Vulnerabilites related to lenovo - tab_p11_pro_gen_2_tb132fu_firmware
cve-2023-5080
Vulnerability from cvelistv5
Published
2024-01-19 20:06
Modified
2024-09-16 14:53
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.lenovo.com/us/en/product_security/LEN-142135", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Tablet", vendor: "Lenovo", versions: [ { status: "affected", version: "various", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Lenovo thanks Ryan Johnson and Mohamed Elsabagh of Quokka for reporting this issue.", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.", }, ], value: "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-266", description: "CWE-266: Incorrect Privilege Assignment", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-16T14:53:27.329Z", orgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", shortName: "lenovo", }, references: [ { url: "https://support.lenovo.com/us/en/product_security/LEN-142135", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-142135\">https://support.lenovo.com/us/en/product_security/LEN-142135</a></span><br>", }, ], value: "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-142135", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "da227ddf-6e25-4b41-b023-0f976dcaca4b", assignerShortName: "lenovo", cveId: "CVE-2023-5080", datePublished: "2024-01-19T20:06:30.375Z", dateReserved: "2023-09-19T21:01:57.900Z", dateUpdated: "2024-09-16T14:53:27.329Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-01-19 20:15
Modified
2024-11-21 08:41
Severity ?
6.8 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "B1600932-86AD-4062-9BBE-7E05823E0841", versionEndExcluding: "8505f_usr_s301106_2309140042_v9.56_bmp_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*", matchCriteriaId: "C36249B8-17F5-4C84-80DA-D53B15ECB132", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428", versionEndExcluding: "8505fs_usr_s301107_2309140028_v9.56_bmp_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*", matchCriteriaId: "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8", versionEndExcluding: "8505x_usr_s301129_2309141226_v9.56_bmp_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*", matchCriteriaId: "1181F5AF-6A77-4B24-A8AD-41940D344829", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D", versionEndExcluding: "8505xs_usr_s301077_2309140036_v9.56_bmp_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*", matchCriteriaId: "D690DD9B-767A-4487-8F81-E527E4838989", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "8DFC63D1-5E58-429A-B07C-D27E4E644F90", versionEndExcluding: "tb125fu_usr_s100116_2311171525_mp1rc_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:*:*:*:*:*:*:*", matchCriteriaId: "450B5FBD-8E52-4C87-A563-FA1B45FB86CE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:lenovo:tab_p11_pro_gen_2_tb132fu_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "33D5ED5F-B0CA-4A3C-94EB-626DC3180DB3", versionEndExcluding: "tb132fu_s240219_231123_row", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:lenovo:tab_p11_pro_gen_2_tb132fu:-:*:*:*:*:*:*:*", matchCriteriaId: "3EDAC7D3-75F1-4D59-8B94-5C2159AF1CDE", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.", }, { lang: "es", value: "Se informó una vulnerabilidad de escalada de privilegios en algunas tabletas Lenovo que podría permitir que las aplicaciones locales accedan a identificadores de dispositivos y comandos del sistema.", }, ], id: "CVE-2023-5080", lastModified: "2024-11-21T08:41:01.643", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 4.2, source: "psirt@lenovo.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-19T20:15:12.017", references: [ { source: "psirt@lenovo.com", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-142135", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.lenovo.com/us/en/product_security/LEN-142135", }, ], sourceIdentifier: "psirt@lenovo.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-266", }, ], source: "psirt@lenovo.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }