo thinkcentre_m4500q_firmware *
lenovo thinkcentre_m700_tiny_firmware *
CVE-2021-3720 LOW

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo legion_phone_pro_(l79031)firmware *
lenovo legion_phone2_pro_(l70081)_firmware *
CVE-2021-3721 MEDIUM

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3722 MEDIUM

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,CWE-276,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2021-3786 LOW

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_x1_extreme_gen_3_firmware *
lenovo thinkpad_e15_gen_3_firmware *
lenovo thinkpad_l460_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_11e_4th_gen_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_p14s_gen_1_firmware *
lenovo thinkpad_t480_firmware *
lenovo thinkpad_t15_gen_2_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x12_detachable_gen_1_firmware *
lenovo thinkpad_l390_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_t490_firmware *
lenovo v130-15igm_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_p15v_gen_1_firmware *
lenovo thinkpad_t460s_firmware *
lenovo thinkpad_l13_firmware *
lenovo thinkpad_e590_firmware *
lenovo thinkpad_yoga_11e_3rd_gen_firmware *
lenovo thinkpad_p53s_firmware *
lenovo thinkpad_x1_yoga_gen_5_firmware *
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_e14_firmware *
lenovo v330-15ikb_firmware *
lenovo thinkpad_l560_firmware *
lenovo thinkpad_p72_firmware *
lenovo thinkpad_yoga_11e_4th_gen_firmware *
lenovo thinkpad_p51s_firmware *
lenovo thinkpad_10_firmware *
lenovo thinkpad_p15s_gen_2_firmware *
lenovo thinkpad_x1_nano_gen_1_firmware *
lenovo thinkpad_e570_firmware *
lenovo thinkpad_t14_gen_1_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_yoga_15_firmware *
lenovo thinkpad_p15s_gen_1_firmware *
lenovo thinkpad_p71_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkpad_x1_carbon_gen_7_firmware *
lenovo thinkpad_x13_yoga_gen_2_firmware *
lenovo thinkpad_yoga_370_firmware *
lenovo thinkpad_t590_firmware *
lenovo thinkpad_p51_firmware *
lenovo thinkpad_w550s_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_s2_yoga_gen_6_firmware *
lenovo thinkpad_p43s_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkpad_l13_gen_2_firmware *
lenovo thinkpad_l15_gen_2_firmware *
lenovo thinkpad_x13_yoga_gen_1_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_x1_tablet_gen_3_firmware *
lenovo thinkpad_13_gen_2_firmware *
lenovo thinkpad_l470_firmware *
lenovo ideapad_s940-14iwl_firmware *
lenovo thinkpad_x1_carbon_5th_gen_kabylake_firmware *
lenovo thinkpad_e14_gen_3_firmware *
lenovo thinkpad_x250_firmware *
lenovo thinkpad_l15_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_s2_gen_6_firmware *
lenovo thinkpad_t14s_gen_2_firmware *
lenovo thinkpad_x1_carbon_3rd_gen_firmware *
lenovo thinkpad_helix_firmware *
lenovo thinkpad_p14s_gen_2_firmware *
lenovo thinkpad_e480_firmware *
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_x1_tablet_gen_2_firmware *
lenovo thinkpad_l580_firmware *
lenovo thinkpad_p52_firmware *
lenovo thinkpad_s540_firmware *
lenovo thinkpad_x1_carbon_5th_gen_skylake_firmware *
lenovo thinkpad_t15_firmware *
lenovo thinkpad_t490s_firmware *
lenovo ideapad_yoga_s940-14iwl_firmware *
lenovo thinkpad_x1_carbon_gen_6_firmware *
lenovo thinkpad_t470p_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo v330-15isk_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_t14s_firmware *
lenovo thinkpad_x1_tablet_firmware *
lenovo thinkpad_x1_yoga_1st_gen_firmware *
lenovo thinkpad_yoga_11e_5th_gen_firmware *
lenovo thinkpad_e580_firmware *
lenovo thinkpad_l570_firmware *
lenovo thinkpad_x1_carbon_gen_8_firmware *
lenovo thinkpad_x1_titanium_firmware *
lenovo thinkpad_x1_yoga_3rd_gen_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_t15p_gen_1_firmware *
lenovo thinkpad_t14_gen_2_firmware *
lenovo thinkpad_e470_firmware *
lenovo thinkpad_x1_extreme_2nd_firmware *
lenovo thinkpad_t15g_gen_1_firmware *
lenovo thinkpad_x1_extreme_firmware *
lenovo thinkpad_11e_3rd_gen_firmware *
lenovo thinkpad_p17_gen_1_firmware *
lenovo thinkpad_l380_firmware *
lenovo thinkpad_p1_firmware *
lenovo thinkpad_t440p_firmware *
lenovo thinkpad_t460p_firmware *
lenovo thinkpad_e15_gen_2_firmware *
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_x13_gen_2_firmware *
lenovo thinkpad_p53_firmware *
lenovo thinkpad_l480_firmware *
lenovo thinkpad_p15_gen_1_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_25_firmware *
lenovo thinkpad_t550_firmware *
lenovo thinkpad_e14_gen_2_firmware *
lenovo thinkpad_t480s_firmware *
lenovo thinkpad_p1_gen_3_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_x1_fold_gen_1_firmware *
lenovo thinkpad_l13_yoga_gen_2_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_l13_yoga_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_e15_firmware *
lenovo thinkpad_x1_carbon_4th_gen_firmware *
lenovo thinkpad_x13_gen_1_firmware *
CVE-2021-3840 MEDIUM

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
lenovo antilles *
CVE-2021-3843 HIGH

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkpad_l380_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_s2_yoga_gen_6_firmware *
lenovo thinkpad_l15_gen_1_firmware *
lenovo thinkpad_t460_firmware *
lenovo thinkpad_11e_4th_gen_celeron_firmware *
lenovo thinkpad_l13_gen_2_firmware *
lenovo thinkpad_x12_detachable_gen_1_firmware *
lenovo thinkpad_l390_firmware *
lenovo thinkpad_11e_4th_gen_i7_firmware *
lenovo thinkpad_l14_gen_1_firmware *
lenovo thinkpad_l380_yoga_firmware *
lenovo thinkpad_l390_yoga_firmware *
lenovo thinkpad_x380_yoga_firmware *
lenovo thinkpad_11e_5th_gen_firmware *
lenovo thinkpad_l13_firmware *
lenovo thinkpad_11e_yoga_gen_6_firmware *
lenovo thinkpad_13_gen_2_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_x1_fold_gen_1_firmware *
lenovo thinkpad_l13_yoga_gen_2_firmware *
lenovo thinkpad_l15_firmware *
lenovo thinkpad_11e_4th_gen_i3_firmware *
lenovo thinkpad_l13_yoga_firmware *
lenovo thinkpad_s2_gen_6_firmware *
lenovo thinkpad_11e_3rd_gen_firmware *
lenovo thinkpad_s5_2nd_gen_firmware *
lenovo thinkpad_11e_4th_gen_i5_firmware *
CVE-2021-3849 HIGH

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@lenovo.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinksystem_d2_enclosure_firmware *
ibm nextscale_fan_power_controller_firmware *
lenovo thinkagile_vx_enclosure_firmware *
lenovo nextscale_n1200_enclosure_firmware *
CVE-2021-3897 HIGH

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
psirt@lenovo.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-288,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinksystem_d2_enclosure_firmware *
ibm nextscale_fan_power_controller_firmware *
lenovo thinkagile_vx_enclosure_firmware *
lenovo nextscale_n1200_enclosure_firmware *
CVE-2021-3922 MEDIUM

A race condition vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3 that could allow a local attacker to connect and interact with the IMController child process' named pipe.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-362,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2021-3956 MEDIUM

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,CWE-863,

Products Affected

Vendor Product Version
lenovo xclarity_controller *
CVE-2021-3969 MEDIUM

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-367,CWE-367,

Products Affected

Vendor Product Version
lenovo system_interface_foundation *
CVE-2021-3970 HIGH

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v15_g1-iml_firmware *
lenovo legion_5-15ach6h_firmware *
lenovo ideapad_gaming_3-15arh05_firmware *
lenovo s145-15ast_firmware *
lenovo v15_g2-itl_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware -
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo ideapad_5-15are05_firmware *
lenovo yoga_slim_7_pro-14ach5_firmware *
lenovo s145-15iil_firmware *
lenovo s145-14api_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo v15-ada_firmware *
lenovo legion_y545-pg0_firmware *
lenovo legion_y540-17irh-pg0_firmware *
lenovo legion_5_pro-16ach6_firmware *
lenovo legion_5-15ith6_firmware *
lenovo legion_y7000-2019_firmware *
lenovo yoga_slim_7_pro-14arh5_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_3-14ada05_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware -
lenovo ideapad_3-17ada6_firmware *
lenovo s145-14igm_firmware *
lenovo s14_g2_itl_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo legion_5-15ach6a_firmware *
lenovo yoga_7-14acn6_firmware *
lenovo v340-17iwl_firmware *
lenovo legion_7-16achg6_firmware *
lenovo s145-15igm_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo l340-15iwl_firmware *
lenovo legion_5-17ach6_firmware *
lenovo ideapad_3-15alc6_firmware *
lenovo s145-14ast_firmware *
lenovo v14-iil_firmware *
lenovo s145-14iil_firmware *
lenovo yoga_slim_9-14itl05_firmware -
lenovo ideapad_3-17itl6_firmware *
lenovo slim_7_pro-14ihu5_firmware -
lenovo ideapad_3-14itl05_firmware *
lenovo v14_g2-acl_firmware *
lenovo slim_9-14itl05_firmware -
lenovo yoga_slim_7_pro-14ach5_d_firmware *
lenovo yoga_c740-15iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo s145-15api_firmware *
lenovo v14-are_firmware *
lenovo s540-13api_firmware *
lenovo legion_5-15imh6_firmware *
lenovo yoga_c740-14iml_firmware *
lenovo ideapad_3-15ada05_firmware *
lenovo legion_s7-15ach6_firmware *
lenovo legion_5-15ach6_firmware *
lenovo v15-iil_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_3-14alc6_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-15ada6_firmware *
lenovo legion_5-17ith6_firmware *
lenovo legion_y540-15irh-pg0_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_3-17ada05_firmware *
lenovo l340-17iwl_firmware *
lenovo legion_y7000-2019-pg0_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo s540-13iml_firmware -
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_pro-14ach5_o_firmware *
lenovo l3_15iml05_firmware *
lenovo v14-ada_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_slim_7_pro-14ach5_od_firmware *
lenovo ideapad_3-14ada6_firmware *
lenovo ideapad_3-15are05_firmware *
lenovo l340-17irh_firmware *
lenovo v15_g2-alc_firmware *
lenovo legion_5-17ach6h_firmware *
lenovo l340-15irh_firmware *
lenovo legion_5_pro-16ach6h_firmware *
lenovo legion_y545_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware -
lenovo ideapad_3-14iil05_firmware *
lenovo legion_y540-17irh_firmware *
lenovo ideapad_3-17are05_firmware *
lenovo legion_y540-15irh_firmware *
lenovo yoga_c940-14iil_firmware -
lenovo ideapad_3-17alc6_firmware *
lenovo ideapad_3-14are05_firmware *
lenovo l340-15iwl_touch_firmware *
lenovo v140-15iwl_firmware *
CVE-2021-3971 MEDIUM

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-489,NVD-CWE-Other,

Products Affected

Vendor Product Version
lenovo ideapad_3-14igl05_firmware *
lenovo v14_g2-acl_firmware *
lenovo yoga_slim_7_pro-14ach5_d_firmware *
lenovo s145-15api_firmware *
lenovo v14-are_firmware *
lenovo s540-13api_firmware *
lenovo legion_5-15ach6h_firmware *
lenovo ideapad_gaming_3-15arh05_firmware *
lenovo s145-15ast_firmware *
lenovo ideapad_3-15ada05_firmware *
lenovo legion_5-15ach6_firmware *
lenovo v15-iil_firmware *
lenovo ideapad_3-14alc6_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-15ada6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo legion_5-17ith6_firmware *
lenovo ideapad_5-15are05_firmware *
lenovo legion_y540-15irh-pg0_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo s145-15iil_firmware *
lenovo s145-14api_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo ideapad_3-17ada05_firmware *
lenovo v15-ada_firmware *
lenovo l340-17iwl_firmware *
lenovo legion_y7000-2019-pg0_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo legion_y545-pg0_firmware *
lenovo v17-iil_firmware *
lenovo legion_y540-17irh-pg0_firmware *
lenovo legion_5_pro-16ach6_firmware *
lenovo legion_5-15ith6_firmware *
lenovo legion_y7000-2019_firmware *
lenovo v14-ada_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_3-14ada05_firmware *
lenovo yoga_slim_7_pro-14ach5_od_firmware *
lenovo ideapad_3-17ada6_firmware *
lenovo ideapad_3-14ada6_firmware *
lenovo ideapad_3-15are05_firmware *
lenovo l340-17irh_firmware *
lenovo v15_g2-alc_firmware *
lenovo s145-14igm_firmware *
lenovo legion_5-17ach6h_firmware *
lenovo l340-15irh_firmware *
lenovo legion_5_pro-16ach6h_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo legion_y545_firmware *
lenovo legion_5-15ach6a_firmware *
lenovo v340-17iwl_firmware *
lenovo legion_7-16achg6_firmware *
lenovo s145-15igm_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_y540-17irh_firmware *
lenovo ideapad_3-17are05_firmware *
lenovo legion_y540-15irh_firmware *
lenovo l340-15iwl_firmware *
lenovo legion_5-17ach6_firmware *
lenovo ideapad_3-15alc6_firmware *
lenovo ideapad_3-17alc6_firmware *
lenovo s145-14ast_firmware *
lenovo v14-iil_firmware *
lenovo ideapad_3-14are05_firmware *
lenovo s145-14iil_firmware *
lenovo l340-15iwl_touch_firmware *
lenovo v140-15iwl_firmware *
CVE-2021-3972 MEDIUM

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-489,NVD-CWE-Other,

Products Affected

Vendor Product Version
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v15_g1-iml_firmware *
lenovo legion_5-15ach6h_firmware *
lenovo ideapad_gaming_3-15arh05_firmware *
lenovo s145-15ast_firmware *
lenovo v15_g2-itl_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware -
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo ideapad_5-15are05_firmware *
lenovo yoga_slim_7_pro-14ach5_firmware *
lenovo s145-15iil_firmware *
lenovo s145-14api_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo v15-ada_firmware *
lenovo legion_y545-pg0_firmware *
lenovo legion_y540-17irh-pg0_firmware *
lenovo legion_5_pro-16ach6_firmware *
lenovo legion_5-15ith6_firmware *
lenovo legion_y7000-2019_firmware *
lenovo yoga_slim_7_pro-14arh5_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_3-14ada05_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware -
lenovo ideapad_3-17ada6_firmware *
lenovo s145-14igm_firmware *
lenovo s14_g2_itl_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo legion_5-15ach6a_firmware *
lenovo yoga_7-14acn6_firmware *
lenovo v340-17iwl_firmware *
lenovo legion_7-16achg6_firmware *
lenovo s145-15igm_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo l340-15iwl_firmware *
lenovo legion_5-17ach6_firmware *
lenovo ideapad_3-15alc6_firmware *
lenovo s145-14ast_firmware *
lenovo v14-iil_firmware *
lenovo s145-14iil_firmware *
lenovo yoga_slim_9-14itl05_firmware -
lenovo ideapad_3-17itl6_firmware *
lenovo slim_7_pro-14ihu5_firmware -
lenovo ideapad_3-14itl05_firmware *
lenovo v14_g2-acl_firmware *
lenovo slim_9-14itl05_firmware -
lenovo yoga_slim_7_pro-14ach5_d_firmware *
lenovo yoga_c740-15iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo s145-15api_firmware *
lenovo v14-are_firmware *
lenovo s540-13api_firmware *
lenovo legion_5-15imh6_firmware *
lenovo yoga_c740-14iml_firmware *
lenovo ideapad_3-15ada05_firmware *
lenovo legion_s7-15ach6_firmware *
lenovo legion_5-15ach6_firmware *
lenovo v15-iil_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_3-14alc6_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-15ada6_firmware *
lenovo legion_5-17ith6_firmware *
lenovo legion_y540-15irh-pg0_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_3-17ada05_firmware *
lenovo l340-17iwl_firmware *
lenovo legion_y7000-2019-pg0_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo s540-13iml_firmware -
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_pro-14ach5_o_firmware *
lenovo l3_15iml05_firmware *
lenovo v14-ada_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_slim_7_pro-14ach5_od_firmware *
lenovo ideapad_3-14ada6_firmware *
lenovo ideapad_3-15are05_firmware *
lenovo l340-17irh_firmware *
lenovo v15_g2-alc_firmware *
lenovo legion_5-17ach6h_firmware *
lenovo l340-15irh_firmware *
lenovo legion_5_pro-16ach6h_firmware *
lenovo legion_y545_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware -
lenovo ideapad_3-14iil05_firmware *
lenovo legion_y540-17irh_firmware *
lenovo ideapad_3-17are05_firmware *
lenovo legion_y540-15irh_firmware *
lenovo yoga_c940-14iil_firmware -
lenovo ideapad_3-17alc6_firmware *
lenovo ideapad_3-14are05_firmware *
lenovo l340-15iwl_touch_firmware *
lenovo v140-15iwl_firmware *
CVE-2021-4210 HIGH

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo ideacentre_c5-14imb05_firmware -
lenovo ideacentre_aio_3-22itl6_firmware -
lenovo thinkcentre_m810z_firmware -
lenovo ideacentre_aio_3-22iil5_firmware -
lenovo a540-24icb_firmware -
lenovo ideacentre_aio_3-27itl6_firmware -
lenovo thinkcentre_m800_firmware -
lenovo v540-24iwl_firmware -
lenovo thinkstation_p520_firmware -
lenovo thinkcentre_m700_tiny_firmware -
lenovo thinkcentre_x1_firmware -
lenovo thinkedge_se30_firmware -
lenovo v410z_firmware -
lenovo ideacentre_5-14imb05_firmware -
lenovo thinkcentre_m820z_firmware -
lenovo thinkcentre_m910z_firmware -
lenovo v50t-13imb_firmware -
lenovo thinkstation_p520c_firmware -
lenovo thinkstation_p310_firmware -
lenovo stadia_ggp-120_firmware -
lenovo ideacentre_aio_3-24itl6_firmware -
lenovo ideacentre_g5-14imb05_firmware -
lenovo thinkcentre_m70a_firmware -
lenovo ideacentre_aio_3-22ada6_firmware -
lenovo ideacentre_aio_3-24ada6_firmware -
lenovo thinkcentre_m900_firmware -
lenovo thinkcentre_m900x_firmware -
lenovo ideacentre_aio_3-24iil5_firmware -
lenovo thinkcentre_m75n_firmware -
lenovo thinkcentre_m90a_gen2_firmware -
lenovo a540-27icb_firmware -
lenovo thinkcentre_m700_firmware -
CVE-2021-4211 HIGH

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
lenovo v530-15icb_firmware -
lenovo a540-24icb_firmware -
lenovo a340-22ick_firmware -
lenovo ideacentre_aio_3-27itl6_firmware -
lenovo ideacentre_510s-07icb_firmware -
lenovo v540-24iwl_firmware -
lenovo a340-24ick_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware -
lenovo v30a-22iml_firmware -
lenovo thinkcentre_m710e_firmware -
lenovo a340-24icb_firmware -
lenovo thinkcentre_m910s_firmware -
lenovo thinkcentre_m90a_(gen_2)_firmware -
lenovo v410z_firmware -
lenovo se30_firmware -
lenovo thinkcentre_m820z_firmware -
lenovo v530s-07icb_firmware -
lenovo v30a-24iml_firmware -
lenovo v520s_firmware -
lenovo thinkstation_p310_firmware -
lenovo thinkcentre_m710t_firmware -
lenovo ideacentre_aio_3-24itl6_firmware -
lenovo thinkcentre_m710s_firmware -
lenovo thinkstation_p320_firmware -
lenovo thinkcentre_m600_firmware -
lenovo ideacentre_aio_3-24ada6_firmware -
lenovo thinkcentre_m900_firmware -
lenovo thinkcentre_m900x_firmware -
lenovo thinkcentre_m75n_firmware -
lenovo v50t-13iob_g2_firmware -
lenovo thinkcentre_m720e_firmware -
lenovo v520_firmware -
lenovo ideacentre_aio_3-22itl6_firmware -
lenovo thinkcentre_m810z_firmware -
lenovo ideacentre_aio_3-22iil5_firmware -
lenovo thinkcentre_m710q_(10yc)_firmware -
lenovo a340-22icb_firmware -
lenovo thinkcentre_m800_firmware -
lenovo ideacentre_510s-07ick_firmware -
lenovo thinkcentre_m700_tiny_firmware -
lenovo thinkcentre_m910q_firmware -
lenovo thinkcentre_m710q_firmware -
lenovo v530s-07icr_firmware -
lenovo v530-15icr_firmware -
lenovo thinkcentre_m910t_firmware -
lenovo ideacentre_5-14iob6_firmware -
lenovo thinkcentre_m70a_firmware -
lenovo ideacentre_aio_3-22ada6_firmware -
lenovo thinkcentre_m910x_firmware -
lenovo thinkstation_p320_tiny_firmware -
lenovo ideacentre_aio_3-24iil5_firmware -
lenovo a540-27icb_firmware -
lenovo ideacentre_creator_5-14iob6_firmware -
CVE-2021-4212 HIGH

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
lenovo ideapad_3-15are05_firmware -
lenovo slim_7-15iil05_firmware -
lenovo c340-15iml_firmware -
lenovo yoga_slim_7-15itl05_firmware -
lenovo legion_y7000-2019-pg0_firmware -
lenovo legion_y540-15irh_firmware -
lenovo duet_3-10igl5_firmware -
lenovo legion_y540-15irh-pg0_firmware -
lenovo flex-14iml_firmware -
lenovo ideapad_5_pro-14acn6_firmware -
lenovo yoga_slim_7-14iil05_firmware -
lenovo ideapad_5_pro-14itl6_firmware -
lenovo slim_7-15imh05_firmware -
lenovo v140-15iwl_firmware -
lenovo v340-17iwl_firmware -
lenovo ideapad_5-15itl05_firmware -
lenovo ideapad_gaming_3-15arh05_firmware -
lenovo thinkbook_13x_itg_firmware -
lenovo flex-15iml_firmware -
lenovo ideapad_5-14are05_firmware -
lenovo s540-14iml_touch_firmware -
lenovo thinkbook_14_g3_itl_firmware -
lenovo yoga_creator_7-15imh05_firmware -
lenovo l340-17irh_firmware -
lenovo l340-15iwl_firmware -
lenovo slim_7-15itl05_firmware -
lenovo yoga_slim_7_carbon_13itl5_firmware -
lenovo ideapad_3-17are05_firmware -
lenovo s340-13iml_firmware -
lenovo legion_y7000-2019_firmware -
lenovo l340-17iwl_firmware -
lenovo legion_y540-17irh-pg0_firmware -
lenovo yoga_slim_7-15iil05_firmware -
lenovo ideapad_5_pro-16ihu6_firmware -
lenovo ideapad_gaming_3-15imh05_firmware -
lenovo thinkbook_plus_g2_itg_firmware -
lenovo slim_7-14are05_firmware -
lenovo legion_y540-17irh_firmware -
lenovo ideapad_gaming_3-15ach6_firmware -
lenovo legion_y545-pg0_firmware -
lenovo l340-15irh_firmware -
lenovo ideapad_3-14are05_firmware -
lenovo ideapad_creator_5-15imh05_firmware -
lenovo e41-50_firmware -
lenovo s340-14api_firmware -
lenovo slim_7-14itl05_firmware -
lenovo s340-15api_firmware -
lenovo s340-15iml_firmware -
lenovo legion_y545_firmware -
lenovo yoga_slim_7-14are05_firmware -
lenovo s340-14iml_firmware -
lenovo ideapad_5-14alc05_firmware -
lenovo l340-15iwl_touch_firmware -
lenovo s540-14iml_firmware -
lenovo c340-14iml_firmware -
lenovo yoga_6-13alc6_firmware -
lenovo s540-15iml_firmware -
lenovo yoga_slim_7-14itl05_firmware -
lenovo v14-are_firmware -
lenovo s340-15api_touch_firmware -
lenovo d330-10igm_firmware -
lenovo yoga_slim_7-15imh05_firmware -
CVE-2021-42205

ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufacturers, allows local users to cause a system crash by sending a certain IOCTL request, because that request is handled twice.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.0 3.6

Products Affected

Vendor Product Version
lenovo elan_miniport_touchpad_driver *
CVE-2021-42848 MEDIUM

An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,CWE-862,

Products Affected

Vendor Product Version
lenovo t2pro_firmware *
lenovo x1_firmware *
lenovo t1_firmware *
lenovo a1_firmware *
lenovo t2_firmware *
CVE-2021-42849 MEDIUM

A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-287,

Products Affected

Vendor Product Version
lenovo t2pro_firmware *
lenovo x1_firmware *
lenovo t1_firmware *
lenovo a1_firmware *
lenovo t2_firmware *
CVE-2021-42850 MEDIUM

A weak default administrator password for the web interface and serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical or local network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
lenovo t2pro_firmware *
lenovo x1_firmware *
lenovo t1_firmware *
lenovo a1_firmware *
lenovo t2_firmware *
CVE-2021-42851 MEDIUM

A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.8 3.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo t2pro_firmware *
lenovo x1_firmware *
lenovo t1_firmware *
lenovo a1_firmware *
lenovo t2_firmware *
CVE-2021-42852 HIGH

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
lenovo t2pro_firmware *
lenovo x1_firmware *
lenovo t1_firmware *
lenovo a1_firmware *
lenovo t2_firmware *
CVE-2022-0192 MEDIUM

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,CWE-427,

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2022-0353

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
lenovo hardwarescan_addin *
lenovo diagnostics *
lenovo hardwarescan_plugin *
CVE-2022-0354 HIGH

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2022-0636 MEDIUM

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 1.3 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
lenovo thin_installer *
CVE-2022-1107 HIGH

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,CWE-269,

Products Affected

Vendor Product Version
lenovo thinkpad_w540_firmware *
lenovo thinkpad_x1_tablet_gen_2_firmware *
lenovo thinkpad_s540_firmware *
lenovo thinkpad_x1_carbon_5th_gen_skylake_firmware *
lenovo thinkpad_x1_yoga_gen_3_firmware *
lenovo thinkpad_11e_firmware *
lenovo thinkpad_x280_firmware *
lenovo thinkpad_p52s_firmware *
lenovo thinkpad_t560_firmware *
lenovo thinkpad_t570_firmware *
lenovo thinkpad_11e_yoga_firmware *
lenovo thinkpad_x390_firmware *
lenovo thinkpad_l560_firmware *
lenovo thinkpad_l570_firmware *
lenovo thinkpad_t550_firmware *
lenovo thinkpad_x1_carbon_5th_gen_kabylake_firmware *
lenovo thinkpad_p51s_firmware *
lenovo thinkpad_x1_yoga_gen_2_firmware *
lenovo thinkpad_t580_firmware *
lenovo thinkpad_w541_firmware *
lenovo thinkpad_x250_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_yoga_15_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_x1_yoga_firmware *
lenovo thinkpad_x1_tablet_gen_1_firmware *
lenovo thinkpad_x1_carbon_3rd_gen_firmware *
lenovo thinkpad_x1_carbon_4th_gen_firmware *
lenovo thinkpad_helix_firmware *
lenovo thinkpad_w550s_firmware *
CVE-2022-1108 HIGH

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-20,CWE-269,

Products Affected

Vendor Product Version
lenovo thinkpad_x1_fold_gen_1_firmware *
CVE-2022-1109

An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.

Products Affected

Vendor Product Version
lenovo leyun *
CVE-2022-1110 MEDIUM

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-120,

Products Affected

Vendor Product Version
lenovo smart_standby_driver *
CVE-2022-1513

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2022-1890

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Products Affected

Vendor Product Version
lenovo thinkbook_14-iml_firmware *
lenovo thinkbook_14-iil_firmware *
lenovo thinkbook_15-iml_firmware *
lenovo thinkbook_15-iil_firmware *
lenovo yoga_c640-13iml_lte_firmware *
lenovo yoga_c640-13iml_firmware *
CVE-2022-1891

A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Products Affected

Vendor Product Version
lenovo thinkbook_14-iml_firmware *
lenovo thinkbook_14-iil_firmware *
lenovo thinkbook_15-iml_firmware *
lenovo thinkbook_15-iil_firmware *
lenovo yoga_c640-13iml_lte_firmware *
lenovo yoga_c640-13iml_firmware *
CVE-2022-1892

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

Products Affected

Vendor Product Version
lenovo flex_5-14alc05_firmware *
lenovo yoga_c640-13iml_lte_firmware *
lenovo flex_5-14are05_firmware *
lenovo s145-15api_firmware *
lenovo ideapad_1-14ada05_firmware *
lenovo s540-13api_firmware *
lenovo flex_5-14iil05_firmware *
lenovo yoga_9-15imh5_firmware *
lenovo legion_s7-15imh5_firmware *
lenovo ideapad_1-11ada05_firmware *
lenovo flex_5-15iil05_firmware *
lenovo s145-15ast_firmware *
lenovo thinkbook_14-iml_firmware *
lenovo ideapad_1-14igl05_firmware *
lenovo ideapad_3-15ada05_firmware *
lenovo legion_s7-15ach6_firmware *
lenovo thinkbook_13s_g2_are_firmware *
lenovo ideapad_3-14alc6_firmware *
lenovo ideapad_3-15ada6_firmware *
lenovo thinkbook_15-iml_firmware *
lenovo 100e_2nd_gen_firmware *
lenovo ideapad_slim_1-14ast-05_firmware *
lenovo yoga_slim_7_pro-14ach5_firmware *
lenovo s145-14api_firmware *
lenovo thinkbook_16p_g2_ach_firmware *
lenovo ideapad_3-17ada05_firmware *
lenovo thinkbook_15-iil_firmware *
lenovo v15-ada_firmware *
lenovo flex_5-14itl05_firmware *
lenovo flex_5-15itl05_firmware *
lenovo ideapad_1-11igl05_firmware *
lenovo 500w_gen_3_firmware *
lenovo yoga_s940-14iil_firmware *
lenovo thinkbook_14s-iml_firmware *
lenovo yoga_slim_7_pro-14ach5_o_firmware *
lenovo v14-ada_firmware *
lenovo thinkbook_14s_g2_itl_firmware *
lenovo yoga_c940-15irh_firmware *
lenovo yoga_slim_7_pro-14arh5_firmware *
lenovo 100w_gen_3_firmware *
lenovo ideapad_5_15aba7_firmware *
lenovo 14w_gen_2_firmware *
lenovo ideapad_3-14ada05_firmware *
lenovo yoga_s730-13iml_firmware *
lenovo flex_3-11ada05_firmware *
lenovo ideapad_3-17ada6_firmware *
lenovo ideapad_3-14ada6_firmware *
lenovo 300w_gen_3_firmware *
lenovo v15_g2-alc_firmware *
lenovo ideapad_5-15alc05_firmware *
lenovo ideapad_flex_5_16alc7_firmware *
lenovo ideapad_flex_5_14alc7_firmware *
lenovo thinkbook_13s_g3_acn_firmware *
lenovo 730s-13iml_firmware *
lenovo flex_5-15alc05_firmware *
lenovo ideapad_slim_1-11ast-05_firmware *
lenovo yoga_c640-13iml_firmware *
lenovo 300e_2nd_gen_firmware *
lenovo thinkbook_13s_g2_itl_firmware *
lenovo 13w_yoga_firmware *
lenovo thinkbook_14p_g2_ach_firmware *
lenovo legion_s7-15arh5_firmware *
lenovo thinkbook_13s-iml_firmware *
lenovo thinkbook_14-iil_firmware *
lenovo ideapad_3-15alc6_firmware *
lenovo ideapad_3-17alc6_firmware *
lenovo s145-14ast_firmware *
lenovo ideapad_s940-14iil_firmware *
lenovo v130-15ikb_firmware *
lenovo v14_g2-alc_firmware *
CVE-2022-3429

A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
lenovo gm266dns_firmware *
lenovo g263dns_firmware *
lenovo gm265dn_firmware -
CVE-2022-3430

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Products Affected

Vendor Product Version
lenovo thinkbook_15_g3_acl_firmware *
lenovo yoga_duet_7-13itl6_firmware *
lenovo ideapad_duet_3_10igl5_firmware *
lenovo thinkbook_14_g4+_ara_firmware *
lenovo thinkbook_15_g2_itl_firmware *
lenovo thinkbook_14_g4+_iap_firmware *
lenovo thinkbook_14p_g3_arh_firmware *
lenovo yoga_slim_7_pro_16arh7_firmware *
lenovo thinkbook_16_g4+_iap_firmware *
lenovo slim_7-15imh05_firmware *
lenovo thinkbook_15_g3_itl_firmware *
lenovo ideapad_slim_7-14itl05_firmware *
lenovo thinkbook_16p_g3_arh_firmware *
lenovo slim_7-14are05_firmware *
lenovo ideapad_slim_7-14iil05_firmware *
lenovo thinkbook_14_g2_itl_firmware *
lenovo ideapad_5_pro_16arh7_firmware *
lenovo thinkbook_14s_yoga_itl_firmware *
lenovo thinkbook_13x_itg_firmware *
lenovo thinkbook_16_g4+_ara_firmware *
lenovo yoga_slim_7-15imh05_firmware *
lenovo thinkbook_plus_g2_itg_firmware *
lenovo yoga_slim_7-14iil05_firmware *
lenovo slim_7_16arh7_firmware *
lenovo d330-10igl_firmware *
lenovo thinkbook_15_gd_aba_firmware *
lenovo yoga_duet_7-13itl6-lte_firmware *
lenovo yoga_slim_7-15iil05_firmware *
lenovo thinkbook_16p_nx_arh_firmware *
lenovo thinkbook_14_g3_acl_firmware *
lenovo yoga_slim_7-14are05_firmware *
lenovo ideapad_slim_7-15iil05_firmware *
lenovo thinkbook_14_g3_itl_firmware *
lenovo thinkbook_14_g2_are_firmware *
lenovo yoga_slim_7-15itl05_firmware *
lenovo slim_7-15itl05_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo thinkbook_plus_g3_iap_firmware *
lenovo thinkbook_15p_imp_firmware *
lenovo thinkbook_15_g2_are_firmware *
lenovo yoga_duet_7-13iml05_firmware *
lenovo yoga_slim_7-14itl05_firmware *
lenovo ideapad_5_pro_16iah7_firmware *
lenovo yoga_creator_7-15imh05_firmware *
CVE-2022-3431

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo yoga_duet_7-13itl6_firmware *
lenovo ideapad_duet_3_10igl5_firmware *
lenovo thinkbook_14_g4+_ara_firmware *
lenovo thinkbook_14_g4+_iap_firmware *
lenovo ideapad_slim_7_pro_16ach6_firmware *
lenovo yoga_slim_7_pro_16arh7_firmware *
lenovo thinkbook_16_g4+_iap_firmware *
lenovo yoga_slim_7_carbon_13itl5_firmware *
lenovo yoga_slim_7-13acn05_firmware *
lenovo ideapad_5_pro_16arh7_firmware *
lenovo ideapad_5_pro-16ihu6_firmware *
lenovo thinkbook_13x_itg_firmware *
lenovo thinkbook_16_g4+_ara_firmware *
lenovo thinkbook_plus_g2_itg_firmware *
lenovo slim_7_16arh7_firmware *
lenovo d330-10igl_firmware *
lenovo yoga_duet_7-13itl6-lte_firmware *
lenovo ideapad_5_pro-16ach6_firmware *
lenovo thinkbook_16p_nx_arh_firmware *
lenovo yoga_slim_7_pro_16ach6_firmware *
lenovo thinkbook_plus_g3_iap_firmware *
lenovo s540-15iml_firmware *
lenovo yoga_duet_7-13iml05_firmware *
lenovo ideapad_creator_5-16ach6_firmware *
lenovo yoga_slim_7-13itl05_firmware *
CVE-2022-3432

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Products Affected

Vendor Product Version
lenovo ideapad_y700-14isk_firmware -
CVE-2022-34884

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinkagile_vx_1se_certified_node_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinksystem_sd650_dwc_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkedge_se450_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_mx1021_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2022-34886

A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
lenovo gm266dns_firmware *
lenovo g263dns_firmware *
lenovo gm265dn_firmware -
CVE-2022-34887

Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
lenovo gm266dns_firmware *
lenovo g263dns_firmware *
lenovo gm265dn_firmware -
CVE-2022-34888

The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinkagile_vx_1se_certified_node_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinksystem_sd650_dwc_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkedge_se450_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_mx1021_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2022-3611

An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@lenovo.com 7.6 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
lenovo app_store_app *
CVE-2022-3698

A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6

Products Affected

Vendor Product Version
lenovo diagnostics *
lenovo hardwarescan_plugin *
CVE-2022-3699

A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo hardwarescan_addin *
lenovo diagnostics *
lenovo hardwarescan_plugin *
CVE-2022-3700

A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 1.8 4.2
nvd@nist.gov 6.3 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H 1.0 5.2

Products Affected

Vendor Product Version
lenovo hardware_scan_plugin *
lenovo hardware_scan_addin *
lenovo system_update_plugin *
CVE-2022-3701

A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo hardware_scan_plugin *
lenovo hardware_scan_addin *
lenovo system_update_plugin *
CVE-2022-3702

A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L 1.8 4.2

Products Affected

Vendor Product Version
lenovo hardware_scan_plugin *
lenovo hardware_scan_addin *
lenovo system_update_plugin *
CVE-2022-3728

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

Products Affected

Vendor Product Version
lenovo thinkpad_x13_gen_3_firmware *
lenovo thinkpad_t14s_gen_3_firmware *
CVE-2022-3742

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo ideapad_3-14itl05_firmware *
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v17_g3_iap_firmware *
lenovo v15_g1-iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo legion_5_15iah7h_firmware *
lenovo legion_5-15imh6_firmware *
lenovo s540-13itl_firmware *
lenovo slim_7_prox_14iah7_firmware *
lenovo v15_g2-itl_firmware *
lenovo legion_5-17imh05h_firmware *
lenovo yoga_slim_7_pro_14iah7_firmware *
lenovo v14_g3_iap_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo legion_5-15imh05_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_1-14ijl7_firmware *
lenovo yoga_7_16iap7_firmware *
lenovo ideapad_3_15iau7_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo slim_9-14itl05_firmware *
lenovo legion_5-17ith6_firmware *
lenovo slim_9_14iap7_firmware *
lenovo ideapad_5_15ial7_firmware *
lenovo yoga_slim_7_prox_14iah7_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_1-15ijl7_firmware *
lenovo legion_7_16iax7_firmware *
lenovo ideapad_1_15iau7_firmware *
lenovo legion_5p-15imh05h_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo legion_5_15iah7_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo ideapad_3_17iau7_firmware *
lenovo legion_5p-15imh05_firmware *
lenovo yoga_7-14itl5_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo legion_5-15ith6_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_carbon_13iap7_firmware *
lenovo ideapad_5-15itl05_firmware *
lenovo yoga_slim_7_pro_14iap7_firmware *
lenovo s14_g3_iap_firmware *
lenovo yoga_9_14iap7_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_1_14iau7_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_7_16iah7_firmware *
lenovo yoga_7-15itl5_firmware *
lenovo yoga_slim_9_14iap7_firmware *
lenovo v15_g2_ijl_firmware *
lenovo v15_g3_iap_firmware *
lenovo ideapad_1_14igl7_firmware *
lenovo s14_g2_itl_firmware *
lenovo ideapad_1_15igl7_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5-15imh05h_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo ideapad_3_14iau7_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware *
lenovo yoga_slim_9-14itl05_firmware *
lenovo legion_5-17imh05_firmware *
lenovo legion_5_pro_16iah7h_firmware *
lenovo slim_7_14iap7_firmware *
lenovo yoga_7_14ial7_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_5_pro_16iah7_firmware *
lenovo l3-15iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo thinkbook_15p_imh_firmware *
lenovo slim_7_carbon_13iap7_firmware *
lenovo v14_g2_ijl_firmware *
lenovo ideapad_3-17itl6_firmware *
CVE-2022-3743

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo ideapad_3-14itl05_firmware *
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v17_g3_iap_firmware *
lenovo v15_g1-iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo legion_5_15iah7h_firmware *
lenovo legion_5-15imh6_firmware *
lenovo s540-13itl_firmware *
lenovo slim_7_prox_14iah7_firmware *
lenovo v15_g2-itl_firmware *
lenovo legion_5-17imh05h_firmware *
lenovo yoga_slim_7_pro_14iah7_firmware *
lenovo v14_g3_iap_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo legion_5-15imh05_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_1-14ijl7_firmware *
lenovo yoga_7_16iap7_firmware *
lenovo ideapad_3_15iau7_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo slim_9-14itl05_firmware *
lenovo legion_5-17ith6_firmware *
lenovo slim_9_14iap7_firmware *
lenovo ideapad_5_15ial7_firmware *
lenovo yoga_slim_7_prox_14iah7_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_1-15ijl7_firmware *
lenovo legion_7_16iax7_firmware *
lenovo ideapad_1_15iau7_firmware *
lenovo legion_5p-15imh05h_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo legion_5_15iah7_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo ideapad_3_17iau7_firmware *
lenovo legion_5p-15imh05_firmware *
lenovo yoga_7-14itl5_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo legion_5-15ith6_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_carbon_13iap7_firmware *
lenovo ideapad_5-15itl05_firmware *
lenovo yoga_slim_7_pro_14iap7_firmware *
lenovo s14_g3_iap_firmware *
lenovo yoga_9_14iap7_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_1_14iau7_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_7_16iah7_firmware *
lenovo yoga_7-15itl5_firmware *
lenovo yoga_slim_9_14iap7_firmware *
lenovo v15_g2_ijl_firmware *
lenovo v15_g3_iap_firmware *
lenovo ideapad_1_14igl7_firmware *
lenovo s14_g2_itl_firmware *
lenovo ideapad_1_15igl7_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5-15imh05h_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo ideapad_3_14iau7_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware *
lenovo yoga_slim_9-14itl05_firmware *
lenovo legion_5-17imh05_firmware *
lenovo legion_5_pro_16iah7h_firmware *
lenovo slim_7_14iap7_firmware *
lenovo yoga_7_14ial7_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_5_pro_16iah7_firmware *
lenovo l3-15iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo thinkbook_15p_imh_firmware *
lenovo slim_7_carbon_13iap7_firmware *
lenovo v14_g2_ijl_firmware *
lenovo ideapad_3-17itl6_firmware *
CVE-2022-3744

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo ideapad_3-14itl05_firmware *
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v17_g3_iap_firmware *
lenovo v15_g1-iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo legion_5_15iah7h_firmware *
lenovo legion_5-15imh6_firmware *
lenovo s540-13itl_firmware *
lenovo slim_7_prox_14iah7_firmware *
lenovo v15_g2-itl_firmware *
lenovo legion_5-17imh05h_firmware *
lenovo yoga_slim_7_pro_14iah7_firmware *
lenovo v14_g3_iap_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo legion_5-15imh05_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_1-14ijl7_firmware *
lenovo yoga_7_16iap7_firmware *
lenovo ideapad_3_15iau7_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo slim_9-14itl05_firmware *
lenovo legion_5-17ith6_firmware *
lenovo slim_9_14iap7_firmware *
lenovo ideapad_5_15ial7_firmware *
lenovo yoga_slim_7_prox_14iah7_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_1-15ijl7_firmware *
lenovo legion_7_16iax7_firmware *
lenovo ideapad_1_15iau7_firmware *
lenovo legion_5p-15imh05h_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo legion_5_15iah7_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo ideapad_3_17iau7_firmware *
lenovo legion_5p-15imh05_firmware *
lenovo yoga_7-14itl5_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo legion_5-15ith6_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_carbon_13iap7_firmware *
lenovo ideapad_5-15itl05_firmware *
lenovo yoga_slim_7_pro_14iap7_firmware *
lenovo s14_g3_iap_firmware *
lenovo yoga_9_14iap7_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_1_14iau7_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_7_16iah7_firmware *
lenovo yoga_7-15itl5_firmware *
lenovo yoga_slim_9_14iap7_firmware *
lenovo v15_g2_ijl_firmware *
lenovo v15_g3_iap_firmware *
lenovo ideapad_1_14igl7_firmware *
lenovo s14_g2_itl_firmware *
lenovo ideapad_1_15igl7_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5-15imh05h_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo ideapad_3_14iau7_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware *
lenovo yoga_slim_9-14itl05_firmware *
lenovo legion_5-17imh05_firmware *
lenovo legion_5_pro_16iah7h_firmware *
lenovo slim_7_14iap7_firmware *
lenovo yoga_7_14ial7_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_5_pro_16iah7_firmware *
lenovo l3-15iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo thinkbook_15p_imh_firmware *
lenovo slim_7_carbon_13iap7_firmware *
lenovo v14_g2_ijl_firmware *
lenovo ideapad_3-17itl6_firmware *
CVE-2022-3745

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo ideapad_3-14itl05_firmware *
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v17_g3_iap_firmware *
lenovo v15_g1-iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo legion_5_15iah7h_firmware *
lenovo legion_5-15imh6_firmware *
lenovo s540-13itl_firmware *
lenovo slim_7_prox_14iah7_firmware *
lenovo v15_g2-itl_firmware *
lenovo legion_5-17imh05h_firmware *
lenovo yoga_slim_7_pro_14iah7_firmware *
lenovo v14_g3_iap_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo legion_5-15imh05_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_1-14ijl7_firmware *
lenovo yoga_7_16iap7_firmware *
lenovo ideapad_3_15iau7_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo slim_9-14itl05_firmware *
lenovo legion_5-17ith6_firmware *
lenovo slim_9_14iap7_firmware *
lenovo ideapad_5_15ial7_firmware *
lenovo yoga_slim_7_prox_14iah7_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_1-15ijl7_firmware *
lenovo legion_7_16iax7_firmware *
lenovo ideapad_1_15iau7_firmware *
lenovo legion_5p-15imh05h_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo legion_5_15iah7_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo ideapad_3_17iau7_firmware *
lenovo legion_5p-15imh05_firmware *
lenovo yoga_7-14itl5_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo legion_5-15ith6_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_carbon_13iap7_firmware *
lenovo ideapad_5-15itl05_firmware *
lenovo yoga_slim_7_pro_14iap7_firmware *
lenovo s14_g3_iap_firmware *
lenovo yoga_9_14iap7_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_1_14iau7_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_7_16iah7_firmware *
lenovo yoga_7-15itl5_firmware *
lenovo yoga_slim_9_14iap7_firmware *
lenovo v15_g2_ijl_firmware *
lenovo v15_g3_iap_firmware *
lenovo ideapad_1_14igl7_firmware *
lenovo s14_g2_itl_firmware *
lenovo ideapad_1_15igl7_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5-15imh05h_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo ideapad_3_14iau7_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware *
lenovo yoga_slim_9-14itl05_firmware *
lenovo legion_5-17imh05_firmware *
lenovo legion_5_pro_16iah7h_firmware *
lenovo slim_7_14iap7_firmware *
lenovo yoga_7_14ial7_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_5_pro_16iah7_firmware *
lenovo l3-15iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo thinkbook_15p_imh_firmware *
lenovo slim_7_carbon_13iap7_firmware *
lenovo v14_g2_ijl_firmware *
lenovo ideapad_3-17itl6_firmware *
CVE-2022-3746

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo ideapad_3-14itl05_firmware *
lenovo ideapad_3-15iml05_firmware *
lenovo ideapad_3-14igl05_firmware *
lenovo v17_g3_iap_firmware *
lenovo v15_g1-iml_firmware *
lenovo v14_g2-itl_firmware *
lenovo legion_5_15iah7h_firmware *
lenovo legion_5-15imh6_firmware *
lenovo s540-13itl_firmware *
lenovo slim_7_prox_14iah7_firmware *
lenovo v15_g2-itl_firmware *
lenovo legion_5-17imh05h_firmware *
lenovo yoga_slim_7_pro_14iah7_firmware *
lenovo v14_g3_iap_firmware *
lenovo ideapad_5-15iil05_firmware *
lenovo ideapad_3-15itl6_firmware *
lenovo legion_5-15imh05_firmware *
lenovo ideapad_3-14iml05_firmware *
lenovo ideapad_1-14ijl7_firmware *
lenovo yoga_7_16iap7_firmware *
lenovo ideapad_3_15iau7_firmware *
lenovo l3-15itl6_firmware *
lenovo ideapad_3-17iil05_firmware *
lenovo legion_5-15ith6h_firmware *
lenovo slim_9-14itl05_firmware *
lenovo legion_5-17ith6_firmware *
lenovo slim_9_14iap7_firmware *
lenovo ideapad_5_15ial7_firmware *
lenovo yoga_slim_7_prox_14iah7_firmware *
lenovo legion_7-16ithg6_firmware *
lenovo ideapad_1-15ijl7_firmware *
lenovo legion_7_16iax7_firmware *
lenovo ideapad_1_15iau7_firmware *
lenovo legion_5p-15imh05h_firmware *
lenovo ideapad_3-14itl6_firmware *
lenovo ideapad_gaming_3-15imh05_firmware *
lenovo legion_5-17ith6h_firmware *
lenovo legion_5_15iah7_firmware *
lenovo thinkbook_15p_g2_ith_firmware *
lenovo ideapad_3_17iau7_firmware *
lenovo legion_5p-15imh05_firmware *
lenovo yoga_7-14itl5_firmware *
lenovo yoga_slim_7_pro-14itl5_firmware *
lenovo yoga_slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15igl05_firmware *
lenovo slim_7_pro-14ihu5_firmware *
lenovo ideapad_3-15iil05_firmware *
lenovo v17-iil_firmware *
lenovo legion_5-15ith6_firmware *
lenovo v14_g1-iml_firmware *
lenovo yoga_slim_7_carbon_13iap7_firmware *
lenovo ideapad_5-15itl05_firmware *
lenovo yoga_slim_7_pro_14iap7_firmware *
lenovo s14_g3_iap_firmware *
lenovo yoga_9_14iap7_firmware *
lenovo v14-igl_firmware *
lenovo v15-igl_firmware *
lenovo ideapad_1_14iau7_firmware *
lenovo ideapad_3-15itl05_firmware *
lenovo yoga_7_16iah7_firmware *
lenovo yoga_7-15itl5_firmware *
lenovo yoga_slim_9_14iap7_firmware *
lenovo v15_g2_ijl_firmware *
lenovo v15_g3_iap_firmware *
lenovo ideapad_1_14igl7_firmware *
lenovo s14_g2_itl_firmware *
lenovo ideapad_1_15igl7_firmware *
lenovo legion_5_pro-16ith6_firmware *
lenovo ideapad_creator_5-15imh05_firmware *
lenovo legion_5-15imh05h_firmware *
lenovo legion_5_pro-16ith6h_firmware *
lenovo ideapad_3_14iau7_firmware *
lenovo yoga_slim_7_pro-14ihu5_o_firmware *
lenovo yoga_slim_9-14itl05_firmware *
lenovo legion_5-17imh05_firmware *
lenovo legion_5_pro_16iah7h_firmware *
lenovo slim_7_14iap7_firmware *
lenovo yoga_7_14ial7_firmware *
lenovo ideapad_3-17iml05_firmware *
lenovo ideapad_3-14iil05_firmware *
lenovo legion_5_pro_16iah7_firmware *
lenovo l3-15iml05_firmware *
lenovo v17_g2-itl_firmware *
lenovo thinkbook_15p_imh_firmware *
lenovo slim_7_carbon_13iap7_firmware *
lenovo v14_g2_ijl_firmware *
lenovo ideapad_3-17itl6_firmware *
CVE-2022-40134

