Vulnerabilites related to lenovo - 13w_yoga_gen_2
cve-2023-4028
Vulnerability from cvelistv5
Published
2023-08-17 16:48
Modified
2024-10-08 13:50
Severity ?
EPSS score ?
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Lenovo Notebook |
Version: various |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:17:11.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-134879", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_16iau7", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_16iru8", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "13w_yoga", vendor: "lenovo", versions: [ { status: "affected", version: "82s1", }, { status: "affected", version: "82s2", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "13w_yoga_gen_2", vendor: "lenovo", versions: [ { status: "affected", version: "82yr", }, { status: "affected", version: "82y2", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_5-14alc05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_5-14alc05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_5-15alc05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_5-15alc05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-14are05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-14iil05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-14itl05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-15alc05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-15iil05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_5-15itl05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_1-11ada05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_1-11igl05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_1-14ada05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_1-14igl05", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_14abr8", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_14alc7", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_14iau7", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_14iru8", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_16abr8", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ideapad_flex_5_16alc7", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:o:lenovo:flex_7_14iau7_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_7_14iau7_firmware", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "flex_7_14iru8", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_13s_g2_are", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_13s_g2_itl", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_13s_g3_acn", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_13s_g4_iap", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_13x_g2_iap", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "thinkbook_14s_g2_itl", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "yoga_9-15imh5", vendor: "lenovo", versions: [ { status: "affected", version: "0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-4028", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T13:16:57.654067Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T13:50:36.650Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Lenovo Notebook", vendor: "Lenovo", versions: [ { status: "affected", version: "various", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.", }, ], value: "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-17T16:48:06.884Z", orgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", shortName: "lenovo", }, references: [ { url: "https://support.lenovo.com/us/en/product_security/LEN-134879", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.", }, ], value: "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879.", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", assignerShortName: "lenovo", cveId: "CVE-2023-4028", datePublished: "2023-08-17T16:48:06.884Z", dateReserved: "2023-07-31T16:44:11.696Z", dateUpdated: "2024-10-08T13:50:36.650Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-08-17 17:15
Modified
2024-11-21 08:34
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:13w_yoga_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DF7BF123-9EBB-4CEE-85DC-37301245397C", versionEndExcluding: "jacn38ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:13w_yoga:-:*:*:*:*:*:*:*", matchCriteriaId: "B0C79699-F690-4A4D-80E5-408CE4A214AA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:13w_yoga_gen_2_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "711FF6F4-24F9-47DE-A1CC-1EC5487C6FE5", versionEndExcluding: "kbcn20ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:13w_yoga_gen_2:-:*:*:*:*:*:*:*", matchCriteriaId: "B3AC338E-5E5F-4CCD-86EF-3995BA401703", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "AADF8DBE-D68A-4C58-A531-0CA241A10E46", versionEndExcluding: "fqcn29ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*", matchCriteriaId: "A7C32B51-6F03-4568-BCDF-D59867AC4723", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0F142589-62C9-4FE3-BE45-92DB86551EBE", versionEndExcluding: "dwcn28ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*", matchCriteriaId: "0AC62EEC-713B-4559-8AB7-0B2B0F4D84F6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0AD7471F-965D-4C4F-8F77-B8E1FE182B0F", versionEndExcluding: "fqcn29ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*", matchCriteriaId: "41F01C73-2B64-47E4-8A04-27426CCCEFE9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D9527B25-661A-4F69-9ADF-5465E42FF49F", versionEndExcluding: "dwcn28ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*", matchCriteriaId: "076B2AA1-ED0B-47B3-B6E2-FFEBB21220AB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-14alc05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A2F821DB-0EB6-477A-BFB2-86B794A2E623", versionEndExcluding: "gjcn32ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-14alc05:-:*:*:*:*:*:*:*", matchCriteriaId: "58A5B398-8997-4023-9555-C9FB301B2053", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-14are05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A6C77E5D-E758-4FFD-A07A-F1B65B0569D8", versionEndExcluding: "eecn43ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-14are05:-:*:*:*:*:*:*:*", matchCriteriaId: "6307A1E8-45B4-483C-B13D-F6F25F504D21", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-14iil05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8C192437-50B9-48BC-9665-E55F7B62A9A5", versionEndExcluding: "eccn45ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-14iil05:-:*:*:*:*:*:*:*", matchCriteriaId: "395BCDC7-B5C3-4FB7-96BD-849572AB50DB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-14itl05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7F3FBB00-C47E-4B60-85F4-8EB10B50A2E3", versionEndExcluding: "fxcn44ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-14itl05:-:*:*:*:*:*:*:*", matchCriteriaId: "941A9478-5A03-46FC-888A-EF75DDCB234A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-15alc05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1D411211-70B6-41B1-99FE-1E6BC6B4B03E", versionEndExcluding: "gjcn32ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-15alc05:-:*:*:*:*:*:*:*", matchCriteriaId: "A3779495-A1FA-4589-AADA-C52E56C8B3E7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-15iil05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "591BC6F7-4E26-4E24-B630-48AB78A3A7F3", versionEndExcluding: "eccn45ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-15iil05:-:*:*:*:*:*:*:*", matchCriteriaId: "7E8D5080-1656-4587-AFEA-C6A438987DAE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_5-15itl05_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "4680E2A9-4684-4C7A-8125-D7938C77A3F7", versionEndExcluding: "fxcn44ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_5-15itl05:-:*:*:*:*:*:*:*", matchCriteriaId: "DC0C9D69-BF79-44AA-955B-8EE202B03114", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_14abr8_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F78333EB-CBB7-40B7-A96F-B082A08CAB31", versionEndExcluding: "l7cn17ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_14abr8:-:*:*:*:*:*:*:*", matchCriteriaId: "8F725EAD-9C36-44E0-826A-5D369881539C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_14alc7_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "395914E6-629A-4CE4-80D1-DF9D7482F184", versionEndExcluding: "jccn35ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_14alc7:-:*:*:*:*:*:*:*", matchCriteriaId: "CC57D455-CC71-48E0-9A3E-66FAFB562A13", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_14iau7_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F994F689-45A6-4F0D-8725-AEF47AEDA3CB", versionEndExcluding: "j7cn44ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_14iau7:-:*:*:*:*:*:*:*", matchCriteriaId: "7727853D-2594-418A-8389-4279089C34ED", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_14iru8_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5B4A75D6-2A02-467E-9080-F0EF2C2117B6", versionEndExcluding: "l6cn20ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_14iru8:-:*:*:*:*:*:*:*", matchCriteriaId: "829A56C6-D4C8-4A0A-B77B-A63A9050EC46", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_16abr8_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "09233791-014F-40AD-8631-44F7D4B63E7B", versionEndExcluding: "l7cn17ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_16abr8:-:*:*:*:*:*:*:*", matchCriteriaId: "E7F2D28D-9343-40A7-8379-F7269EAFCF07", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_16alc7_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "147D0422-1667-4102-B0FB-D6936CBB8622", versionEndExcluding: "jccn35ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_16alc7:-:*:*:*:*:*:*:*", matchCriteriaId: "2BB069F7-190E-4CD9-9300-CE34E5C94880", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_16iau7_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1B0A754B-7F45-4E18-AE1B-BBC179B5FAC2", versionEndExcluding: "j7cn44ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_16iau7:-:*:*:*:*:*:*:*", matchCriteriaId: "10E4E147-6A1D-490B-8DE5-095923A31AE5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:ideapad_flex_5_16iru8_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "30CB6C0E-6DCC-4F3A-89AA-24C8B7350112", versionEndExcluding: "l6cn20ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:ideapad_flex_5_16iru8:-:*:*:*:*:*:*:*", matchCriteriaId: "5DEC6EDF-B1C2-40AB-AD03-3E8422A4DAC4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:flex_7_14iru8_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5E62C036-B9CB-46B6-A518-5D989791343C", versionEndExcluding: "l6cn20ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:flex_7_14iru8:-:*:*:*:*:*:*:*", matchCriteriaId: "0ABEFEF0-03CC-48EA-84F8-608344B826E8", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_13s_g2_are_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C957B5AB-B74C-4330-88EE-10379146E2E8", versionEndExcluding: "fvcn28ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_13s_g2_are:-:*:*:*:*:*:*:*", matchCriteriaId: "CF07F8EA-8901-49AD-B001-D2FA4C2347F4", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_13s_g2_itl_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "56E26764-6660-4E85-A1B6-4A2CA4850DCD", versionEndExcluding: "f9cn57ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_13s_g2_itl:-:*:*:*:*:*:*:*", matchCriteriaId: "402E5B1C-7786-4102-9844-6FFB9D810204", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_13s_g3_acn_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "DC16E24A-948B-4027-93DE-A90306A7D98A", versionEndExcluding: "gmcn35ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_13s_g3_acn:-:*:*:*:*:*:*:*", matchCriteriaId: "F8F67521-7E7E-4B90-886B-EE54B8D1A5D6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_13s_g4_iap_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D700597B-1DBB-446A-95B3-086BEBAD12EC", versionEndExcluding: "hwcn49ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_13s_g4_iap:-:*:*:*:*:*:*:*", matchCriteriaId: "7A20DC2B-4B76-47C3-B0AC-77FC7F49305C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_13x_g2_iap_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DFAC97-DB42-44AE-8FC6-45F06B6FA64A", versionEndExcluding: "hxcn54ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_13x_g2_iap:-:*:*:*:*:*:*:*", matchCriteriaId: "51285D29-591D-471B-B63B-18C19B5B82DD", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:thinkbook_14s_g2_itl_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "FBBCC13F-4D16-4768-AAB5-EE2F061610DF", versionEndExcluding: "f9cn57ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:thinkbook_14s_g2_itl:-:*:*:*:*:*:*:*", matchCriteriaId: "463EB277-DEF6-4FE3-A07D-6F373C040EFE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:yoga_9-15imh5_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "5488AD2D-DB5E-4205-8124-5F1BEE20BBE6", versionEndExcluding: "epcn32ww", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:yoga_9-15imh5:-:*:*:*:*:*:*:*", matchCriteriaId: "351885D4-6E5E-4224-A967-68E6338FBA23", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.", }, { lang: "es", value: "Se ha identificado un desbordamiento de búfer en el controlador SystemUserMasterHddPwdDxe de algunos productos portátiles de Lenovo que puede permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario.", }, ], id: "CVE-2023-4028", lastModified: "2024-11-21T08:34:15.500", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "psirt@lenovo.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-17T17:15:10.217", references: [ { source: "psirt@lenovo.com", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-134879", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-134879", }, ], sourceIdentifier: "psirt@lenovo.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "psirt@lenovo.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }