Search criteria
12 vulnerabilities found for notebook by lenovo
VAR-201611-0150
Vulnerability from variot - Updated: 2023-12-18 13:44A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. LenovoNotebook and ThinkServer are products of China Lenovo. The former is the notebook series, the latter is the server series. A local elevation of privilege vulnerability exists in the LenovoNotebook and ThinkServer systems. A local attacker can leverage this issue to gain elevated privileges. There are security vulnerabilities in Lenovo Notebook and ThinkServer systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0150",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "notebook yoga 710 11ikb bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook k41 80 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook xiaoxin air 12 bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 900s 12isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 900 13isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 710 11isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 510 14isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook yoga 510 15isk bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook miix 710 12ikb bios",
"scope": "eq",
"trust": 1.6,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook 110 14ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook k21 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 15isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e40 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e31 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e41 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 14isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g40 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook b70 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g50 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook e51 80 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook g50 80 touch bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 17isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 510s 12isk bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 14ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450 bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook ideapad 300 15ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "notebook 110 15ibr bios",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "notebook",
"scope": "eq",
"trust": 0.9,
"vendor": "lenovo",
"version": "0"
},
{
"model": "110-14ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-14ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-15ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "110-15ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "b70-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "b70-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e31-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e31-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e40-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e40-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e41-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e41-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e51-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "e51-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g40-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g40-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 touch",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "g50-80 touch bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-14isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15ibr",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15ibr bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-15isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-17isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 300-17isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 510s-12isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "ideapad 510s-12isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k21-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k21-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k41-80",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "k41-80 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "miix 710-12ikb",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "miix 710-12ikb bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts150 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "thinkserver ts450 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "xiaoxin air 12",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "xiaoxin air 12 bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-14isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-14isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-15isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 510-15isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11ikb",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11ikb bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 710-11isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900-13isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900-13isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900s-12isk",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "yoga 900s-12isk bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_g40_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_g50_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_g50_80_touch_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_300_15ibr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_900_13isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_900s_12isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_ts150_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_110_14ibr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_110_15ibr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_b70_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_510s_12isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_k21_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_k41_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_miix_710_12ikb_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_xiaoxin_air_12_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:thinkserver_ts450_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_e31_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_e41_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_300_14isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_300_17isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_510_14isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_710_11isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_e40_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_e51_80_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_300_14ibr_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_ideapad_300_15isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_510_15isk_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_yoga_710_11ikb_bios:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_300_14ibr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_300_14isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_300_15isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_300_17isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_b70_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_e31_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_e40_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_e41_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_xiaoxin_air_12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_510_15isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_510_14isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_710_11ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_ts450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_110_14ibr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_g40_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_g50_80_touch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_k21_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_miix_710_12ikb:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_710_11isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_900s_12isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkserver_ts150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_110_15ibr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_e51_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_g50_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_300_15ibr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_ideapad_510s_12isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_k41_80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook_yoga_900_13isk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Ermolov from Digital Security ltd.",
"sources": [
{
"db": "BID",
"id": "94595"
}
],
"trust": 0.3
},
"cve": "CVE-2016-8224",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8224",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-11754",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.1,
"id": "VHN-97044",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-8224",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-8224",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-11754",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-644",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-97044",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. LenovoNotebook and ThinkServer are products of China Lenovo. The former is the notebook series, the latter is the server series. A local elevation of privilege vulnerability exists in the LenovoNotebook and ThinkServer systems. \nA local attacker can leverage this issue to gain elevated privileges. There are security vulnerabilities in Lenovo Notebook and ThinkServer systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "VULHUB",
"id": "VHN-97044"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8224",
"trust": 3.4
},
{
"db": "BID",
"id": "94595",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11754",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-97044",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"id": "VAR-201611-0150",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
}
],
"trust": 1.18125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
}
]
},
"last_update_date": "2023-12-18T13:44:11.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-9903",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/solutions/len_9903"
},
{
"title": "Patch for LenovoNotebook and ThinkServer Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84823"
},
{
"title": "Lenovo Notebook and ThinkServer Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65922"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.lenovo.com/us/en/solutions/len_9903"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94595"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8224"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8224"
},
{
"trust": 0.6,
"url": "https://support.lenovo.com/us/zh/solutions/len_9903"
},
{
"trust": 0.3,
"url": "http://www.lenovo.com/ca/en/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"db": "VULHUB",
"id": "VHN-97044"
},
{
"db": "BID",
"id": "94595"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"date": "2016-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-97044"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94595"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"date": "2016-11-29T20:59:02.437000",
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11754"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-97044"
},
{
"date": "2016-12-20T02:04:00",
"db": "BID",
"id": "94595"
},
{
"date": "2016-12-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006116"
},
{
"date": "2016-12-06T19:15:27.513000",
"db": "NVD",
"id": "CVE-2016-8224"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94595"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lenovo Notebook and ThinkServer Service disruption in the system (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006116"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-644"
}
],
"trust": 0.6
}
}
VAR-202011-1477
Vulnerability from variot - Updated: 2023-12-18 11:36A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Part of Lenovo There are unspecified vulnerabilities in notebooks.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1477",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "notebook",
"scope": "eq",
"trust": 1.0,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": "bios firmware"
},
{
"model": "bios",
"scope": "eq",
"trust": 0.8,
"vendor": "lenovo",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:lenovo:notebook_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8354"
}
]
},
"cve": "CVE-2020-8354",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2020-8354",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "psirt@lenovo.com",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-8354",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-8354",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "psirt@lenovo.com",
"id": "CVE-2020-8354",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1704",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Part of Lenovo There are unspecified vulnerabilities in notebooks.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8354",
"trust": 2.4
},
{
"db": "LENOVO",
"id": "LEN-49266",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013604",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"id": "VAR-202011-1477",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.75
},
"last_update_date": "2023-12-18T11:36:23.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "LEN-49266",
"trust": 0.8,
"url": "https://support.lenovo.com/us/en/product_security/len-49266"
},
{
"title": "Lenovo Notebook variableServiceSmm driver SMI callback function Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=135441"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://support.lenovo.com/us/en/product_security/len-49266"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8354"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"date": "2020-11-11T18:15:11.843000",
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"date": "2019-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-08T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-013604"
},
{
"date": "2020-11-30T14:42:35.927000",
"db": "NVD",
"id": "CVE-2020-8354"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Part of \u00a0Lenovo\u00a0 Vulnerabilities in notebooks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013604"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1704"
}
],
"trust": 0.6
}
}
CVE-2022-3746 (GCVE-0-2022-3746)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
Severity ?
6.7 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:54.077Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3746",
"datePublished": "2023-08-23T19:43:54.077Z",
"dateReserved": "2022-10-28T14:48:24.490Z",
"dateUpdated": "2024-08-03T01:20:57.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3745 (GCVE-0-2022-3745)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-10-01 15:49
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:04:56.231492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:49:56.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:34.512Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3745",
"datePublished": "2023-08-23T19:43:34.512Z",
"dateReserved": "2022-10-28T14:48:21.380Z",
"dateUpdated": "2024-10-01T15:49:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3744 (GCVE-0-2022-3744)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:17.503Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3744",
"datePublished": "2023-08-23T19:43:17.503Z",
"dateReserved": "2022-10-28T14:48:18.783Z",
"dateUpdated": "2024-08-03T01:20:57.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3743 (GCVE-0-2022-3743)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:42 – Updated: 2024-10-01 15:50
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:05:06.288708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:50:12.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:59.163Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3743",
"datePublished": "2023-08-23T19:42:59.163Z",
"dateReserved": "2022-10-28T14:48:05.339Z",
"dateUpdated": "2024-10-01T15:50:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3742 (GCVE-0-2022-3742)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:42 – Updated: 2024-10-09 19:17
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-14ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-14ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-15ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-15ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_17iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_17iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5_15ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5_15ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jbcn27ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fhcn70ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ejcn30ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gfcn29ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "g8cn22ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7_16iax7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7_16iax7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k1cn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7-16ithg6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7-16ithg6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g2_itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g2_itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_imh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_imh_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f6cn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s540-13itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s540-13itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fzcn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_g2_ith_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_g2_ith_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hjcn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17-iil_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17-iil_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_14ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_14ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-15itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-15itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hncn42ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "krcn14ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iap7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_o_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_o_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j3cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dpcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_creator_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_creator_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_gaming_3-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_gaming_3-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:13:55.262472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:17:23.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:15.848Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3742",
"datePublished": "2023-08-23T19:42:15.848Z",
"dateReserved": "2022-10-28T14:47:08.485Z",
"dateUpdated": "2024-10-09T19:17:23.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3746 (GCVE-0-2022-3746)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
Severity ?
6.7 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:54.077Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3746",
"datePublished": "2023-08-23T19:43:54.077Z",
"dateReserved": "2022-10-28T14:48:24.490Z",
"dateUpdated": "2024-08-03T01:20:57.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3745 (GCVE-0-2022-3745)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-10-01 15:49
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:04:56.231492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:49:56.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:34.512Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3745",
"datePublished": "2023-08-23T19:43:34.512Z",
"dateReserved": "2022-10-28T14:48:21.380Z",
"dateUpdated": "2024-10-01T15:49:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3744 (GCVE-0-2022-3744)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:17.503Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3744",
"datePublished": "2023-08-23T19:43:17.503Z",
"dateReserved": "2022-10-28T14:48:18.783Z",
"dateUpdated": "2024-08-03T01:20:57.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3743 (GCVE-0-2022-3743)
Vulnerability from nvd – Published: 2023-08-23 19:42 – Updated: 2024-10-01 15:50
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:05:06.288708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:50:12.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:59.163Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3743",
"datePublished": "2023-08-23T19:42:59.163Z",
"dateReserved": "2022-10-28T14:48:05.339Z",
"dateUpdated": "2024-10-01T15:50:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3742 (GCVE-0-2022-3742)
Vulnerability from nvd – Published: 2023-08-23 19:42 – Updated: 2024-10-09 19:17
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-14ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-14ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-15ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-15ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_17iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_17iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5_15ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5_15ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jbcn27ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fhcn70ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ejcn30ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gfcn29ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "g8cn22ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7_16iax7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7_16iax7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k1cn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7-16ithg6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7-16ithg6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g2_itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g2_itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_imh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_imh_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f6cn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s540-13itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s540-13itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fzcn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_g2_ith_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_g2_ith_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hjcn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17-iil_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17-iil_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_14ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_14ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-15itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-15itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hncn42ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "krcn14ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iap7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_o_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_o_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j3cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dpcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_creator_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_creator_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_gaming_3-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_gaming_3-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:13:55.262472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:17:23.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:15.848Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3742",
"datePublished": "2023-08-23T19:42:15.848Z",
"dateReserved": "2022-10-28T14:47:08.485Z",
"dateUpdated": "2024-10-09T19:17:23.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}