An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

Products Affected

Vendor Product Version
lenovo thinkagile_vx2330_firmware afe118m
lenovo thinkpad_x390_yoga_firmware n2let88w
lenovo thinkpad_p1_gen_1_firmware n2eet56w
lenovo ideacentre_3_07iab7_firmware m49kt1da
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo ideacentre_510s-07ick_firmware m30kt26a
lenovo thinkagile_vx_2u_firmware ive178i
lenovo ideacentre_5-14acn6_firmware o5ekt21a
lenovo thinkserver_rd650_firmware 5.05.0
lenovo thinkagile_mx3520_f_firmware ive178i
lenovo thinkstation_p520_firmware s03kt55a
lenovo thinkpad_x1_carbon_7th_gen_firmware n2het66w
lenovo thinkcentre_m625q_firmware m3skt21a
lenovo thinkcentre_m75t_gen_2_firmware m46kt2da
lenovo thinkagile_vx3520-g_firmware ive178i
lenovo thinkagile_hx3320_firmware ive178i
lenovo thinksystem_sr850p_firmware tee178i
lenovo v50a-22imb_firmware m36kt28a
lenovo thinkcentre_m80t_firmware m1ckt49a
lenovo thinkagile_vx1320_firmware ise130e
lenovo thinkcentre_m75t_gen_2_firmware m47kt24a
lenovo thinkagile_hx3376_firmware d8e128f
lenovo thinkpad_p72_firmware n2cet61w
lenovo thinksystem_sr850_firmware tee178i
lenovo thinkpad_l13_firmware r15et51w
lenovo thinkpad_t15_firmware n2xet33w
lenovo thinkpad_x12_detachable_gen_1_firmware r1get43w
lenovo ideacentre_510s-07icb_firmware m22kt48a
lenovo thinkagile_hx5521-c_firmware ive178i
lenovo thinksystem_sr590_firmware tee178i
lenovo thinkagile_vx_2u4n_firmware tee178i
lenovo thinksystem_sr570_firmware tee178i
lenovo thinkagile_hx7531_firmware afe118m
lenovo thinkagile_hx2320_firmware ive178i
lenovo thinkagile_hx7520_firmware ive178i
lenovo thinkagile_mx3530-h_firmware afe118m
lenovo thinkstation_p320_tiny_firmware m1akt56a
lenovo thinksystem_sr530_firmware tee178i
lenovo yta8900f_firmware fwktbaa
lenovo thinksystem_sr550_firmware tee178i
lenovo thinksystem_dx8200d_firmware ive178i
lenovo thinkserver_sd350_firmware 5.05.0
lenovo thinkpad_l390_yoga_firmware r10et51w
lenovo thinkpad_p43s_firmware n2iet98w
lenovo thinkpad_x1_yoga_4th_gen_firmware n2het66w
lenovo thinkagile_vx7520_n_firmware ive178i
lenovo thinksystem_sr630_firmware ive178i
lenovo thinkpad_t490s_firmware n2jet97w
lenovo thinksystem_sr670_v2_firmware u8e118m
lenovo thinkcentre_m910s_firmware m1akt56a
lenovo thinkpad_x1_carbon_8th_gen_firmware n2wet32w
lenovo thinkcentre_m70q_gen_3_firmware m3jkt34a
lenovo thinkcentre_m710s_firmware m1akt56a
lenovo v520s_firmware m16kt68a
lenovo thinkagile_vx3320_firmware ive178i
lenovo thinkagile_hx2331_firmware afe118m
lenovo thinkcentre_m90q_gen_2_firmware m2wkt57a
lenovo thinkpad_p73_firmware n2net49w
lenovo ideacentre_c5-14imb05_firmware o4hkt38a
lenovo thinkcentre_m6600s_firmware fwktbaa
lenovo thinkagile_hx5521_firmware ive178i
lenovo ideacentre_5-14imb05_firmware o4hkt38a
lenovo thinksystem_hr610x_firmware hr6n0661
lenovo thinkagile_mx_certified_node_-_all_flash_firmware ive178i
lenovo thinkpad_l15_gen_2_firmware r1jet53w
lenovo thinkagile_hx3330_firmware afe118m
lenovo thinkpad_x13_yoga_gen_1_firmware n2uet58w
lenovo thinkcentre_e75t_firmware m16kt68a
lenovo thinkagile_vx2320_firmware ive178i
lenovo thinkpad_x1_yoga_5th_gen_firmware n2wet32w
lenovo thinkpad_t490_firmware n2iet98w
lenovo thinkcentre_m820z_all-in-one_firmware m2rkt52a
lenovo thinkpad_x13_firmware n2yet34w
lenovo thinkpad_p17_gen_1_firmware n30et43w
lenovo thinkagile_hx3375_firmware d8e128f
lenovo thinkagile_hx3321_firmware ive178i
lenovo thinkagile_hx7530_firmware afe118m
lenovo thinkcentre_m75t_gen_2_firmware m3akt44a
lenovo thinksystem_sr650_v2_firmware afe118m
lenovo thinkpad_x1_carbon_7th_gen_firmware n2qet44w
lenovo thinkagile_vx_1u_firmware ive178i
lenovo thinkcentre_m75t_gen_2_firmware m3bkt29a
lenovo thinkpad_x13_gen_2_firmware n35et43w
lenovo thinkpad_l14_gen_2_firmware r1jet53w
lenovo thinkcentre_m70t_gen_3_firmware m2tkt50a
lenovo n4610_storage_firmware 5.05.0
lenovo thinkcentre_m70s_gen_3_firmware m2tkt50a
lenovo thinkagile_mx_certified_node_-_hybrid_firmware ive178i
lenovo thinkagile_hx5531_firmware afe118m
lenovo thinkagile_hx3521-g_firmware ive178i
lenovo thinkpad_l390_firmware r10et51w
lenovo yangtian_afq150_firmware fwktbaa
lenovo thinkagile_vx7531_firmware afe118m
lenovo thinkagile_hx1331_firmware afe118m
lenovo thinkcentre_m75n_firmware m30kt26a
lenovo ideacentre_510s-07icb_firmware m22kt47a
lenovo thinkstation_p350_firmware s0akt34a
lenovo v530-15icr_firmware m2ykt31a
lenovo thinkagile_hx2321_firmware ive178i
lenovo thinkpad_e14_gen_2_firmware r1eet45w
lenovo thinkpad_e590_firmware r0yet48w
lenovo thinkcentre_m610_firmware m1akt56a
lenovo thinkserver_rs160_firmware vb1ts307
lenovo legion_t5-26iob6_firmware o54kt1da
lenovo v50a-24imb_firmware m36kt28a
lenovo v30a-22iml_firmware m37kt28a
lenovo thinkagile_hx2330_firmware afe118m
lenovo thinkpad_l15_firmware r17et33w
lenovo thinkpad_x390_firmware n2jet97w
lenovo thinksystem_sn550_firmware ive178i
lenovo thinksmart_hub_500_firmware m23kt29a
lenovo thinkcentre_m90q_tiny_firmware m2tkt50a
lenovo thinkpad_t14s_firmware n2yet34w
lenovo thinkcentre_m75q_gen_2_firmware m33kt25a
lenovo thinkserver_rd350_firmware 5.05.0
lenovo thinksystem_sr258_v2_firmware tqe104j
lenovo thinkcentre_e96z_firmware m26kt22a
lenovo thinkpad_t15_gen_2_firmware n34et46w
lenovo thinksystem_sd630_v2_firmware u8e118m
lenovo thinkagile_hx2320-e_firmware ive178i
lenovo thinkpad_l13_yoga_firmware r15et51w
lenovo thinkcentre_m6600q_firmware fwktbaa
lenovo ideacentre_a340-24igm_firmware o51kt12a
lenovo v540-24iwl_firmware m29kt39a
lenovo thinkcentre_m8600s_firmware fwktbaa
lenovo thinksmart_hub_teams_firmware m2xkt20a
lenovo thinkcentre_m710t_firmware m16kt68a
lenovo thinksystem_sr150_firmware ise130e
lenovo thinkcentre_m80s_firmware m2tkt50a
lenovo thinkagile_vx7820_firmware pse144n
lenovo thinkagile_hx5530_firmware afe118m
lenovo thinkagile_vx3331_firmware afe118m
lenovo thinkpad_x1_yoga_6th_gen_firmware n2tet72w
lenovo thinkagile_hx5520_firmware ive178i
lenovo thinkserver_ts560_firmware tb1ts307
lenovo thinkcentre_m70c_firmware m3nkt20a
lenovo thinkcentre_m720e_firmware m11kt54a
lenovo v520_firmware m16kt68a
lenovo thinkserver_ts460_firmware tb1ts307
lenovo thinkagile_hx3720_firmware tee178i
lenovo thinkagile_mx3330-h_firmware afe118m
lenovo thinkpad_t14s_gen_2_firmware n35et43w
lenovo thinksystem_st658_v2_firmware u8e118m
lenovo thinksystem_dx1100u_firmware ive178i
lenovo thinkpad_e15_firmware r16et33w
lenovo thinkagile_mx3321_h_firmware ive178i
lenovo thinkcentre_m70s_firmware m43kt16a
lenovo thinkagile_mx3531-f_firmware afe118m
lenovo thinkpad_s3_2nd_gen_firmware r16et33w
lenovo thinksystem_sr670_firmware g1e130i
lenovo thinkstation_p318_firmware m1akt56a
lenovo stadia_ggp-120_firmware s03kt55a
lenovo thinkcentre_e75s_firmware m16kt68a
lenovo thinkcentre_m818z_firmware m1nkt58a
lenovo thinkagile_hx3520-g_firmware ive178i
lenovo v530-15icb_firmware m1ykt70a
lenovo thinkagile_mx3531_h_firmware afe118m
lenovo ideacentre_gaming_5-14acn6_firmware o5ekt21a
lenovo thinkpad_p1_gen_3_firmware n2vet34w
lenovo thinkserver_rd550_firmware 5.03.0
lenovo thinkagile_vx5530_firmware afe118m
lenovo legion_c530-19icb_firmware o4bkt20a
lenovo thinkcentre_m80t_firmware m2tkt50a
lenovo thinkpad_x1_carbon_9th_gen_firmware n2tet72w
lenovo thinkcentre_m75s_gen_2_firmware m3akt44a
lenovo legion_t7-34imz5_firmware o4lkt1ea
lenovo yoga_a940-27icb_firmware o43kt43a
lenovo thinkagile_vx_1se_firmware ise130e
lenovo thinkcentre_m810z_all-in-one_firmware m1ekt25a
lenovo thinkagile_hx7521_firmware ive178i
lenovo thinkcentre_m75s_gen_2_firmware m3bkt29a
lenovo thinkagile_hx1520-r_firmware ive178i
lenovo thinkpad_p53s_firmware n2iet98w
lenovo v530s-07icb_firmware not_affected
lenovo v530s-07icr_firmware m30kt26a
lenovo thinkagile_hx1521-r_firmware ive178i
lenovo thinksystem_sr665_firmware d8e128f
lenovo thinkagile_mx1021_firmware hye122f
lenovo thinkserver_ts150_firmware 81i/b7s
lenovo legion_t5-28icb05_firmware o4bkt20a
lenovo thinkstation_p350_tiny_firmware m3jkt34a
lenovo thinksystem_st50_firmware ite125a
lenovo thinkagile_vx3330_firmware afe118m
lenovo thinkpad_p14s_gen_1_firmware n2xet33w
lenovo thinksystem_sd650_v2_firmware u8e118m
lenovo ideacentre_3-07imb05_firmware m2vkt1da
lenovo ideacentre_gaming_5-14iob6_firmware m3gkt33a
lenovo thinkpad_t15g_gen_1_firmware n30et43w
lenovo legion_t530-28apr_firmware o4gkt16a
lenovo thinkagile_mx1020_firmware hye122f
lenovo thinkserver_sr588_firmware tee176k
lenovo thinkpad_l490_firmware r0zet50w
lenovo ideacentre_gaming_5_17acn7_firmware o5ekt21a
lenovo thinkstation_p310_firmware fwktbaa
lenovo thinkcentre_m70t_firmware m41kt2da
lenovo v50t-13iob_g2_firmware m3gkt33a
lenovo v530-24icb_firmware m20kt52a
lenovo thinkagile_vx3720_firmware tee178i
lenovo thinksystem_sr850p_firmware tee176k
lenovo v50s-07imb_firmware m2vkt1da
lenovo v55t_gen_2_13acn_firmware o5jkt20a
lenovo ideacentre_5-14iob6_firmware m3gkt33a
lenovo thinkcentre_m715q_firmware m16kt68a
lenovo thinkpad_t15p_gen_1__firmware n30et43w
lenovo thinksystem_st250_firmware ise130e
lenovo thinkstation_p620_firmware s07kt25a
lenovo thinksystem_sd650_dwc_dual_node_tray_firmware ote178g
lenovo thinksystem_sd650-n_v2_firmware u8e118m
lenovo thinkagile_vx7530_firmware afe118m
lenovo thinkagile_mx3331-h_firmware afe118m
lenovo thinksystem_sr250_v2_firmware tqe104j
lenovo v330-20icb_firmware m1qkt47a
lenovo thinksystem_sr250_firmware ise130e
lenovo thinkcentre_m910q_firmware m1akt56a
lenovo thinksystem_sd530_firmware tee178i
lenovo thinkstation_p340_tiny_firmware m2wkt57a
lenovo thinksystem_sr630_v2_firmware afe118m
lenovo thinkagile_vx3530-g_firmware afe118m
lenovo thinkagile_vx_4u_firmware pse144n
lenovo thinkpad_x1_extreme_2nd_gen_firmware n2oet54w
lenovo thinkagile_vx7520_firmware ive178i
lenovo qt_b415_firmware m16kt68a
lenovo thinksystem_st650_v2_firmware u8e118m
lenovo thinkpad_x1_extreme_1st_gen_firmware n2eet56w
lenovo ideacentre_gaming_5_17iab7_firmware m42kt40a
lenovo thinkcentre_m70a_gen_2_firmware m2skt25a
lenovo thinkpad_t590_firmware n2iet98w
lenovo thinkcentre_m910t_firmware m1akt56a
lenovo thinkserver_rd350g_firmware vb3ts891
lenovo thinkpad_e15_gen_2_firmware r1eet45w
lenovo thinkcentre_neo_50s_gen_3_firmware m42kt40a
lenovo qt_m415_firmware m16kt68a
lenovo thinkpad_e490_firmware r0yet48w
lenovo thinksystem_st258_firmware ise130e
lenovo thinkcentre_m710e_firmware m41kt2da
lenovo thinkpad_p1_gen_2_firmware n2oet54w
lenovo thinkpad_p53_firmware n2net49w
lenovo thinksystem_st558_firmware o0e178i
lenovo ideacentre_3-07ada05_firmware o4fkt29a
lenovo thinkstation_p520c_firmware s03kt55a
lenovo thinksystem_sr258_firmware ise130e
lenovo thinkcentre_m700q_firmware fwktbaa
lenovo thinkagile_vx7330_firmware afe118m
lenovo thinkpad_r14_gen_2_firmware r1eet45w
lenovo thinkpad_p15s_gen_1_firmware n2xet33w
lenovo thinkagile_mx3330-f_firmware afe118m
lenovo thinksystem_sr650_firmware ive178i
lenovo thinksystem_sr850_v2_firmware m5e118i
lenovo thinksystem_sr860_v2_firmware m5e118i
lenovo thinkagile_mx3321_f_firmware ive178i
lenovo v530-22icb_firmware m20kt52a
lenovo thinkagile_hx1320_firmware ive178i
lenovo thinkedge_se30_firmware m3fkt29a
lenovo thinkcentre_m90a_firmware m3lkt26a
lenovo thinkcentre_m70a_firmware m28kt37a
lenovo legion_t530-28icb_firmware o4bkt20a
lenovo thinksystem_hr630x_firmware hr6n0661
lenovo thinksystem_hr650x_firmware hr6n0661
lenovo ideacentre_g5-14amr05_firmware o4zkt29a
lenovo v30a-24iml_firmware m37kt28a
lenovo thinksystem_st258_v2_firmware tqe104j
lenovo thinkpad_t14_gen_1_firmware n2xet33w
lenovo n3310_storage_firmware 5.05.0
lenovo thinkagile_hx7821_firmware pse144n
lenovo thinkpad_p15s_gen_2_firmware n34et46w
lenovo thinkpad_x1_yoga_4th_gen_firmware n2qet44w
lenovo thinkpad_p15_gen_1_firmware n30et43w
lenovo thinkserver_rd450_firmware 5.05.0
lenovo ideacentre_5-14are05_firmware o4zkt29a
lenovo thinkpad_x1_extreme_3rd_gen_firmware n2vet34w
lenovo thinksystem_dn8836_firmware l0.40
lenovo thinkpad_p52_firmware n2cet61w
lenovo thinkagile_mx3331-f_firmware afe118m
lenovo thinkstation_p348_firmware m3kkt34a
lenovo thinkagile_hx7820_firmware pse144n
lenovo thinksystem_sr645_firmware d8e128f
lenovo thinkserver_rs260_firmware vb1ts307
lenovo thinkagile_mx3530_f_firmware afe118m
lenovo ideacentre_5_14iab7_firmware m42kt40a
lenovo thinkcentre_m90t_firmware m1akt56a
lenovo thinkagile_hx3331_firmware afe118m
lenovo thinkcentre_m910x_firmware m49kt1da
lenovo v530-15arr_firmware not_affected
lenovo qitian_a815_firmware m1rkt38a
lenovo thinkcentre_m6600t_firmware fwktbaa
lenovo thinkcentre_m8600t_firmware fwktbaa
lenovo thinksystem_se350_firmware hye122f
lenovo thinksystem_st58_firmware ite125a
lenovo thinksystem_sn850_firmware ive178i
lenovo thinkpad_l590_firmware r0zet50w
lenovo thinkstation_p340_firmware s08kt50a
lenovo thinkcentre_m90a_gen_2_firmware m3jkt34a
lenovo thinkagile_hx3721_firmware tee178i
lenovo thinkpad_p15v_gen_1_firmware n30et43w
lenovo thinksystem_sr158_firmware ise130e
lenovo thinkcentre_m80q_firmware m46kt2da
lenovo v50t-13imb_firmware o4hkt38a
lenovo thinkcentre_m710q_firmware m1zkt38a
lenovo qt_m410_firmware m16kt68a
lenovo thinkpad_p14s_gen_2_firmware n34et46w
lenovo thinksystem_sn550_v2_firmware u8e118m
lenovo thinkagile_hx1321_firmware ive178i
lenovo thinkagile_mx3520_h_firmware ive178i
lenovo thinkpad_l14_firmware r17et33w
lenovo v35s-07ada_firmware o4fkt29a
lenovo ideacentre_g5-14imb05_firmware o4hkt38a
lenovo thinksmart_hub_zoom_firmware m2xkt20a
lenovo thinkpad_x1_nano_gen_1_firmware n2tet71w
lenovo thinksystem_st250_v2_firmware tqe104j
lenovo thinkpad_t14_gen_2_firmware n34et46w
lenovo thinkserver_sr860p_firmware tee176k
lenovo thinkagile_hx1021_firmware hye122f
lenovo thinkcentre_m80s_firmware m2wkt57a
lenovo thinkserver_ts550_firmware fwktb7s
lenovo thinkserver_td350_firmware 5.04.0
lenovo ideacentre_creator_5-14iob6_firmware m3gkt33a
lenovo thinkpad_x1_titanium_firmware n2met54w
lenovo thinkpad_x13_yoga_gen_2_firmware n39et50w
lenovo thinkpad_e14_firmware r16et33w
lenovo thinkcentre_m90s_firmware m2tkt50a
lenovo thinkagile_vx7320_n_firmware ive178i
lenovo thinkcentre_m70q_firmware m2vkt1da
lenovo v530s-07icb_firmware m22kt48a
lenovo thinksystem_st550_firmware o0e178i
lenovo thinkagile_vx5520_firmware ive178i
lenovo thinkpad_e490s_firmware r0yet48w
lenovo thinksystem_sr860_firmware tee178i
lenovo thinkagile_hx2720-e_firmware tee178i
lenovo thinksystem_sr950_firmware pse144n
lenovo ideacentre_a340-22igm_firmware o51kt12a
lenovo thinkserver_ts450_firmware fwktb7s
lenovo thinkcentre_m60e_tiny_firmware o5fkt14a
lenovo thinkserver_ts250_firmware 81i/b7s
lenovo thinkcentre_m70q_gen_2_firmware m2wkt57a
lenovo thinkagile_hx5520-c_firmware ive178i
lenovo thinkserver_sr590_firmware tee176k
lenovo thinkcentre_m630e_firmware m1wkt45a
CVE-2022-40135

An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo thinkcentre_m910s_firmware *
lenovo qt_m415_firmware *
lenovo ideacentre_510s-07icb_firmware *
lenovo thinkcentre_m710s_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinksmart_core_device:_zoom_rooms_firmware -
lenovo thinkcentre_m70q_firmware *
lenovo thinksmart_hub_teams_firmware *
lenovo thinkcentre_m820z_firmware *
lenovo thinkcentre_m70a_gen_2_firmware *
lenovo v530-15icb_firmware *
lenovo v330-20icb_firmware *
lenovo thinksmart_core_device_for_logitech_firmware -
lenovo ideacentre_gaming_5_17acn7_firmware *
lenovo qt_b415_firmware *
lenovo thinkcentre_m60e_tiny_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo thinkcentre_m910q_firmware *
lenovo thinkcentre_m75s-1_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo legion_c530-19icb_firmware *
lenovo v35s-07ada_firmware *
lenovo thinkstation_p340_tiny_firmware *
lenovo thinkcentre_m6600s_firmware *
lenovo v540-24iwl_firmware *
lenovo ideacentre_a340-22igm_firmware *
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo qt_m410_firmware *
lenovo thinkcentre_m910t_firmware *
lenovo v55t-15api_firmware *
lenovo thinkcentre_m715q_firmware *
lenovo ideacentre_720-18apr_firmware *
lenovo thinkcentre_e96z_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo legion_t5-28icb05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo ideacentre_510a-15arr_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m710e_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware *
lenovo ideacentre_3_07iab7_firmware *
lenovo v530s-07icb_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo yangtian_afq150_firmware *
lenovo thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware -
lenovo ideacentre_5-14are05_firmware *
lenovo thinkcentre_m6600t_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v530-15icr_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkcentre_m910x_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkstation_p340_firmware *
lenovo thinkstation_p310_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo v530-22icb_firmware *
lenovo thinkedge_se30_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinksmart_core_device_for_poly_firmware -
lenovo legion_t5-26iob6_firmware *
lenovo thinkcentre_m75s_gen_2_firmware *
lenovo ideacentre_5-14acn6_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkcentre_neo_50s_gen_3_firmware *
lenovo thinkcentre_m75q-1_firmware *
lenovo thinkcentre_m720e_firmware *
lenovo v55t-15are_firmware *
lenovo thinksystem_st50_firmware *
lenovo ideacentre_t540-15ama_g_firmware *
lenovo thinkstation_p620_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkstation_p350_tiny_firmware *
lenovo thinkstation_p520_firmware *
lenovo thinkcentre_m715t_firmware *
lenovo legion_t530-28icb_firmware *
lenovo thinkcentre_m70q_gen_3_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkstation_p348_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo ideacentre_a340-24igm_firmware *
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo ideacentre_510a-15ick_firmware *
lenovo v50s-07imb_firmware *
lenovo thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware -
lenovo thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo thinkcentre_m70q_gen_2_firmware *
lenovo v530-15arr_firmware *
lenovo thinksystem_st58_firmware *
lenovo thinkstation_p318_firmware *
lenovo thinkstation_p350_firmware *
lenovo thinksmart_hub_zoom_firmware *
lenovo thinkcentre_m90q_gen_2_firmware *
lenovo v520s_firmware *
lenovo ideacentre_t540-15ick_firmware *
lenovo thinkcentre_m818z_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo thinkcentre_m710q_firmware *
lenovo thinkcentre_m6600q_firmware *
lenovo thinkcentre_e75_t/s_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo thinkcentre_m710t_firmware *
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_510-15ick_firmware *
lenovo thinkcentre_m75t_gen_2_firmware *
lenovo thinkcentre_m90a_gen2_firmware *
lenovo yta8900f_firmware *
lenovo thinkstation_p320_tiny_firmware *
lenovo thinkcentre_m610_firmware *
lenovo thinkcentre_m725s_firmware *
lenovo ideacentre_510s-07ick_firmware *
lenovo v530s-07icr_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo qitian_a815_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo thinksmart_core_&_controller_kit:_zoom_rooms_firmware -
lenovo v530-24icb_firmware *
lenovo legion_t530-28apr_firmware *
lenovo thinkcentre_m630e_firmware *
lenovo v520_firmware *
lenovo thinkstation_p520c_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo thinkcentre_neo_50t_gen_3_firmware *
lenovo yoga_a940-27icb_firmware *
lenovo stadia_ggp-120_firmware *
CVE-2022-40136

An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo thinkcentre_m910s_firmware *
lenovo qt_m415_firmware *
lenovo ideacentre_510s-07icb_firmware *
lenovo thinkcentre_m710s_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinksmart_core_device:_zoom_rooms_firmware -
lenovo thinkcentre_m70q_firmware *
lenovo thinksmart_hub_teams_firmware *
lenovo thinkcentre_m820z_firmware *
lenovo thinkcentre_m70a_gen_2_firmware *
lenovo v530-15icb_firmware *
lenovo v330-20icb_firmware *
lenovo thinksmart_core_device_for_logitech_firmware -
lenovo ideacentre_gaming_5_17acn7_firmware *
lenovo thinkcentre_m900x_firmware *
lenovo qt_b415_firmware *
lenovo thinkcentre_m60e_tiny_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo thinkcentre_m910q_firmware *
lenovo thinkcentre_m75s-1_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo legion_c530-19icb_firmware *
lenovo v35s-07ada_firmware *
lenovo thinkstation_p340_tiny_firmware *
lenovo thinkcentre_m6600s_firmware *
lenovo v540-24iwl_firmware *
lenovo ideacentre_a340-22igm_firmware *
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo qt_m410_firmware *
lenovo thinkcentre_m910t_firmware *
lenovo v55t-15api_firmware *
lenovo thinkcentre_m715q_firmware *
lenovo ideacentre_720-18apr_firmware *
lenovo thinkcentre_e96z_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo legion_t5-28icb05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo ideacentre_510a-15arr_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m710e_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware *
lenovo ideacentre_3_07iab7_firmware *
lenovo v530s-07icb_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkstation_p720_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo yangtian_afq150_firmware *
lenovo thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware -
lenovo ideacentre_5-14are05_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkcentre_m6600t_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v530-15icr_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkcentre_m910x_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkstation_p340_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkstation_p310_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo v530-22icb_firmware *
lenovo thinkcentre_m800_firmware *
lenovo thinkedge_se30_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinksmart_core_device_for_poly_firmware -
lenovo legion_t5-26iob6_firmware *
lenovo thinkcentre_m75s_gen_2_firmware *
lenovo thinkcentre_m900_firmware *
lenovo ideacentre_5-14acn6_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkcentre_neo_50s_gen_3_firmware *
lenovo thinkcentre_m75q-1_firmware *
lenovo thinkcentre_m720e_firmware *
lenovo v55t-15are_firmware *
lenovo thinksystem_st50_firmware *
lenovo ideacentre_t540-15ama_g_firmware *
lenovo thinkstation_p620_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkstation_p350_tiny_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkstation_p520_firmware *
lenovo thinkcentre_m715t_firmware *
lenovo legion_t530-28icb_firmware *
lenovo thinkcentre_m70q_gen_3_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkstation_p348_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo ideacentre_a340-24igm_firmware *
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo ideacentre_510a-15ick_firmware *
lenovo v50s-07imb_firmware *
lenovo thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware -
lenovo thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m810z_firmware *
lenovo thinkcentre_m70q_gen_2_firmware *
lenovo v530-15arr_firmware *
lenovo thinksystem_st58_firmware *
lenovo thinkstation_p318_firmware *
lenovo thinkstation_p350_firmware *
lenovo thinksmart_hub_zoom_firmware *
lenovo thinkcentre_m90q_gen_2_firmware *
lenovo v520s_firmware *
lenovo ideacentre_t540-15ick_firmware *
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m818z_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo thinkcentre_m710q_firmware *
lenovo thinkcentre_m6600q_firmware *
lenovo thinkcentre_e75_t/s_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo thinkcentre_m710t_firmware *
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_510-15ick_firmware *
lenovo thinkcentre_m75t_gen_2_firmware *
lenovo thinkcentre_m90a_gen2_firmware *
lenovo yta8900f_firmware *
lenovo thinkstation_p320_tiny_firmware *
lenovo thinkcentre_m610_firmware *
lenovo thinkcentre_m725s_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo ideacentre_510s-07ick_firmware *
lenovo v530s-07icr_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo qitian_a815_firmware *
lenovo thinkstation_p320_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo thinksmart_core_&_controller_kit:_zoom_rooms_firmware -
lenovo v530-24icb_firmware *
lenovo legion_t530-28apr_firmware *
lenovo thinkcentre_m630e_firmware *
lenovo v520_firmware *
lenovo thinkstation_p520c_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo thinkcentre_neo_50t_gen_3_firmware *
lenovo yoga_a940-27icb_firmware *
lenovo stadia_ggp-120_firmware *
CVE-2022-40137

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Products Affected

Vendor Product Version
lenovo ideacentre_m70q_gen_2_firmware m3jkt35a
lenovo thinkagile_vx2330_firmware afe118m
lenovo thinkagile_vx1320__firmware ise130e
lenovo ideacentre_3_07iab7_firmware m49kt1da
lenovo ideacentre_m900x_firmware fwktbfa
lenovo thinkagile_vx_2u_firmware ive178i
lenovo ideacentre_m710e_firmware m1zkt39a
lenovo thinkserver_rd650_firmware 5.05.0
lenovo ideacentre_m75t_gen_2_firmware m3akt44a
lenovo thinkstation_p620_workstation_firmware s07kt4aa
lenovo thinkagile_hx3320_firmware ive178i
lenovo ideacentre_gaming_5-14iob6_firmware m3gkt38a
lenovo ideacentre_m75s_gen_2_firmware m3akt44a
lenovo thinksmart_core_&_controller_kit:_zoom_rooms_firmware m4ckt14a
lenovo ideacentre_m70t_gen_3_firmware m41kt2da
lenovo ideacentre_m920s_firmware m1ukt6ba
lenovo ideacentre_720-18apr_firmware m25kt61a
lenovo thinkagile_hx3376_firmware d8e128f
lenovo ideacentre_m710s_firmware m16kt69a
lenovo v520s_firmware m16kt69a
lenovo ideacentre_m710q_firmware m1akt56a
lenovo v30a-24iml_firmware m37kt29a
lenovo ideacentre_510s-07icb_firmware m22kt48a
lenovo thinkstation_p920_workstation_firmware s05kt62p
lenovo ideacentre_3-07imb05_firmware m2vkt1fa
lenovo yoga_a940-27icb_all-in-one_firmware o43kt43a
lenovo thinkagile_hx5521-c_firmware ive178i
lenovo thinkagile_vx_2u4n_firmware tee178i
lenovo ideacentre_m920q_firmware m1ukt6ba
lenovo ideacentre_t540-15ick_firmware o4kkt16a
lenovo thinkagile_mx3330-f_all-flash_firmware afe118m
lenovo thinkagile_hx7531_firmware afe118m
lenovo thinkagile_hx2320_firmware ive178i
lenovo thinkstation_p320_workstation_firmware s06kt61a
lenovo ideacentre_m810z_all-in-one_firmware m1ckt50a
lenovo ideacentre_m715t_firmware m2ckt4da
lenovo thinkagile_hx7520_firmware ive178i
lenovo ideacentre_m80q_firmware m2wkt55a
lenovo v50s-07imb_firmware m2vkt1fa
lenovo ideacentre_a340-24igm_all-in-one_firmware o51kt12a
lenovo thinksystem_dx8200d_firmware ive178i
lenovo thinkserver_sd350_firmware 5.05.0
lenovo thinkstation_p920_workstation_firmware s05kt62a
lenovo ideacentre_gaming_5_17acn7_firmware o5ekt23a
lenovo v530-15arr_firmware o4dkt44a
lenovo ideacentre_m90s_firmware m2tkt50a
lenovo ideacentre_g5-14imb05_firmware o4hkt3aa
lenovo thinkstation_p330_workstation_2nd_gen_firmware m1vkt6ba
lenovo ideacentre_m90q_gen_3_firmware m4gkt1da
lenovo thinksmart_core_device_for_logitech_firmware m4ckt14a
lenovo thinkagile_vx7820__firmware pse144n
lenovo thinkagile_vx3520-g__firmware ive178i
lenovo ideacentre_m920x_firmware m1ukt6ba
lenovo thinkagile_hx2331_firmware afe118m
lenovo ideacentre_m820z_all-in-one_firmware m1nkt59a
lenovo ideacentre_aio_3-22itl6_firmware o5akt31a
lenovo ideacentre_m720t_firmware m1ukt6ba
lenovo thinkagile_hx5521_firmware ive178i
lenovo thinkstation_p720_workstation_firmware s04kt62p
lenovo v50t-13imb_firmware o4hkt3aa
lenovo thinksmart_hub_500_firmware m23kt31a
lenovo thinksystem_hr610x_firmware hr6n0661
lenovo ideacentre_a340-22igm_all-in-one_firmware o51kt12a
lenovo ideacentre_m80t_firmware m2tkt50a
lenovo thinkagile_hx3330_firmware afe118m
lenovo ideacentre_m70a_firmware m2skt26a
lenovo ideacentre_m75s_gen_2_firmware m3bkt2aa
lenovo v35s-07ada_firmware o4fkt33a
lenovo ideacentre_m70s_firmware m2tkt50a
lenovo ideacentre_m90a_firmware m2rkt55a
lenovo thinkstation_p330_tiny_workstation_firmware m1ukt6ba
lenovo ideacentre_neo_50t_gen_3_firmware m42kt40a
lenovo v50a-24imb_firmware m36kt31a
lenovo ideacentre_m70q_firmware m2wkt55a
lenovo ideacentre_m75s_gen_2_firmware m46kt2ba
lenovo thinkagile_mx_1u_-_mx3321_h__firmware ive178i
lenovo thinkstation_p360_tiny_workstation_firmware m4gkt1da
lenovo ideacentre_m910q_firmware m1akt56a
lenovo v520_firmware m16kt69a
lenovo thinkagile_hx3375_firmware d8e128f
lenovo thinkagile_hx3321_firmware ive178i
lenovo yangtian_afq150_firmware fwktc0a
lenovo thinkagile_hx7530_firmware afe118m
lenovo ideacentre_aio_3-22ada05_firmware o4tkt29a
lenovo ideacentre_a340-22icb_all-in-one_firmware o44kt32a
lenovo ideacentre_aio_3-22imb05_firmware o4rkt3a
lenovo thinkagile_vx_1u_firmware ive178i
lenovo n4610_storage_firmware 5.05.0
lenovo ideacentre_m90a_gen_2_firmware m3lkt26a
lenovo v30a-22iml_firmware m37kt29a
lenovo ideacentre_m70q_gen_3_firmware m43kt16a
lenovo thinkstation_p340_workstation_firmware s08kt50a
lenovo thinkagile_hx5531_firmware afe118m
lenovo ideacentre_510a-15arr_firmware o4dkt44a
lenovo v530s-07icr_firmware m30kt27a
lenovo thinkagile_hx3521-g_firmware ive178i
lenovo ideacentre_m715q_2nd_gen_firmware m1xkt58a
lenovo ideacentre_neo_50s_gen_3_firmware m49kt1da
lenovo thinkagile_vx7520__firmware ive178i
lenovo thinkcentre_m8600t_firmware fwktc0a
lenovo thinkagile_hx1021_edg_firmware hye122f
lenovo thinksmart_core_&_controller_full_room_kit:_zoom_rooms_firmware m4ckt14a
lenovo thinkcentre_m700q_firmware fwktc0a
lenovo thinkagile_vx7531_firmware afe118m
lenovo thinksmart_core_&_controller_full_room_kit:_microsoft_teams_rooms_firmware m4ckt14a
lenovo thinkagile_hx1331_firmware afe118m
lenovo qt_b415_firmware m16kt69a
lenovo qitian_a815_firmware m1rkt39a
lenovo thinkagile_hx2321_firmware ive178i
lenovo ideacentre_m920t_firmware m1ukt6ba
lenovo ideacentre_a340-22iwl_all-in-one_firmware o46kt36a
lenovo thinkcentre_m610_firmware m1akt56a
lenovo thinkcentre_e75t_firmware m16kt69a
lenovo thinkserver_rs160_firmware vb1ts307
lenovo thinkagile_hx2330_firmware afe118m
lenovo ideacentre_m700_tiny_firmware fwktbfa
lenovo thinkserver_rd350_firmware 5.05.0
lenovo thinkagile_vx7520_n__firmware ive178i
lenovo ideacentre_a340-22ast_all-in-one_firmware o4ckt23a
lenovo thinkagile_hx2320-e_firmware ive178i
lenovo thinkstation_p310_workstation_firmware fwktc0a
lenovo thinkagile_mx3530-h_hybrid_firmware afe118m
lenovo thinksmart_hub_teams_firmware m2xkt20a
lenovo ideacentre_aio_3-24ada6_firmware o5ckt24a
lenovo ideacentre_aio_3-27alc6_firmware o5bkt24a
lenovo ideacentre_m75q-1_firmware m2fkt2ea
lenovo thinkstation_p720_workstation_firmware s04kt62a
lenovo thinkagile_hx5530_firmware afe118m
lenovo thinkagile_vx3331_firmware afe118m
lenovo v530-15icr_firmware m2ykt33a
lenovo thinkagile_hx5520_firmware ive178i
lenovo thinkserver_ts560_firmware tb1ts307
lenovo ideacentre_m90t_firmware m2tkt50a
lenovo thinkagile_mx3531_h_hybrid_firmware afe118m
lenovo ideacentre_aio_3-24imb05_firmware o4rkt3a
lenovo thinkserver_ts460_firmware tb1ts307
lenovo thinkagile_mx3330-h_hybrid_firmware afe118m
lenovo thinkagile_hx3720_firmware tee178i
lenovo ideacentre_aio_3-24iil5_firmware o56kt22a
lenovo thinkcentre_m6600q_firmware fwktc0a
lenovo thinksystem_dx1100u_firmware ive178i
lenovo ideacentre_m910s_firmware m1akt56a
lenovo thinkagile_vx7320_n__firmware ive178i
lenovo legion_t7-34imz5_firmware o4lkt1fa
lenovo ideacentre_m60e_tiny_firmware m3skt21a
lenovo thinkagile_hx3520-g_firmware ive178i
lenovo v50a-22imb_firmware m36kt31a
lenovo ideacentre_m630e_firmware m28kt39a
lenovo thinkagile_vx2320__firmware ive178i
lenovo ideacentre_5-14iob6_firmware m3gkt38a
lenovo thinksmart_core_&_controller_kit:_microsoft_teams_rooms_firmware m4ckt14a
lenovo thinkserver_rd550_firmware 5.03.0
lenovo ideacentre_e96z_firmware m26kt24a
lenovo ideacentre_m818z_firmware m1ekt27a
lenovo thinkagile_mx3331-f_all-flash_firmware afe118m
lenovo thinkagile_vx5530_firmware afe118m
lenovo thinkstation_thinkstation_p318_firmware m1akt56a
lenovo thinkstation_p330_workstation_firmware m1vkt6ba
lenovo thinkagile_vx_1se_firmware ise130e
lenovo ideacentre_aio_3-27imb05_firmware o4rkt3a
lenovo thinkagile_hx7521_firmware ive178i
lenovo thinkagile_hx1520-r_firmware ive178i
lenovo ideacentre_m900_firmware fwktbfa
lenovo ideacentre_m70c_firmware m2vkt1fa
lenovo ideacentre_m75s-1_firmware m2ckt4da
lenovo thinkagile_hx1521-r_firmware ive178i
lenovo legion_t5-26iob6_firmware o54kt20a
lenovo thinkagile_mx-_hybrid_firmware ive178i
lenovo thinkagile_mx1021_firmware hye122f
lenovo ideacentre_m70t_firmware m2tkt50a
lenovo thinkserver_ts150_firmware 81i/b7s
lenovo thinksystem_st50_firmware ite125a
lenovo thinkagile_mx-_all_flash_firmware ive178i
lenovo thinkstation_p520c_workstation_firmware s03kt55a
lenovo thinkagile_vx3330_firmware afe118m
lenovo thinksmart_core_device_for_poly_firmware m4ckt14a
lenovo thinkagile_vx3320__firmware ive178i
lenovo v540-24iwl_all-in-one_firmware m29kt40a
lenovo thinkstation_p350_tiny_workstation_firmware m3jkt35a
lenovo yta8900f_firmware fwktc0a
lenovo thinkserver_sr588_firmware tee176k
lenovo ideacentre_m70s_gen_3_firmware m41kt2da
lenovo thinkagile_mx3520_h-_hybrid__firmware ive178i
lenovo ideacentre_a340-24ick_all-in-one_firmware o4pkt15a
lenovo ideacentre_m720s_firmware m1ukt6ba
lenovo ideacentre_m75t_gen_2_firmware m3bkt2aa
lenovo ideacentre_a340-24iwl_all-in-one_firmware o46kt36a
lenovo thinkagile_mx3530_f_all_flash_firmware afe118m
lenovo ideacentre_aio_3-27itl6_firmware o5akt31a
lenovo ideacentre_m90q_gen_2_firmware m3jkt35a
lenovo ideacentre_m725s_firmware m25kt61a
lenovo v55t_gen_2_13acn_firmware o5jkt20a
lenovo thinksmart_core_device:_zoom_rooms_firmware m4ckt14a
lenovo ideacentre_m715s_firmware m2ckt4da
lenovo thinkagile_vx7530_firmware afe118m
lenovo ideacentre_m80s_gen_3_firmware m40kt2da
lenovo ideacentre_aio_3-24are05_firmware o4skt28a
lenovo thinkagile_vx3530-g_firmware afe118m
lenovo qt_m410_firmware m16kt69a
lenovo v55t-15api_firmware o4dkt44a
lenovo thinkagile_vx_4u_firmware pse144n
lenovo thinkstation_p320_tiny_workstation_firmware m1akt56a
lenovo v530-15icb_firmware m1ykt72a
lenovo ideacentre_m715q_firmware m11kt55a
lenovo ideacentre_gaming_5_17iab7_firmware m42kt40a
lenovo thinkstation_p348_workstation_firmware m3kkt36a
lenovo thinkserver_rd350g_firmware vb3ts891
lenovo ideacentre_aio_3-24alc6_firmware o5bkt24a
lenovo ideacentre_m80t_gen_3_firmware m40kt2da
lenovo ideacentre_m720q_firmware m1ukt6ba
lenovo ideacentre_510s-07ick_firmware m30kt27a
lenovo ideacentre_m625q_firmware m1wkt46a
lenovo thinkagile_mx3531-f_all-flash_firmware afe118m
lenovo ideacentre_a340-24icb_all-in-one_firmware o44kt32a
lenovo thinkcentre_m6600s_firmware fwktc0a
lenovo ideacentre_510a-15ick_firmware o4kkt16a
lenovo thinkagile_vx7330_firmware afe118m
lenovo ideacentre_aio_3-24itl6_firmware o5akt31a
lenovo ideacentre_c5-14imb05_firmware o4hkt3aa
lenovo qt_m415_firmware m16kt69a
lenovo thinkcentre_e75s_firmware m16kt69a
lenovo ideacentre_m90a_gen_3_firmware m4ikt17a
lenovo ideacentre_5-14acn6_firmware o5ekt23a
lenovo thinkagile_hx1320_firmware ive178i
lenovo thinkedge_se30_firmware m3fkt29a
lenovo v530-24icb_all-in-one_firmware m20kt53a
lenovo thinkagile_mx3520_f-_all_flash__firmware ive178i
lenovo thinkstation_p520_workstation_firmware s03kt55a
lenovo thinksystem_hr630x_firmware hr6n0661
lenovo thinksystem_hr650x_firmware hr6n0661
lenovo thinkstation_p350_workstation_firmware s0akt35a
lenovo thinkagile_vx3720__firmware tee178i
lenovo ideacentre_g5-14amr05_firmware o4zkt29a
lenovo ideacentre_m80q_gen_3_firmware m4gkt1da
lenovo n3310_storage_firmware 5.05.0
lenovo thinkagile_hx7821_firmware pse144n
lenovo thinkserver_rd450_firmware 5.05.0
lenovo ideacentre_5-14are05_firmware o4zkt29a
lenovo ideacentre_aio_3-22iil5_firmware o56kt22a
lenovo legion_t5-28icb05_firmware o4bkt21a
lenovo v530-22icb_all-in-one_firmware m20kt53a
lenovo ideacentre_m800_firmware fwktbfa
lenovo v330-20icb_all-in-one_firmware m1qkt49a
lenovo ideacentre_m75q_gen_2_firmware m47kt24a
lenovo thinkagile_hx7820_firmware pse144n
lenovo ideacentre_m70a_gen_3_firmware m4ekt18a
lenovo thinkserver_rs260_firmware vb1ts307
lenovo ideacentre_5_14iab7_firmware m42kt40a
lenovo thinkagile_hx3331_firmware afe118m
lenovo ideacentre_m910t_firmware m1akt56a
lenovo thinkcentre_m6600t_firmware fwktc0a
lenovo thinkstation_stadia_ggp-120_firmware s03kt55a
lenovo thinkcentre_m8600s_firmware fwktc0a
lenovo legion_t530-28apr_firmware o4gkt17a
lenovo legion_c530-19icb_firmware o4bkt21a
lenovo ideacentre_m720e_firmware m30kt27a
lenovo thinkagile_mx_edge-_mx1020__firmware hye122f
lenovo thinkagile_mx_1u_-_mx3321_f__firmware ive178i
lenovo ideacentre_m90t_gen_3_firmware m40kt2da
lenovo thinkagile_vx5520__firmware ive178i
lenovo ideacentre_gaming_5-14acn6_firmware o5ekt23a
lenovo v50t-13iob_g2_firmware m3gkt38a
lenovo ideacentre_m75n_firmware m33kt26a
lenovo thinksystem_st58_firmware ite125a
lenovo ideacentre_3-07ada05_firmware o4fkt33a
lenovo ideacentre_m70a_gen_2_firmware m3nkt21a
lenovo ideacentre_5-14imb05_firmware o4hkt3aa
lenovo thinkstation_p340_tiny_workstation_firmware m2wkt55a
lenovo ideacentre_m710t_firmware m16kt69a
lenovo ideacentre_m90s_gen_3_firmware m40kt2da
lenovo thinkagile_hx3721_firmware tee178i
lenovo thinkagile_hx1321_firmware ive178i
lenovo thinksmart_hub_zoom_firmware m2xkt20a
lenovo v55t-15are_firmware o52kt23a
lenovo thinkserver_sr860p_firmware tee176k
lenovo ideacentre_a340-22ick_all-in-one_firmware o4pkt15a
lenovo ideacentre_neo_70t_gen_3_firmware m40kt2da
lenovo thinkserver_ts550_firmware fwktb7s
lenovo thinkserver_td350_firmware 5.04.0
lenovo ideacentre_m75t_gen_2_firmware m46kt2ba
lenovo ideacentre_m90q_tiny_firmware m2wkt55a
lenovo ideacentre_mini_5-01imh05_firmware o4ekt17a
lenovo ideacentre_m910x_firmware m1akt56a
lenovo ideacentre_510-15ick_firmware o4kkt16a
lenovo v530s-07icb_firmware m22kt48a
lenovo ideacentre_m80s_firmware m2tkt50a
lenovo thinkagile_hx2720-e_firmware tee178i
lenovo legion_t7-34imz5_firmware o5fkt14a
lenovo thinkagile_mx3331-h_hybrid_firmware afe118m
lenovo thinkserver_ts450_firmware fwktb7s
lenovo ideacentre_aio_3-22ada6_firmware o5ckt24a
lenovo thinkserver_ts250_firmware 81i/b7s
lenovo thinkagile_hx5520-c_firmware ive178i
lenovo thinkserver_sr590_firmware tee176k
lenovo legion_t530-28icb_firmware o4bkt21a
lenovo ideacentre_t540-15ama_g_firmware m2ckt4da
CVE-2022-4432

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Products Affected

Vendor Product Version
lenovo thinkpad_x13s_firmware *
lenovo thinkpas_x13s_firmware *
CVE-2022-4433

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Products Affected

Vendor Product Version
lenovo thinkpad_x13s_firmware *
lenovo thinkpas_x13s_firmware *
CVE-2022-4434

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

Products Affected

Vendor Product Version
lenovo thinkpad_x13s_firmware *
CVE-2022-4435

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

Products Affected

Vendor Product Version
lenovo thinkpad_x13s_firmware *
lenovo thinkpas_x13s_firmware *
CVE-2022-4568

A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.0 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.0 5.9

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2022-4569

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_hybrid_usb-c_with_usb-a_dock_firmware *
CVE-2022-4573

An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_x1_fold_gen_1_firmware -
CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.  

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_x1_extreme_gen_5_firmware *
lenovo thinkpad_p14s_gen_1_firmware *
lenovo thinkpad_x1_yoga_7th_gen_firmware *
lenovo thinkpad_x1_yoga_5th_gen_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware *
lenovo thinkpad_t14_gen_2_firmware -
lenovo thinkpad_l14_gen_2_firmware -
lenovo thinkpad_p1_gen_5_firmware *
lenovo thinkpad_t14_gen_3_firmware *
lenovo thinkpad_p15v_gen_1_firmware *
lenovo thinkpad_t14s_firmware *
lenovo thinkpad_x1_fold_gen_1_firmware -
lenovo thinkpad_p14s_gen_2_firmware -
lenovo thinkpad_p15_gen_2_firmware *
lenovo thinkpad_x1_titanium_firmware *
lenovo thinkpad_x1_carbon_10th_gen_firmware *
lenovo thinkpad_t15p_gen_1_firmware *
lenovo thinkpad_x1_nano_gen_1_firmware *
lenovo thinkpad_x1_carbon_9th_gen_firmware *
lenovo thinkpad_t14_gen_1_firmware *
lenovo thinkpad_p14s_gen_3_firmware *
lenovo thinkpad_p1_gen_4_firmware 1.22
lenovo thinkpad_t15g_gen_1_firmware *
lenovo thinkpad_p17_gen_1_firmware *
lenovo thinkpad_t15p_gen_2_firmware *
lenovo thinkpad_p15s_gen_1_firmware *
lenovo thinkpad_x13_yoga_gen_2_firmware *
lenovo thinkpad_p16s_gen_1_firmware *
lenovo thinkpad_x1_nano_gen_2_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_p15v_gen_2_firmware *
lenovo thinkpad_t14s_gen_3_firmware *
lenovo thinkpad_p16_gen_1_firmware *
lenovo thinkpad_p17_gen_2_firmware *
lenovo thinkpad_p15s_gen_2_firmware -
lenovo thinkpad_x13_yoga_gen_1_firmware *
lenovo thinkpad_p15v_gen_3_firmware *
lenovo thinkpad_l15_gen_2_firmware -
lenovo thinkpad_x13_gen_2_firmware *
lenovo thinkpad_t15_gen_2_firmware -
lenovo thinkpad_x13_firmware *
lenovo thinkpad_t15g_gen_2_firmware *
lenovo thinkpad_p15_gen_1_firmware *
lenovo thinkpad_x1_extreme_3rd_gen_firmware *
lenovo thinkpad_p1_gen_3_firmware *
lenovo thinkpad_x1_carbon_7th_gen_firmware *
lenovo thinkpad_t16_gen_1_firmware *
lenovo thinkpad_x1_carbon_8th_gen_firmware *
lenovo thinkpad_l15_firmware *
lenovo thinkpad_x13_gen_3_firmware *
lenovo thinkpad_x1_yoga_6th_gen_firmware *
lenovo thinkpad_t14s_gen_2_firmware *
lenovo thinkpad_x1_extreme_4th_gen_firmware *
lenovo thinkpad_t15p_gen_3_firmware *
CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_l560_firmware *
lenovo thinkpad_25_firmware *
lenovo thinkpad_t470s_firmware *
lenovo thinkpad_p50_firmware *
lenovo thinkpad_x260_firmware *
lenovo thinkpad_x270_firmware *
lenovo thinkpad_p50s_firmware *
lenovo thinkpad_yoga_260_firmware *
lenovo thinkpad_p70_firmware *
lenovo thinkpad_t560_firmware *
lenovo thinkpad_t470_firmware *
lenovo thinkpad_x1_carbon_4th_gen_firmware *
lenovo thinkpad_x1_yoga_1st_gen_firmware *
CVE-2022-4816

A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.

Products Affected

Vendor Product Version
lenovo safecenter *
CVE-2022-48181

An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_t540-15ama_g_firmware *
lenovo ideacentre_510s-07icb_firmware *
lenovo thinkcentre_m90q_gen_3_firmware *
lenovo thinkcentre_m80q_gen_3_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkcentre_m60e_tiny_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo legion_t5-26amr5_firmware *
lenovo thinkcentre_m75s-1_firmware *
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo legion_c530-19icb_firmware *
lenovo v35s-07ada_firmware *
lenovo thinkstation_p340_tiny_firmware *
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo ideacentre_720-18apr_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo legion_t5-28icb05_firmware *
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo legion_r5-28imb05_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware *
lenovo v30a-22itl_firmware *
lenovo thinkstation_p360_firmware *
lenovo ideacentre_3_07iab7_firmware *
lenovo v530s-07icb_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_5-14are05_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkstation_p340_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo thinkstation_p330_gen_2_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo legion_t5-26iob6_firmware *
lenovo thinkcentre_m75s_gen_2_firmware *
lenovo ideacentre_5-14acn6_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkcentre_neo_50s_gen_3_firmware *
lenovo thinkcentre_m920z_firmware *
lenovo thinkcentre_m720e_firmware *
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkstation_p350_tiny_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t530-28icb_firmware *
lenovo ideacentre_aio_3-27alc6_firmware *
lenovo thinkcentre_m70q_gen_3_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo lenovo_legion_t5_26iab7_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkcentre_m70q_gen_2_firmware *
lenovo thinkstation_p350_firmware *
lenovo thinkcentre_m90q_gen_2_firmware *
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkcentre_m80t_firmware *
lenovo thinkstation_p360_tiny_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo thinkcentre_m600_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_3_07ach7_firmware *
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo ideacentre_5-14imb05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo thinkcentre_m725s_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo ideacentre_510s-07ick_firmware *
lenovo v530s-07icr_firmware *
lenovo thinkstation_p320_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo thinkstation_p330_firmware *
lenovo thinkcentre_neo_50t_gen_3_firmware *
lenovo legion_t5-28imb05_firmware *
CVE-2022-48182

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_x13_gen_3_firmware *
lenovo thinkpad_t14s_gen_3_firmware *
CVE-2022-48183

A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

Products Affected

Vendor Product Version
lenovo thinkpad_x13_gen_3_firmware *
lenovo thinkpad_t14s_gen_3_firmware *
CVE-2022-48186

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
lenovo baiying *
CVE-2022-48188

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p330_tiny_firmware *
lenovo ideacentre_510s-07icb_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware *
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkcentre_m920z_firmware *
lenovo thinkcentre_m720e_firmware *
lenovo v30a-22itl_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo v530s-07icb_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m75t_gen_2_firmware *
lenovo thinkstation_p520_firmware *
lenovo thinkstation_p360_ultra_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo thinkcentre_m725s_firmware *
lenovo ideacentre_510s-07ick_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo v530s-07icr_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkstation_p520c_firmware *
lenovo ideacentre_720-18apr_firmware *
CVE-2022-48189

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_x390_firmware -
lenovo thinkpad_x1_carbon_8th_gen_firmware -
lenovo thinkpad_p14s_gen_3_firmware -
lenovo thinkpad_t15_firmware *
lenovo thinkpad_x1_extreme_gen_5_firmware *
lenovo thinkpad_l490_firmware *
lenovo thinkpad_z13_gen_1_firmware *
lenovo thinkpad_p14s_gen_1_firmware *
lenovo thinkpad_p1_gen_4_firmware *
lenovo thinkpad_x1_yoga_4th_gen_firmware -
lenovo thinkpad_x1_yoga_7th_gen_firmware *
lenovo thinkpad_e490_firmware *
lenovo thinkpad_x12_detachable_gen_1_firmware *
lenovo thinkpad_t14_gen_2_firmware -
lenovo thinkpad_l14_firmware -
lenovo thinkpad_x13_yoga_gen_3_firmware *
lenovo thinkpad_p1_gen_5_firmware *
lenovo thinkpad_x1_carbon_7th_gen_firmware -
lenovo thinkpad_p15v_gen_1_firmware *
lenovo thinkpad_l590_firmware *
lenovo thinkpad_t14s_firmware *
lenovo thinkpad_t14_gen_3_firmware -
lenovo thinkpad_p43s_firmware -
lenovo thinkpad_e590_firmware *
lenovo thinkpad_l13_gen_3_firmware *
lenovo thinkpad_p14s_gen_2_firmware -
lenovo thinkpad_e14_firmware *
lenovo thinkpad_t490_firmware -
lenovo thinkpad_p15_gen_2_firmware *
lenovo thinkpad_x1_extreme_2nd_gen_firmware *
lenovo thinkpad_x1_titanium_firmware *
lenovo thinkpad_x1_carbon_10th_gen_firmware *
lenovo thinkpad_x390_yoga_firmware *
lenovo thinkpad_t15p_gen_1_firmware *
lenovo thinkpad_t14_gen_2_firmware *
lenovo thinkpad_x1_nano_gen_1_firmware *
lenovo thinkpad_x1_carbon_9th_gen_firmware *
lenovo thinkpad_t14_gen_1_firmware *
lenovo thinkpad_t15g_gen_1_firmware *
lenovo thinkpad_p17_gen_1_firmware *
lenovo thinkpad_thinkpad_r14_gen_4_firmware *
lenovo thinkpad_t15p_gen_2_firmware *
lenovo thinkpad_p15s_gen_1_firmware *
lenovo thinkpad_t590_firmware -
lenovo thinkpad_e15_gen_4_firmware *
lenovo thinkpad_x13_yoga_gen_2_firmware *
lenovo thinkpad_x1_nano_gen_2_firmware *
lenovo thinkpad_l14_firmware *
lenovo thinkpad_p53s_firmware -
lenovo thinkpad_x1_yoga_5th_gen_firmware -
lenovo thinkpad_p15v_gen_2_firmware *
lenovo thinkpad_z16_gen_1_firmware *
lenovo thinkpad_t14s_gen_3_firmware *
lenovo thinkpad_l13_yoga_gen_3_firmware *
lenovo thinkpad_p16_gen_1_firmware *
lenovo thinkpad_p16s_gen_1_firmware -
lenovo thinkpad_e15_gen_2_firmware *
lenovo thinkpad_p17_gen_2_firmware *
lenovo thinkpad_p15s_gen_2_firmware -
lenovo thinkpad_p1_gen_2_firmware *
lenovo thinkpad_x13_yoga_gen_1_firmware *
lenovo thinkpad_p73_firmware *
lenovo thinkpad_p15v_gen_3_firmware *
lenovo thinkpad_thinkpad_s3_2nd_gen_firmware *
lenovo thinkpad_l15_gen_2_firmware -
lenovo thinkpad_x13_gen_2_firmware *
lenovo thinkpad_t15_gen_2_firmware -
lenovo thinkpad_p53_firmware *
lenovo thinkpad_x13_firmware *
lenovo thinkpad_t15g_gen_2_firmware *
lenovo thinkpad_p15_gen_1_firmware *
lenovo thinkpad_x1_extreme_3rd_gen_firmware *
lenovo thinkpad_thinkpad_r14_gen_2_firmware *
lenovo thinkpad_l15_gen_3_firmware *
lenovo thinkpad_e14_gen_2_firmware *
lenovo thinkpad_e14_gen_4_firmware *
lenovo thinkpad_p1_gen_3_firmware *
lenovo thinkpad_t490s_firmware -
lenovo thinkpad_t16_gen_1_firmware -
lenovo thinkpad_l15_firmware *
lenovo thinkpad_x13_gen_3_firmware *
lenovo thinkpad_x1_yoga_6th_gen_firmware *
lenovo thinkpad_t14s_gen_2_firmware *
lenovo thinkpad_e15_firmware *
lenovo thinkpad_e490s_firmware *
lenovo thinkpad_p14s_gen_2_firmware *
lenovo thinkpad_x1_extreme_4th_gen_firmware *
lenovo thinkpad_t15p_gen_3_firmware *
CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H 2.8 5.5

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-0896

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
lenovo smart_clock_essential_with_alexa_built_in_firmware *
CVE-2023-2290

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_x12_detachable_gen_1_firmware 1.28
lenovo thinkpad_p43s_firmware 1.79
lenovo thinkpad_x13_gen_2_firmware 1.51
lenovo thinkpad_p1_gen_5_firmware 1.16
lenovo thinkpad_p53s_firmware 1.21
lenovo thinkpad_z16_gen_1_firmware 1.57
lenovo thinkpad_t15g_gen_1_firmware 1.32
lenovo thinkpad_e15_firmware 1.23
lenovo thinkpad_thinkpad_r14_gen_2_firmware 1.55
lenovo thinkpad_thinkpad_s3_2nd_gen_firmware 1.23
lenovo thinkpad_l15_gen_2_firmware 1.48
lenovo thinkpad_e490_firmware 1.34
lenovo thinkpad_p73_firmware 1.4
lenovo thinkpad_t16_gen_1_firmware 1.11
lenovo thinkpad_x1_carbon_7th_gen_firmware 1.56
lenovo thinkpad_t490_firmware 1.79
lenovo thinkpad_p14s_gen_3_firmware 1.31
lenovo thinkpad_p16s_gen_1_firmware 1.11
lenovo thinkpad_p15s_gen_2_firmware 1.05
lenovo thinkpad_p14s_gen_2_firmware 1.05
lenovo thinkpad_t15_firmware 1.28
lenovo thinkpad_p16_gen_1_firmware 1.17
lenovo thinkpad_x1_extreme_2nd_gen_firmware 1.46
lenovo thinkpad_p14s_gen_2_firmware 1.55
lenovo thinkpad_x1_yoga_7th_gen_firmware 1.37
lenovo thinkpad_z13_gen_1_firmware 1.57
lenovo thinkpad_e15_gen_4_firmware 1.18
lenovo thinkpad_e590_firmware 1.34
lenovo thinkpad_l15_firmware 1.2
lenovo thinkpad_t14_gen_1_firmware 1.28
lenovo thinkpad_p17_gen_2_firmware 1.25
lenovo thinkpad_t15p_gen_2_firmware 1.19
lenovo thinkpad_p53s_firmware 1.79
lenovo thinkpad_x1_extreme_gen_5_firmware 1.16
lenovo thinkpad_x1_yoga_5th_gen_firmware 1.30
lenovo thinkpad_thinkpad_r14_gen_4_firmware 1.18
lenovo thinkpad_l15_gen_2_firmware 1.61
lenovo thinkpad_x1_yoga_4th_gen_firmware 1.56
lenovo thinkpad_t490s_firmware 1.24
lenovo thinkpad_t590_firmware 1.21
lenovo thinkpad_t15p_gen_3_firmware 1.15
lenovo thinkpad_t15g_gen_2_firmware 1.25
lenovo thinkpad_t14s_gen_3_firmware 1.33
lenovo thinkpad_e15_gen_4_firmware 1.16
lenovo thinkpad_t490_firmware 1.21
lenovo thinkpad_p15v_gen_2_firmware 1.19
lenovo thinkpad_l14_firmware 1.48
lenovo thinkpad_x1_carbon_8th_gen_firmware 1.15
lenovo thinkpad_p43s_firmware 1.21
lenovo thinkpad_x1_titanium_firmware 1.24
lenovo thinkpad_x13_firmware 1.26
lenovo thinkpad_p1_gen_3_firmware 1.27
lenovo thinkpad_x1_yoga_5th_gen_firmware 1.15
lenovo thinkpad_l15_gen_3_firmware 1.26
lenovo thinkpad_x390_firmware 1.79_1.24
lenovo thinkpad_p14s_gen_1_firmware 1.28
lenovo thinkpad_t490s_firmware 1.79
lenovo thinkpad_l15_firmware 1.3
lenovo thinkpad_l13_yoga_gen_3_firmware 1.14
lenovo thinkpad_t15p_gen_1_firmware 1.32
lenovo thinkpad_l590_firmware 1.32
lenovo thinkpad_p15_gen_1_firmware 1.32
lenovo thinkpad_t14_gen_3_firmware 1.31
lenovo thinkpad_t14_gen_2_firmware 1.55
lenovo thinkpad_p53_firmware 1.4
lenovo thinkpad_t14_gen_2_firmware 1.05
lenovo thinkpad_p14s_gen_3_firmware 1.11
lenovo thinkpad_x1_extreme_3rd_gen_firmware 1.27
lenovo thinkpad_t14s_firmware 1.26
lenovo thinkpad_e14_gen_4_firmware 1.18
lenovo thinkpad_l14_firmware 1.61
lenovo thinkpad_x13_gen_3_firmware 1.33
lenovo thinkpad_x13_gen_2_firmware 1.37
lenovo thinkpad_x1_extreme_4th_gen_firmware 1.22
lenovo thinkpad_e15_gen_2_firmware 1.55
lenovo thinkpad_l14_firmware 1.3
lenovo thinkpad_t16_gen_1_firmware 1.31
lenovo thinkpad_x1_carbon_10th_gen_firmware 1.37
lenovo thinkpad_e14_gen_4_firmware 1.16
lenovo thinkpad_x390_yoga_firmware 1.95
lenovo thinkpad_x1_nano_gen_1_firmware 1.55
lenovo thinkpad_p1_gen_4_firmware 1.22
lenovo thinkpad_e490s_firmware 1.34
lenovo thinkpad_x390_firmware 1.79
lenovo thinkpad_p15v_gen_1_firmware 1.32
lenovo thinkpad_l490_firmware 1.32
lenovo thinkpad_e14_firmware 1.23
lenovo thinkpad_p14s_gen_2_firmware 1.34
lenovo thinkpad_t590_firmware 1.79
lenovo thinkpad_p16s_gen_1_firmware 1.31
lenovo thinkpad_t14_gen_3_firmware 1.11
lenovo thinkpad_l14_firmware 1.2
lenovo thinkpad_x390_firmware 1.24
lenovo thinkpad_e14_gen_2_firmware 1.55
lenovo thinkpad_p15s_gen_2_firmware 1.55
lenovo thinkpad_x1_carbon_9th_gen_firmware 1.59
lenovo thinkpad_x1_yoga_4th_gen_firmware 1.45
lenovo thinkpad_x1_carbon_8th_gen_firmware 1.30
lenovo thinkpad_t15_gen_2_firmware 1.05
lenovo thinkpad_x13_yoga_gen_2_firmware 1.4
lenovo thinkpad_x13_yoga_gen_3_firmware 1.09
lenovo thinkpad_t14s_gen_2_firmware 1.51
lenovo thinkpad_x1_carbon_7th_gen_firmware 1.45
lenovo thinkpad_p15s_gen_1_firmware 1.28
lenovo thinkpad_p1_gen_2_firmware 1.46
lenovo thinkpad_l14_firmware 1.26
lenovo thinkpad_t14s_gen_2_firmware 1.37
lenovo thinkpad_t14_gen_2_firmware 1.34
lenovo thinkpad_l13_gen_3_firmware 1.14
lenovo thinkpad_t15_gen_2_firmware 1.55
lenovo thinkpad_p17_gen_1_firmware 1.32
lenovo thinkpad_x1_nano_gen_2_firmware 1.18
lenovo thinkpad_p15v_gen_3_firmware 1.15
lenovo thinkpad_x13_yoga_gen_1_firmware 1.45
lenovo thinkpad_p15_gen_2_firmware 1.25
lenovo thinkpad_x1_yoga_6th_gen_firmware 1.59
CVE-2023-25492

