Vulnerabilites related to Lenovo - ThinkPad
CVE-2023-2290 (GCVE-0-2023-2290)
Vulnerability from cvelistv5
Published
2023-06-26 19:44
Modified
2024-12-03 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e14:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e14",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e14_gen2:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e14_gen2",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.22"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e15:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e15",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.23"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad_e490",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "1.34"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T18:34:50.401160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T18:40:33.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks Enrique Nissim, Joseph Tartaro and Krzysztof Okupski from IOActive for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T14:49:30.904Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-106014\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-106014\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Lenovo Product Security Advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-106014"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-2290",
"datePublished": "2023-06-26T19:44:19.989Z",
"dateReserved": "2023-04-25T19:41:49.164Z",
"dateUpdated": "2024-12-03T18:40:33.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4030 (GCVE-0-2023-4030)
Vulnerability from cvelistv5
Published
2023-08-17 16:48
Modified
2024-10-08 13:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-636 - Not Failing Securely ('Failing Open')
Summary
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkpad",
"vendor": "lenovo",
"versions": [
{
"status": "affected",
"version": "p14_gen2"
},
{
"status": "affected",
"version": "p15_gen2"
},
{
"status": "affected",
"version": "t14_gen2"
},
{
"status": "affected",
"version": "t15_gen2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:08:56.146548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:11:13.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."
}
],
"value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-636",
"description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:47.172Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4030",
"datePublished": "2023-08-17T16:48:47.172Z",
"dateReserved": "2023-07-31T16:54:49.207Z",
"dateUpdated": "2024-10-08T13:11:13.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6168 (GCVE-0-2019-6168)
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote code execution
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6168",
"datePublished": "2019-06-26T14:12:34.822409Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T23:41:33.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8341 (GCVE-0-2020-8341)
Vulnerability from cvelistv5
Published
2020-09-01 21:30
Modified
2024-09-16 23:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- None
Summary
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"datePublic": "2020-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "None",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T21:30:16",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
],
"solutions": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2020-09-01T21:00:00.000Z",
"ID": "CVE-2020-8341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for some Lenovo ThinkPad systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-30042",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-30042"
}
]
},
"solution": [
{
"lang": "en",
"value": "No action required. Lenovo has updated BIOS for systems in the product impact section to implement this secondary protection, PRx."
}
],
"source": {
"advisory": "LEN-30042",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2020-8341",
"datePublished": "2020-09-01T21:30:16.648832Z",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-09-16T23:16:41.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6167 (GCVE-0-2019-6167)
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- remote code execution
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6167",
"datePublished": "2019-06-26T14:12:34.783642Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T17:02:52.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6166 (GCVE-0-2019-6166)
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- cross-site request forgery
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6166",
"datePublished": "2019-06-26T14:12:34.747569Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T17:14:55.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6154 (GCVE-0-2019-6154)
Vulnerability from cvelistv5
Published
2019-04-10 17:04
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Code execution
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Lenovo Bootable Generator |
Version: unspecified < Mar-2019 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lenovo Bootable Generator",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Mar-2019",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue."
}
],
"datePublic": "2019-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T17:04:19",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)."
}
],
"source": {
"advisory": "LEN-25401",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-04-04T19:00:00.000Z",
"ID": "CVE-2019-6154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lenovo Bootable Generator",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "Mar-2019"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks SaifAllah benMassaoud \u0026 Oussama Sahnoun and Mustapha Mhenaoui for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-25401",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Lenovo Bootable Generator version Mar-2019 (or newer)."
}
],
"source": {
"advisory": "LEN-25401",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6154",
"datePublished": "2019-04-10T17:04:19.857324Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-17T02:06:09.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6172 (GCVE-0-2019-6172)
Vulnerability from cvelistv5
Published
2019-11-12 20:40
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Various",
"status": "affected",
"version": "Various",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T21:49:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"solutions": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Various",
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27714",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6172",
"datePublished": "2019-11-12T20:40:53",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4029 (GCVE-0-2023-4029)
Vulnerability from cvelistv5
Published
2023-08-17 16:48
Modified
2024-10-08 13:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkpad",
"vendor": "lenovo",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T13:13:15.422315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:16:40.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"value": "A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T16:48:24.711Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2023-4029",
"datePublished": "2023-08-17T16:48:24.711Z",
"dateReserved": "2023-07-31T16:48:52.842Z",
"dateUpdated": "2024-10-08T13:16:40.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6163 (GCVE-0-2019-6163)
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 23:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privilege escalation
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | System Update |
Version: unspecified < 5.07.0084 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "System Update",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.07.0084",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-13T18:56:07",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Update",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "5.07.0084"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Eran Shimony at CyberArk Labs for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27348",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the Lenovo System Update version 5.07.0084 (or newer)."
}
],
"source": {
"advisory": "LEN-27348",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6163",
"datePublished": "2019-06-26T14:12:34.696699Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T23:41:01.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6170 (GCVE-0-2019-6170)
Vulnerability from cvelistv5
Published
2019-11-12 20:40
Modified
2024-08-04 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary code execution
Summary
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ThinkPad",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "Various",
"status": "affected",
"version": "Various",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T21:49:25",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
],
"solutions": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2019-6170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThinkPad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Various",
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-27714",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-27714"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update BIOS to latest version as indicated in Lenovo\u0027s security advisory."
}
],
"source": {
"advisory": "LEN-27714",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6170",
"datePublished": "2019-11-12T20:40:53",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1307 (GCVE-0-2007-1307)
Vulnerability from cvelistv5
Published
2007-03-07 00:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22822"
},
{
"name": "24349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24349"
},
{
"name": "33854",
"refsource": "OSVDB",
"url": "http://osvdb.org/33854"
},
{
"name": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922",
"refsource": "CONFIRM",
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"name": "ADV-2007-0801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1307",
"datePublished": "2007-03-07T00:00:00",
"dateReserved": "2007-03-06T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6169 (GCVE-0-2019-6169)
Vulnerability from cvelistv5
Published
2019-06-26 14:12
Modified
2024-09-16 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- unencrypted downloads over FTP
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Service Bridge |
Version: unspecified < 4.1.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Bridge",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "4.1.0.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"datePublic": "2019-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unencrypted downloads over FTP",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-26T14:12:34",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-06-25T16:00:00.000Z",
"ID": "CVE-2019-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Bridge",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "4.1.0.1"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Bill Demirkapi for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unencrypted downloads over FTP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/solutions/LEN-27725",
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Lenovo Service Bridge version 4.1.0.1 (or newer)."
}
],
"source": {
"advisory": "LEN-27725",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2019-6169",
"datePublished": "2019-06-26T14:12:34.865362Z",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-09-16T20:32:51.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2019-6168",
"lastModified": "2024-11-21T04:46:04.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.277",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2019-6166",
"lastModified": "2024-11-21T04:46:03.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.153",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 17:29
Modified
2024-11-21 04:46
Severity ?
5.3 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-25401 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | bootable_usb | * | |
| lenovo | ideacentre | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:bootable_usb:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "4373A561-D116-4844-8F09-BEB7923ED0DB",
"versionEndExcluding": "mar-2019",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system."
},
{
"lang": "es",
"value": "Se inform\u00f3 de una vulnerabilidad en la ruta de b\u00fasqueda de DLL en Lenovo Bootable Generator, anterior a la versi\u00f3n Mar-2019, que podr\u00eda permitir a un usuario malicioso con acceso local ejecute c\u00f3digo en el sistema."
}
],
"id": "CVE-2019-6154",
"lastModified": "2024-11-21T04:46:02.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T17:29:00.400",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-25401"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-07 00:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | pro_1000_lan_adapter | 135400 | |
| lenovo | thinkpad | r50 | |
| lenovo | thinkpad | r50e | |
| lenovo | thinkpad | r50p | |
| lenovo | thinkpad | r51 | |
| lenovo | thinkpad | t41 | |
| lenovo | thinkpad | t41p | |
| lenovo | thinkpad | t42 | |
| lenovo | thinkpad | t42p | |
| lenovo | thinkpad | t60 | |
| lenovo | thinkpad | t60p | |
| lenovo | thinkpad | x31 | |
| lenovo | thinkpad | x32 | |
| lenovo | thinkpad | x40 | |
| lenovo | thinkpad | x60 | |
| lenovo | thinkpad | x60_tablet | |
| lenovo | thinkpad | x60s |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:intel:pro_1000_lan_adapter:135400:*:*:*:*:*:*:*",
"matchCriteriaId": "29EB8639-FFB5-4C2D-BC84-CB5CF023D5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50:*:*:*:*:*:*:*",
"matchCriteriaId": "8DB8FBD5-E649-451A-8607-3A348177875B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50e:*:*:*:*:*:*:*",
"matchCriteriaId": "941F6EC8-721C-47D5-A1C9-F693DEF342E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r50p:*:*:*:*:*:*:*",
"matchCriteriaId": "398C1D16-35C6-4EC5-8E8D-20BE5AB8E534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:r51:*:*:*:*:*:*:*",
"matchCriteriaId": "1B971BF4-1FA7-4890-83D6-063249E83E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t41:*:*:*:*:*:*:*",
"matchCriteriaId": "7754E7B3-9C85-43D6-BA9A-0DC2E381FDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t41p:*:*:*:*:*:*:*",
"matchCriteriaId": "3F707727-B8C3-405D-802D-26A6382070C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t42:*:*:*:*:*:*:*",
"matchCriteriaId": "2027DC41-7A87-4247-9306-7A069E2A7E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t42p:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA56ADA-6228-43ED-9940-EB2456D1A894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t60:*:*:*:*:*:*:*",
"matchCriteriaId": "AA56DD14-0857-4473-9F70-19412599EC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:t60p:*:*:*:*:*:*:*",
"matchCriteriaId": "23121483-2DBF-4426-85E6-ED252B9514CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x31:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAD5486-77BD-4C6A-B904-DAD1C439CA1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x32:*:*:*:*:*:*:*",
"matchCriteriaId": "678E12C5-FDCE-4D64-9062-933509D419D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x40:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD0F316-BDFF-44FB-99DE-610A658AE5D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABCC46A-FA30-42CB-BB3B-EC8EBE4B730C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60_tablet:*:*:*:*:*:*:*",
"matchCriteriaId": "B4159479-CD51-424F-8449-D29947021FD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:x60s:*:*:*:*:*:*:*",
"matchCriteriaId": "825A06DA-4AEB-44C8-ADCD-8220C8B2A031",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el adaptador Lenovo Intel PRO/1000 LAN anterior a Build 135400, como ha sido usado en sistemas IBM Lenovo ThinkPad, tienen impacto y vectores de ataque desconocidos."
}
],
"id": "CVE-2007-1307",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T00:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33854"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24349"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24349"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo\u0026lndocid=MIGR-62922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0801"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27348 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | system_update | * | |
| lenovo | b_series | - | |
| lenovo | c100 | - | |
| lenovo | c200 | - | |
| lenovo | e_series | - | |
| lenovo | j100 | - | |
| lenovo | j105 | - | |
| lenovo | j110 | - | |
| lenovo | j115 | - | |
| lenovo | j200 | - | |
| lenovo | j200p | - | |
| lenovo | j205 | - | |
| lenovo | k_series | - | |
| lenovo | n100 | - | |
| lenovo | n200 | - | |
| lenovo | s200 | - | |
| lenovo | s200p | - | |
| lenovo | s205 | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | v_series | - | |
| lenovo | v100 | - | |
| lenovo | v200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:system_update:*:*:*:*:*:*:*:*",
"matchCriteriaId": "425E8D8C-9D57-421C-B9D8-91570342F37C",
"versionEndExcluding": "5.07.0084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:b_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF35A407-04DB-4484-8C92-44E9CA35784B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:c100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2679679A-86BF-4346-B49A-1CF59066A3C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF289431-1E47-4AAE-9664-CB70EBDBE835",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:e_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20A22C95-1285-46B8-A9BB-8BE1D7824C41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59F2C7AD-9AC4-4582-952B-561D86C98BB5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j105:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7C3A94-C947-47CF-94EF-A36D51E568A9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72664BC5-3936-455A-AF94-96686CD4E3B4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j115:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B111141-88BD-46D8-9FE1-2D72CD9D9383",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAC20A5-7F62-4BEF-A489-B14EC1AF24C0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j200p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "165777CC-AEA0-4AF6-813A-0BCF19C011B7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:j205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56E48F87-3FAE-4AFB-B691-F60CAA0D264C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:k_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50C2A201-9452-4753-AB38-29F7B53E3C4C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "969C2FCE-A6C7-4D61-8ECC-CAE595829EAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "414F3F97-0D2C-4B3A-B5AB-59B308652FD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD73A62-B205-4D80-9516-F1603198E0E8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s200p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C10BB43C-D47F-4CA1-B69C-CAB260D58EE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:s205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25405CB9-280E-4EDD-A2AE-3869F781BE66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v_series:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4199C75-BB7A-4F1B-911B-28FCB859474E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F32E145-62E2-4A52-8E48-C5CD9CBFB1C5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:v200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "547B731E-658D-4312-BDC2-22A3F584833E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability was reported in Lenovo System Update before version 5.07.0084 that could allow service log files to be written to non-standard locations."
},
{
"lang": "es",
"value": "Se comunic\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en Lenovo System Update en versiones anteriores a la 5.07.0084 que podr\u00eda permitir que los archivos de registro de servicio sean escritos en ubicaciones no standard."
}
],
"id": "CVE-2019-6163",
"lastModified": "2024-11-21T04:46:03.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.107",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27348"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-404"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution."
},
{
"lang": "es",
"value": "Se informa de una vulnerabilidad en Lenovo Service Bridge en versiones anteriores a la 4.1.0.1 que podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"id": "CVE-2019-6167",
"lastModified": "2024-11-21T04:46:03.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.213",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-26 14:15
Modified
2024-11-21 04:46
Severity ?
Summary
A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| psirt@lenovo.com | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.lenovo.com/solutions/LEN-27725 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lenovo | service_bridge | * | |
| lenovo | ideacentre | - | |
| lenovo | ideapad | - | |
| lenovo | tablet | - | |
| lenovo | thinkcentre | - | |
| lenovo | thinkpad | - | |
| lenovo | thinkstation | - | |
| lenovo | yoga | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:service_bridge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76A1F100-6E13-4DD3-BFA1-5907A6E3379D",
"versionEndExcluding": "4.1.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2310B3-8DD3-427A-8A0A-B612FA3FE132",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:ideapad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB1A4C4-365D-46D1-8DA8-B6C0DD349807",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:tablet:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "E9E6D176-27CB-41CA-A915-C307B1C50742",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E8DBDC-AA46-4DF0-B557-275DB8CF3CD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BD24F8-2446-4657-A1A1-B6DDF52D2250",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkstation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A7A1F41-8BA5-4A8B-80DA-24A4C43FCF21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:yoga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B909B1-8790-4906-AA50-1FC5FDEEE5D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP."
},
{
"lang": "es",
"value": "Una vulnerabilidad comunicada en Lenovo Service Bridge antes de la versi\u00f3n 4.1.0.1 podr\u00eda permitir descargas sin cifrar a trav\u00e9s de FTP."
}
],
"id": "CVE-2019-6169",
"lastModified": "2024-11-21T04:46:04.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@lenovo.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-26T14:15:10.357",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/solutions/LEN-27725"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}