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-25495

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-25496

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo drivers_management *
CVE-2023-29056

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H 2.1 5.2

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-29058

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H 0.9 5.5

Products Affected

Vendor Product Version
lenovo thinksystem_sr850p_firmware *
lenovo thinksystem_sr860_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinksystem_st258_firmware *
lenovo thinkagile_mx3531-f_firmware *
lenovo thinksystem_sr670_v2_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinksystem_sr570_firmware *
lenovo thinksystem_sr530_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinksystem_sr650_firmware *
lenovo thinkagile_mx3331-f_firmware *
lenovo thinksystem_sd650_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinksystem_sr645_v3_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinksystem_st550_firmware *
lenovo thinkagile_mx3330-h_firmware *
lenovo thinksystem_sr850_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_mx3331-h_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinksystem_sr630_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinksystem_sr665_firmware *
lenovo thinksystem_sr860_v2_firmware *
lenovo thinksystem_sr665_v3_firmware *
lenovo thinksystem_sr250_v2_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinksystem_st250_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinksystem_sr850_v2_firmware *
lenovo thinkagile_hx7820_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_hx5520_firmware *
lenovo thinksystem_sr670_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinksystem_sr630_v2_firmware *
lenovo thinkagile_mx3330-f_firmware *
lenovo thinksystem_sr645_firmware *
lenovo thinkstation_p920_firmware *
lenovo thinkagile_hx2330_firmware 2.93_afbt30p
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinksystem_st250_v2_firmware *
lenovo thinksystem_sd650_v2_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx1320_firmware *
lenovo thinksystem_sr258_firmware *
lenovo thinkagile_hx7530_firmware *
lenovo thinkagile_hx1331_firmware *
lenovo thinksystem_sr250_firmware *
lenovo thinkagile_hx7520_firmware *
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_vx7520_n_firmware *
lenovo thinksystem_sn550_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinksystem_sr550_firmware *
lenovo thinksystem_st658_v2_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx_2u4n_firmware *
lenovo thinkagile_hx3520-g_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinksystem_sd530_firmware *
lenovo thinksystem_sr590_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinksystem_sn550_v2_firmware *
lenovo thinkagile_hx1520-r_firmware *
lenovo thinkagile_hx3720_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_mx1020_firmware *
lenovo thinkagile_mx1021_on_se350_firmware *
lenovo thinkagile_hx2720-e_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinksystem_sr150_firmware *
lenovo thinkagile_vx7320_n_firmware *
lenovo thinksystem_sr650_v2_firmware *
lenovo thinksystem_sn850_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinksystem_sr258_v2_firmware *
lenovo thinkedge_se450__firmware *
lenovo thinkagile_hx5530_firmware *
lenovo thinkagile_hx2320-e_firmware *
lenovo thinksystem_se350_firmware *
lenovo thinksystem_st258_v2_firmware *
lenovo thinkagile_mx3531_h_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_hx3320_firmware *
lenovo thinkagile_vx7330_firmware *
lenovo thinksystem_sr158_firmware *
lenovo thinkagile_hx2330_firmware *
lenovo thinksystem_sd650-n_v2_firmware *
lenovo thinkagile_hx5520-c_firmware *
lenovo thinkagile_hx3375_firmware *
lenovo thinkagile_hx3330_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinksystem_sd630_v2_firmware *
lenovo thinkagile_mx3530-h_firmware *
lenovo thinksystem_sr950_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinksystem_st650_v2_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_mx3530_f_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
CVE-2023-2992

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinkagile_cp-cb-10e_firmware *
lenovo thinksystem_d2_enclosure_firmware *
lenovo thinksystem_da240_enclosure_firmware *
lenovo thinkagile_vx_enclosure_firmware *
lenovo nextscale_n1200_enclosure_firmware *
lenovo thinkagile_cp-cb-10_firmware *
lenovo thinksystem_dw612_enclosure_firmware *
CVE-2023-2993

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

Products Affected

Vendor Product Version
lenovo thinkagile_hx_enclosure_certified_node_firmware *
lenovo thinkagile_cp-cb-10e_firmware *
lenovo thinksystem_d2_enclosure_firmware *
lenovo thinksystem_da240_enclosure_firmware *
lenovo thinkagile_vx_enclosure_firmware *
lenovo nextscale_n1200_enclosure_firmware *
lenovo thinkagile_cp-cb-10_firmware *
lenovo thinksystem_dw612_enclosure_firmware *
CVE-2023-3078

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo universal_device_client *
CVE-2023-3113

An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 3.9 4.2

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2023-34418

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2023-34419

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo legion_5-15ith6_firmware -
lenovo legion_5_15iah7h_firmware *
lenovo thinkbook_16p_g3_arh_firmware -
lenovo thinkbook_15p_g2_ith_firmware -
lenovo legion_5-17ach6h_firmware -
lenovo legion_5_pro-16ith6_firmware -
lenovo legion_5_pro-16ith6h_firmware -
lenovo legion_5_15arh7_firmware -
lenovo legion_5-15ach6a_firmware -
lenovo legion_5_15arh7h_firmware -
lenovo legion_5_pro-16ach6h_firmware -
lenovo legion_s7_16arha7_firmware -
lenovo legion_5-17ith6_firmware -
lenovo legion_5-15ach6_firmware -
lenovo legion_7-16arha7_firmware -
lenovo legion_5-15ith6h_firmware -
lenovo legion_5_pro_16iah7h_firmware *
lenovo legion_pro_7_16irx8h_firmware *
lenovo legion_5-15ach6h_firmware -
lenovo legion_5_pro-16ach6_firmware -
lenovo legion_5_pro_16iah7_firmware *
lenovo legion_pro_7_16irx8_firmware *
lenovo legion_7-16achg6_firmware -
lenovo legion_5_15iah7_firmware *
lenovo legion_5-17ach6_firmware -
lenovo legion_7-16ithg6_firmware -
lenovo legion_5_pro_16arh7h_firmware -
lenovo legion_5-17ith6h_firmware -
lenovo legion_pro_5_16irx8_firmware *
lenovo legion_5_pro_16arh7_firmware -
CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2023-34421

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2023-34422

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 1.2 5.2

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2023-4028

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkbook_13s_g4_iap_firmware *
lenovo flex_5-14alc05_firmware *
lenovo thinkbook_14s_g2_itl_firmware *
lenovo flex_5-14are05_firmware *
lenovo ideapad_1-14ada05_firmware *
lenovo flex_5-14iil05_firmware *
lenovo yoga_9-15imh5_firmware *
lenovo ideapad_1-11ada05_firmware *
lenovo flex_5-15iil05_firmware *
lenovo ideapad_1-14igl05_firmware *
lenovo ideapad_flex_5_16abr8_firmware *
lenovo ideapad_flex_5_14iru8_firmware *
lenovo thinkbook_13s_g2_are_firmware *
lenovo flex_7_14iru8_firmware *
lenovo ideapad_flex_5_16alc7_firmware *
lenovo ideapad_flex_5_14alc7_firmware *
lenovo thinkbook_13s_g3_acn_firmware *
lenovo ideapad_flex_5_14abr8_firmware *
lenovo flex_5-15alc05_firmware *
lenovo ideapad_flex_5_16iru8_firmware *
lenovo thinkbook_13s_g2_itl_firmware *
lenovo thinkbook_13x_g2_iap_firmware *
lenovo 13w_yoga_firmware *
lenovo ideapad_flex_5_14iau7_firmware *
lenovo flex_5-14itl05_firmware *
lenovo 13w_yoga_gen_2_firmware *
lenovo flex_5-15itl05_firmware *
lenovo ideapad_1-11igl05_firmware *
lenovo ideapad_flex_5_16iau7_firmware *
CVE-2023-4029

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_e15_gen_3_firmware *
lenovo thinkpad_s2_yoga_gen_6_firmware *
lenovo k14_type_21cv_firmware *
lenovo thinkpad_l13_gen_2_firmware *
lenovo thinkpad_l13_yoga_gen_3_firmware *
lenovo thinkpad_s2_yoga_gen_8_firmware *
lenovo thinkpad_l15_gen_2_firmware *
lenovo thinkpad_s2_gen_8_firmware *
lenovo thinkpad_l15_gen_4_firmware *
lenovo thinkpad_x13_gen_2_firmware *
lenovo thinkpad_l13_gen_3_firmware *
lenovo thinkpad_s2_gen_7_firmware *
lenovo thinkpad_l15_gen_3_firmware *
lenovo thinkpad_s2_yoga_gen_7_firmware *
lenovo thinkpad_l14_gen_4_firmware *
lenovo thinkpad_l13_yoga_gen_2_firmware *
lenovo thinkpad_l14_gen_3_firmware *
lenovo thinkpad_t14_gen_2_firmware *
lenovo thinkpad_e14_gen_3_firmware *
lenovo thinkpad_l13_yoga_gen_4_firmware *
lenovo thinkpad_l14_gen_2_firmware *
lenovo thinkpad_s2_gen_6_firmware *
lenovo k14_type_21cu_firmware *
lenovo thinkpad_l13_gen_4_firmware *
lenovo thinkpad_t14s_gen_2_firmware *
lenovo thinkpad_p14s_gen_2_firmware *
CVE-2023-4030

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_p15s_gen_2_firmware -
lenovo thinkpad_p14s_gen_2_firmware -
lenovo thinkpad_t14_gen_2_firmware -
lenovo thinkpad_t15_gen_2_firmware -
CVE-2023-43567

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43568

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43569

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43570

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43571

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43572

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43573

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43574

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6
psirt@lenovo.com 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43575

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43576

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43577

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43578

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43579

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43580

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-43581

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkcentre_m80q_firmware -
lenovo thinkstation_p330_workstation_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_neo_70t_gen_3_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo thinkcentre_m80q_gen_3_firmware -
lenovo ideacentre_aio_3-22iil5_firmware *
lenovo ideacentre_gaming_5-14acn6_firmware -
lenovo thinkstation_p320_workstation_firmware -
lenovo thinkcentre_neo_30a_24_gen_4_firmware *
lenovo thinkcentre_m90a_gen_2_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo thinkcentre_m90s_gen_3_firmware *
lenovo ideacentre_aio_3-27itl6_firmware *
lenovo ideacentre_5_14iab7_firmware *
lenovo thinkcentre_m625q_firmware -
lenovo thinkcentre_m70q_gen_2_firmware -
lenovo ideacentre_gaming_5_17iab7_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m90a_pro_gen_3_firmware *
lenovo thinkstation_p350_tiny_workstation_firmware -
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo legion_t5_26irb8_firmware *
lenovo thinkcentre_m80t_gen_3_firmware *
lenovo thinkcentre_neo_50a_24_gen_3_firmware *
lenovo ideacentre_aio_3-27imb05_firmware *
lenovo ideacentre_aio_3_27iap7_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware o5nkt33a
lenovo thinkstation_p340_tiny_workstation_firmware -
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo v30a-22itl_firmware *
lenovo legion_t7-34iaz7_firmware *
lenovo thinkcentre_m90t_gen_3_firmware *
lenovo thinkcentre_neo_30a_22_gen_3_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_neo_30a_22_gen_4_firmware *
lenovo thinkcentre_neo_30a_24_gen_3_firmware *
lenovo ideacentre_aio_3-22itl6_firmware *
lenovo ideacentre_aio_3-22imb05_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo v50a-22imb_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo v50a-24imb_firmware *
lenovo legion_t5_26iab7_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
lenovo thinkcentre_m75q_gen_2_firmware -
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo loq_17irb8_firmware *
lenovo thinkcentre_m70q_firmware -
lenovo ideacentre_aio_5_24iah7_firmware *
lenovo thinkcentre_m90q_tiny_firmware -
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo ideacentre_aio_3_22iap7_firmware *
lenovo legion_t7_34irz8_firmware *
lenovo thinkedge_se30_firmware -
lenovo ideacentre_aio_3-24iil5_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_neo_50a_24_gen_4_firmware *
lenovo ideacentre_mini_5-01imh05_firmware -
lenovo yoga_aio_7-27arh6_firmware -
lenovo thinkcentre_m70c_firmware *
lenovo yoga_aio_7_27arh7_firmware -
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo ideacentre_gaming_5_17acn7_firmware -
lenovo thinkcentre_m70a_gen_3_firmware -
lenovo thinkcentre_m90q_gen_2_firmware -
lenovo thinkcentre_m90q_gen_3_firmware -
lenovo thinkcentre_neo_30a_27_gen_3_firmware *
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo v50t-13iob_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo thinkcentre_m90a_gen_3_firmware *
lenovo thinkcentre_m70t_gen_3_firmware *
lenovo ideacentre_aio_3_21itl7_firmware *
lenovo ideacentre_aio_3-24itl6_firmware *
lenovo ideacentre_aio_3_24iap7_firmware *
lenovo thinkcentre_m70s_gen_3_firmware *
lenovo ideacentre_5-14acn6_firmware -
lenovo thinkcentre_m80s_gen_3_firmware *
lenovo thinkstation_p360_tiny_workstation_firmware -
lenovo ideacentre_5-14imb05_firmware *
lenovo ideacentre_aio_3-24alc6_firmware *
lenovo ideacentre_5_14irb8_firmware *
lenovo thinkcentre_m90s_firmware *
lenovo thinkcentre_neo_30a_27_gen_4_firmware *
lenovo v30a-24itl_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo ideacentre_aio_3-24imb05_firmware *
lenovo thinkstation_p348_workstation_firmware -
lenovo ideacentre_aio_5_27iah7_firmware *
lenovo ideacentre_t540-15ama_g_firmware -
lenovo thinkcentre_m630e_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo thinkstation_p358_workstation_firmware *
lenovo thinkstation_p360_ultra_workstation_firmware -
lenovo thinkcentre_neo_50t_gen_3_firmware *
CVE-2023-45075

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkedge_se30_firmware *
lenovo thinkstation_p330_workstation_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkstation_p340_tiny_workstation_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkstation_p320_workstation_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m630e_firmware -
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m820z_all-in-one_firmware *
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_m90s_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p348_workstation_firmware *
lenovo thinkstation_p330_tiny_workstation_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo v50a-24imb_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
CVE-2023-45076

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkedge_se30_firmware *
lenovo thinkstation_p330_workstation_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkstation_p340_tiny_workstation_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkstation_p320_workstation_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m630e_firmware -
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m820z_all-in-one_firmware *
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_m90s_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p348_workstation_firmware *
lenovo thinkstation_p330_tiny_workstation_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo v50a-24imb_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
CVE-2023-45077

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkedge_se30_firmware *
lenovo thinkstation_p330_workstation_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkstation_p340_tiny_workstation_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkstation_p320_workstation_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m630e_firmware -
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m820z_all-in-one_firmware *
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_m90s_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p348_workstation_firmware *
lenovo thinkstation_p330_tiny_workstation_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo v50a-24imb_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
CVE-2023-45078

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkedge_se30_firmware *
lenovo thinkstation_p330_workstation_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkstation_p340_tiny_workstation_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkstation_p320_workstation_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m630e_firmware -
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m820z_all-in-one_firmware *
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_m90s_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p348_workstation_firmware *
lenovo thinkstation_p330_tiny_workstation_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo v50a-24imb_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
CVE-2023-45079

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkedge_se30_firmware *
lenovo thinkstation_p330_workstation_firmware *
lenovo ideacentre_c5-14imb05_firmware *
lenovo v50t-13imh_firmware *
lenovo ideacentre_3-07ada05_firmware *
lenovo thinkcentre_m75t_gen_2_firmware -
lenovo thinkcentre_m920q_firmware *
lenovo thinkcentre_m70q_firmware *
lenovo thinkstation_p340_tiny_workstation_firmware *
lenovo ideacentre_5-14iob6_firmware *
lenovo thinkstation_p320_workstation_firmware *
lenovo v50t-13iob_g2_firmware *
lenovo thinkcentre_m920z_all-in-one_firmware *
lenovo ideacentre_creator_5-14iob6_firmware *
lenovo thinkcentre_m70s_firmware *
lenovo thinkcentre_m70t_firmware *
lenovo thinkstation_p520c_workstation_firmware -
lenovo ideacentre_g5-14imb05_firmware *
lenovo thinkcentre_m70c_firmware *
lenovo thinkcentre_m720q_firmware *
lenovo ideacentre_3-07imb05_firmware *
lenovo thinkstation_p360_workstation_firmware -
lenovo ideacentre_gaming_5-14iob6_firmware *
lenovo v50s-07imb_firmware *
lenovo thinkstation_p350_workstation_firmware -
lenovo v30a-22iml_firmware *
lenovo thinkcentre_m630e_firmware -
lenovo thinkstation_p720_workstation_firmware -
lenovo thinkcentre_m80t_firmware *
lenovo thinkcentre_m90t_firmware *
lenovo thinkcentre_m820z_all-in-one_firmware *
lenovo thinkstation_p330_workstation_2nd_gen_firmware *
lenovo thinkcentre_m720t_firmware *
lenovo thinkstation_p920_workstation_firmware -
lenovo ideacentre_mini_5-01imh05_firmware *
lenovo thinkcentre_m920x_firmware *
lenovo thinkcentre_m720s_firmware *
lenovo thinkstation_p340_workstation_firmware *
lenovo legion_t7-34imz5_firmware *
lenovo thinkcentre_m920s_firmware *
lenovo thinkcentre_m90q_tiny_firmware *
lenovo ideacentre_mini_5_01iaq7_firmware *
lenovo thinkcentre_m75s_gen_2_firmware -
lenovo thinkcentre_m90s_firmware *
lenovo v55t_gen_2_13acn_firmware *
lenovo thinkcentre_m70a_firmware *
lenovo thinkcentre_m920t_firmware *
lenovo thinkstation_p348_workstation_firmware *
lenovo thinkstation_p330_tiny_workstation_firmware *
lenovo v50a-22imb_firmware *
lenovo thinkcentre_m625q_firmware *
lenovo thinkcentre_m75n_firmware *
lenovo v50t-13imb_firmware *
lenovo thinkstation_p360_workstation_firmware *
lenovo thinkcentre_m80q_firmware *
lenovo thinkcentre_m80s_firmware *
lenovo thinkcentre_m90a_firmware *
lenovo thinkstation_p520_workstation_firmware -
lenovo v50a-24imb_firmware *
lenovo thinkcentre_m75q_gen_2_firmware *
lenovo ideacentre_g5-14amr05_firmware *
lenovo v30a-24iml_firmware *
CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.   This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2
psirt@lenovo.com 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
lenovo thinksystem_sr650_v3_firmware -
lenovo thinkagile_vx7530_firmware -
lenovo thinkagile_mx3330-h_hybrid_firmware -
lenovo thinksystem_sr670_v2_firmware -
lenovo thinksystem_sr630_v3_firmware -
lenovo thinksystem_sr630_v2_firmware -
lenovo thinkagile_hx7531_firmware -
lenovo thinkagile_hx2330_firmware -
lenovo thinksystem_sd650_v3_firmware -
lenovo thinkagile_vx3331_firmware -
lenovo thinkagile_hx5530_firmware -
lenovo thinksystem_sr645_v3_firmware -
lenovo thinkagile_vx3330_firmware -
lenovo thinkagile_vx7330_firmware -
lenovo thinkagile_hx3331_firmware -
lenovo thinkagile_vx2330_firmware -
lenovo thinkagile_mx3331-f_all-flash_firmware -
lenovo thinkagile_hx2331_firmware -
lenovo thinksystem_st258_v2_firmware -
lenovo thinksystem_sr645_firmware -
lenovo thinkagile_hx3330_firmware -
lenovo thinkagile_hx1331_firmware -
lenovo thinksystem_sr650_v2_firmware -
lenovo thinksystem_sr860_v3_firmware -
lenovo thinksystem_st250_v2_firmware -
lenovo thinkagile_hx3376_firmware -
lenovo thinkagile_mx3531-f_all-flash_firmware -
lenovo thinksystem_sr675_v3_firmware -
lenovo thinksystem_sr635_v3_firmware -
lenovo thinksystem_sr850_v3_firmware -
lenovo thinksystem_sr250_firmware -
lenovo thinksystem_sr860_v2_firmware -
lenovo thinksystem_sr665_firmware -
lenovo thinkagile_vx7531_firmware -
lenovo thinksystem_sd665_v3_firmware -
lenovo thinksystem_sr258_v2_firmware -
lenovo thinkagile_vx5530_firmware -
lenovo thinksystem_sr665_v3_firmware -
lenovo thinkagile_mx3331-h_hybrid_firmware -
lenovo thinkagile_hx5531_firmware -
lenovo thinksystem_sr850_v2_firmware -
lenovo thinkagile_mx3530-h_hybrid_firmware -
lenovo thinksystem_sn550_v2_firmware -
lenovo thinksystem_st650_v3_firmware -
lenovo thinksystem_st658_v3_firmware -
lenovo thinksystem_sd630_v2_firmware -
lenovo thinkagile_mx3530_f_all_flash_firmware -
lenovo thinkagile_mx3330-f_all-flash_firmware -
lenovo thinkagile_mx3531_h_hybrid_firmware -
lenovo thinksystem_sd650_v2_firmware -
lenovo thinksystem_sd650-n_v2_firmware -
lenovo thinksystem_st650_v2_firmware -
lenovo thinksystem_sr655_v3_firmware -
lenovo thinksystem_sr670_firmware -
lenovo thinkagile_hx7530_firmware -
lenovo thinkagile_hx3375_firmware -
lenovo thinkagile_vx3530-g_firmware -
lenovo thinksystem_st658_v2_firmware -
CVE-2023-4607

An authenticated XCC user can change permissions for any user through a crafted API command.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
psirt@lenovo.com 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
lenovo thinksystem_sr650_v3_firmware -
lenovo thinksystem_sd650_dwc_dual_node_tray_firmware -
lenovo thinkagile_hx_enclosure_firmware -
lenovo thinkagile_hx7821_firmware -
lenovo thinksystem_sr570_firmware -
lenovo thinksystem_sr630_v3_firmware -
lenovo thinkagile_hx5520_firmware -
lenovo thinksystem_sr630_v2_firmware -
lenovo thinkagile_hx7531_firmware -
lenovo thinkagile_hx2330_firmware -
lenovo thinksystem_sd650_v3_firmware -
lenovo thinkagile_vx3330_firmware -
lenovo thinkagile_hx3331_firmware -
lenovo thinkagile_mx650_v3_firmware -
lenovo thinkagile_vx2330_firmware -
lenovo thinkagile_vx7820_firmware -
lenovo thinkagile_mx3331-f_all-flash_firmware -
lenovo thinkagile_hx2331_firmware -
lenovo thinkagile_hx3721_firmware -
lenovo thinksystem_sr645_firmware -
lenovo thinkagile_vx_2u4n_firmware -
lenovo thinkagile_hx3330_firmware -
lenovo thinksystem_sr860_v3_firmware -
lenovo thinksystem_st250_v2_firmware -
lenovo thinkagile_hx2720-e_firmware -
lenovo thinkagile_vx1320_firmware -
lenovo thinksystem_sr675_v3_firmware -
lenovo thinksystem_sr635_v3_firmware -
lenovo thinkagile_hx1321_firmware -
lenovo thinkagile_hx1320_firmware -
lenovo thinksystem_sr158_firmware -
lenovo thinksystem_sr250_firmware -
lenovo thinksystem_sr150_firmware -
lenovo thinksystem_sr665_firmware -
lenovo thinkagile_vx7531_firmware -
lenovo thinksystem_sr850p_firmware -
lenovo thinksystem_sr258_v2_firmware -
lenovo thinkagile_hx5520-c_firmware -
lenovo thinkagile_hx5531_firmware -
lenovo thinkagile_hx3720_firmware -
lenovo thinksystem_sr630_firmware -
lenovo thinksystem_sr550_firmware -
lenovo thinkagile_mx3530-h_hybrid_firmware -
lenovo thinksystem_sn550_v2_firmware -
lenovo thinksystem_st650_v3_firmware -
lenovo thinkagile_hx7520_firmware -
lenovo thinkagile_hx1021_edg_firmware -
lenovo thinkagile_hx1521-r_firmware -
lenovo thinkagile_hx2321_firmware -
lenovo thinksystem_sr530_firmware -
lenovo thinkagile_vx2320_firmware -
lenovo thinkagile_mx3530_f_all_flash_firmware -
lenovo thinkagile_hx3320_firmware -
lenovo thinksystem_sd650_v2_firmware -
lenovo thinksystem_sr258_firmware -
lenovo thinksystem_sd650-n_v2_firmware -
lenovo thinksystem_sr850_firmware -
lenovo thinkagile_hx1520-r_firmware -
lenovo thinksystem_sr655_v3_firmware -
lenovo thinkagile_vx_4u_firmware -
lenovo thinksystem_st250_firmware -
lenovo thinkagile_hx3321_firmware -
lenovo thinksystem_st658_v2_firmware -
lenovo thinkagile_vx7520_firmware -
lenovo thinkagile_vx7530_firmware -
lenovo thinkagile_mx3330-h_hybrid_firmware -
lenovo thinksystem_sr670_v2_firmware -
lenovo thinksystem_st550_firmware -
lenovo thinksystem_sn550_firmware -
lenovo thinksystem_se350_firmware -
lenovo thinksystem_sr650_firmware -
lenovo thinkagile_vx3331_firmware -
lenovo thinkagile_hx3520-g_firmware -
lenovo thinkagile_hx5530_firmware -
lenovo thinksystem_sr645_v3_firmware -
lenovo thinkagile_vx7520_n_firmware -
lenovo thinkagile_vx7330_firmware -
lenovo thinkagile_hx3521-g_firmware -
lenovo thinkagile_vx5520_firmware -
lenovo thinkagile_hx7820_firmware -
lenovo thinksystem_sn850_firmware -
lenovo thinkagile_hx5521-c_firmware -
lenovo thinkagile_mx650_v3_intergrated_system_firmware -
lenovo thinkagile_vx7320_n_firmware -
lenovo thinksystem_st258_v2_firmware -
lenovo thinkagile_hx2320-e_firmware -
lenovo thinkagile_hx1331_firmware -
lenovo thinksystem_sr650_v2_firmware -
lenovo thinkagile_hx3376_firmware -
lenovo thinkagile_mx3531-f_all-flash_firmware -
lenovo thinkagile_hx7521_firmware -
lenovo thinksystem_sr590_firmware -
lenovo thinksystem_sr850_v3_firmware -
lenovo thinksystem_st258_firmware -
lenovo thinksystem_sr860_v2_firmware -
lenovo thinksystem_sr860_firmware -
lenovo thinkagile_vx3320_firmware -
lenovo thinksystem_sd665_v3_firmware -
lenovo thinkagile_vx5530_firmware -
lenovo thinksystem_sr665_v3_firmware -
lenovo thinkagile_mx3331-h_hybrid_firmware -
lenovo thinksystem_sr850_v2_firmware -
lenovo thinkagile_hx5521_firmware -
lenovo thinkagile_vx3520-g_firmware -
lenovo thinkagile_mx_edge-_mx1020__firmware -
lenovo thinkagile_vx_1se_firmware -
lenovo thinksystem_st658_v3_firmware -
lenovo thinksystem_sd530_firmware -
lenovo thinksystem_sr950_firmware -
lenovo thinksystem_sd630_v2_firmware -
lenovo thinkagile_mx630_v3_firmware -
lenovo thinkagile_mx3330-f_all-flash_firmware -
lenovo thinkagile_mx3531_h_hybrid_firmware -
lenovo thinkedge_se450__firmware -
lenovo thinkagile_vx3720_firmware -
lenovo thinksystem_sd650_dual_node_tray_firmware -
lenovo thinkagile_mx630_v3_intergrated_system_firmware -
lenovo thinksystem_st650_v2_firmware -
lenovo thinkagile_mx1021_on_se350_firmware -
lenovo thinksystem_sr670_firmware -
lenovo thinkagile_hx7530_firmware -
lenovo thinkagile_hx3375_firmware -
lenovo thinkagile_vx3530-g_firmware -
CVE-2023-4608

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.  This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9
psirt@lenovo.com 4.1 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L 0.7 3.4

Products Affected

Vendor Product Version
lenovo thinksystem_sr650_v3_firmware -
lenovo thinkagile_vx7530_firmware -
lenovo thinkagile_mx3330-h_hybrid_firmware -
lenovo thinksystem_sr670_v2_firmware -
lenovo thinksystem_sr630_v3_firmware -
lenovo thinksystem_sr630_v2_firmware -
lenovo thinkagile_hx7531_firmware -
lenovo thinkagile_hx2330_firmware -
lenovo thinksystem_sd650_v3_firmware -
lenovo thinkagile_vx3331_firmware -
lenovo thinkagile_hx5530_firmware -
lenovo thinksystem_sr645_v3_firmware -
lenovo thinkagile_vx3330_firmware -
lenovo thinkagile_vx7330_firmware -
lenovo thinkagile_hx3331_firmware -
lenovo thinkagile_vx2330_firmware -
lenovo thinkagile_mx3331-f_all-flash_firmware -
lenovo thinkagile_hx2331_firmware -
lenovo thinksystem_st258_v2_firmware -
lenovo thinksystem_sr645_firmware -
lenovo thinkagile_hx3330_firmware -
lenovo thinkagile_hx1331_firmware -
lenovo thinksystem_sr650_v2_firmware -
lenovo thinksystem_sr860_v3_firmware -
lenovo thinksystem_st250_v2_firmware -
lenovo thinkagile_hx3376_firmware -
lenovo thinkagile_mx3531-f_all-flash_firmware -
lenovo thinksystem_sr675_v3_firmware -
lenovo thinksystem_sr635_v3_firmware -
lenovo thinksystem_sr850_v3_firmware -
lenovo thinksystem_sr250_firmware -
lenovo thinksystem_sr860_v2_firmware -
lenovo thinksystem_sr665_firmware -
lenovo thinkagile_vx7531_firmware -
lenovo thinksystem_sd665_v3_firmware -
lenovo thinksystem_sr258_v2_firmware -
lenovo thinkagile_vx5530_firmware -
lenovo thinksystem_sr665_v3_firmware -
lenovo thinkagile_mx3331-h_hybrid_firmware -
lenovo thinkagile_hx5531_firmware -
lenovo thinksystem_sr850_v2_firmware -
lenovo thinkagile_mx3530-h_hybrid_firmware -
lenovo thinksystem_sn550_v2_firmware -
lenovo thinksystem_st650_v3_firmware -
lenovo thinksystem_st658_v3_firmware -
lenovo thinksystem_sd630_v2_firmware -
lenovo thinkagile_mx3530_f_all_flash_firmware -
lenovo thinkagile_mx3330-f_all-flash_firmware -
lenovo thinkagile_mx3531_h_hybrid_firmware -
lenovo thinksystem_sd650_v2_firmware -
lenovo thinksystem_sd650-n_v2_firmware -
lenovo thinksystem_st650_v2_firmware -
lenovo thinksystem_sr655_v3_firmware -
lenovo thinksystem_sr670_firmware -
lenovo thinkagile_hx7530_firmware -
lenovo thinkagile_hx3375_firmware -
lenovo thinkagile_vx3530-g_firmware -
lenovo thinksystem_st658_v2_firmware -
CVE-2023-4632

An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo system_update *
CVE-2023-4706

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo preload_directory -
CVE-2023-4891

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
lenovo view_driver *
CVE-2023-5075

A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo ideapad_duet_3_10igl5_firmware *
CVE-2023-5078

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
lenovo thinkpad_s2_yoga_gen_6_firmware -
lenovo thinkpad_t14s_gen_3_firmware -
lenovo thinkpad_l15_gen_3_firmware *
lenovo thinkpad_s2_yoga_gen_7_firmware *
lenovo thinkpad_p14s_gen_3_firmware -
lenovo thinkpad_l13_gen_2_firmware -
lenovo thinkpad_s2_yoga_gen_8_firmware -
lenovo thinkpad_l13_gen_4_firmware -
lenovo thinkpad_x13_gen_3_firmware -
lenovo thinkpad_t16_gen_1_firmware -
lenovo thinkpad_l14_gen_4_firmware *
lenovo thinkpad_l13_yoga_gen_3_firmware *
lenovo thinkpad_l14_gen_3_firmware *
lenovo thinkpad_s2_gen_8_firmware -
lenovo thinkpad_p16s_gen_1_firmware -
lenovo thinkpad_l13_yoga_gen_4_firmware -
lenovo thinkpad_l15_gen_4_firmware *
lenovo thinkpad_t14_gen_3_firmware -
lenovo thinkpad_l13_yoga_gen_2_firmware -
lenovo thinkpad_l13_gen_3_firmware *
CVE-2023-5079

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
psirt@lenovo.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
lenovo lecloud *
CVE-2023-5080

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.8 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H 2.5 4.2
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo tab_m8_hd_tb8505fs_firmware *
lenovo tab_m8_hd_tb8505xs_firmware *
lenovo tab_p11_pro_gen_2_tb132fu_firmware *
lenovo tab_m8_hd_tb8505x_firmware *
lenovo tab_m8_hd_tb8505f_firmware *
lenovo tab_m10_plus_gen_3_tb125fu_firmware *
CVE-2023-5081

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

Products Affected

Vendor Product Version
lenovo tab_m8_hd_tb8505fs_firmware *
lenovo tab_m8_hd_tb8505xs_firmware *
lenovo tab_m8_hd_tb8505x_firmware *
lenovo tab_m8_hd_tb8505f_firmware *
CVE-2023-6043

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2023-6044

A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9
psirt@lenovo.com 6.3 MEDIUM CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.4 5.9

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2023-6338

Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo universal_device_client *
CVE-2023-6450

An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
lenovo app_store *
CVE-2023-6540

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
lenovo browser_hd *
lenovo browser_mobile *
CVE-2024-23591

ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 2.0 LOW CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N 0.6 1.4

Products Affected

Vendor Product Version
lenovo thinksystem_sr670_v2_firmware *
CVE-2024-2659

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user with elevated privileges to execute system commands when performing a specific administrative function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

Products Affected

Vendor Product Version
lenovo thinkagile_hx3331_firmware *
lenovo thinkagile_cp-cb-10e_firmware *
lenovo thinkagile_vx2330_firmware *
lenovo thinkagile_hx5531_firmware *
lenovo thinkagile_cp-cb-10_firmware *
lenovo thinkagile_hx645_v3_firmware *
lenovo thinkagile_hx3721_firmware *
lenovo thinkagile_vx5575_firmware *
lenovo thinkagile_hx5521_firmware *
lenovo thinkagile_hx5521-c_firmware *
lenovo thinkagile_vx7575_firmware *
lenovo thinkagile_hx650_v3_firmware *
lenovo thinkagile_vx3520-g_firmware *
lenovo thinkagile_hx630_v3_firmware *
lenovo thinkagile_vx1320_firmware *
lenovo thinkagile_vx630_v3_firmware *
lenovo thinkagile_vx_2u_firmware *
lenovo thinkagile_vx7375-n_firmware *
lenovo thinkagile_vx655_v3_firmware *
lenovo thinkagile_vx3330_firmware *
lenovo thinkagile_vx7320-n_firmware *
lenovo thinkagile_vx_1se_firmware *
lenovo thinkagile_vx665_v3_firmware *
lenovo thinksystem_dw612_firmware *
lenovo thinkagile_hx1521-r_firmware *
lenovo thinkagile_vx3375_firmware *
lenovo thinkagile_vx7530_firmware *
lenovo thinkagile_hx3321_firmware *
lenovo thinkagile_hx1321_firmware *
lenovo thinkagile_hx7821_firmware *
lenovo thinkagile_vx630_v4_firmware *
lenovo thinkagile_hx7521_firmware *
lenovo thinkagile_vx7330-n_firmware *
lenovo thinkagile_vx5530_firmware *
lenovo thinkagile_vx7820_firmware *
lenovo thinkagile_vx650_v4_firmware *
lenovo thinkagile_vx3331_firmware *
lenovo thinkagile_hx7531_firmware *
lenovo thinkagile_vx3320_firmware *
lenovo thinkagile_vx645_v3_firmware *
lenovo thinkagile_vx650_v3_firmware *
lenovo thinkagile_2u4n_firmware *
lenovo thinkagile_vx2375_firmware *
lenovo thinkagile_vx3575-g_firmware *
lenovo thinkagile_hx2321_firmware *
lenovo thinkagile_vx2320_firmware *
lenovo thinkagile_vx7520_firmware *
lenovo thinkagile_vx3376_firmware *
lenovo thinkagile_hx_e1_enclosure_firmware *
lenovo thinksystem_da240_firmware *
lenovo thinkagile_hx665_v3_firmware *
lenovo thinkagile_hx3376_firmware *
lenovo thinkagile_hx3521-g_firmware *
lenovo thinkagile_vx5520_firmware *
lenovo thinksystem_d2_enclosure_firmware *
lenovo thinkagile_hx_enclosure_firmware *
lenovo thinkagile_hx_e2_enclosure_firmware *
lenovo thinkagile_vx635_v3_firmware *
lenovo thinkagile_vx_4u_firmware *
lenovo thinkagile_vx3720_firmware *
lenovo thinkagile_vx_1u_firmware *
lenovo thinkagile_hx1021_firmware *
lenovo thinkagile_vx7531_firmware *
lenovo thinkagile_hx2331_firmware *
lenovo thinkagile_vx3530-g_firmware *
lenovo nextscale_n1200_enclosure_firmware *
lenovo thinkagile_vx850_v3_firmware *
lenovo thinkagile_hx1331_firmware *
CVE-2024-45103

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 2.8 1.4

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2024-45104

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.8 3.4

Products Affected

Vendor Product Version
lenovo xclarity_administrator *
CVE-2024-5474

A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges during installation of the package. Previously installed versions are not affected by this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
lenovo dolby_vision_provisioning *
CVE-2025-10581

A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2025-13453

A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
lenovo thinkplus_fu200_firmware -
lenovo thinkplus_fu100_firmware -
lenovo thinkplus_tsd303_firmware -
lenovo thinkplus_tu800_firmware -
CVE-2025-13454

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

Products Affected

Vendor Product Version
lenovo thinkplus_fu200_firmware -
lenovo thinkplus_fu100_firmware -
lenovo thinkplus_tsd303_firmware -
lenovo thinkplus_tu800_firmware -
CVE-2025-13455

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo thinkplus_fu200_firmware -
lenovo thinkplus_fu100_firmware -
lenovo thinkplus_tsd303_firmware -
lenovo thinkplus_tu800_firmware -
CVE-2025-2501

An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2025-2502

An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2025-2503

An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2025-6230

A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4
psirt@lenovo.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
lenovo commercial_vantage *
lenovo vantage *
CVE-2025-6231

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo commercial_vantage *
lenovo vantage *
CVE-2025-6232

An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo commercial_vantage *
lenovo vantage *
CVE-2025-8098

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2025-8485

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.3 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 1.3 5.9

Products Affected

Vendor Product Version
lenovo app_store *
CVE-2025-8486

A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
lenovo pcmanager *
CVE-2026-1715

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2026-1716

An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 1.8 5.2

Products Affected

Vendor Product Version
lenovo vantage *
CVE-2026-1717

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@lenovo.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
lenovo vantage *