Lucene search

[email protected]CVE-2015-5684

HistoryMar 27, 2020 - 3:15 p.m.

CVE-2015-5684

2020-03-2715:15:00

CWE-120

[email protected]

web.nvd.nist.gov

115

cve-2015-5684

buffer overflow

lenovo service engine

bios

remote code execution

vulnerability

nvd

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

CPENameOperatorVersion
lenovo:b50-10_firmwarelenovo b50-10 firmwareltcccn13ww\(v1.02\)
lenovo:flex_2_pro-15_firmwarelenovo flex 2 pro-15 firmwarelta9cn46ww
lenovo:edge_15_firmwarelenovo edge 15 firmwarelta9cn46ww
lenovo:edge_15_firmwarelenovo edge 15 firmwareltb9cn17ww
lenovo:flex_2_pro-15_firmwarelenovo flex 2 pro-15 firmwareltb9cn17ww
lenovo:flex_3-1470_firmwarelenovo flex 3-1470 firmwareltbdcn30ww
lenovo:flex_3-1570_firmwarelenovo flex 3-1570 firmwareltbdcn30ww
lenovo:flex_3-1120_firmwarelenovo flex 3-1120 firmwareltc0cn25ww
lenovo:g40-80_firmwarelenovo g40-80 firmwareltb0cn75ww
lenovo:g50-80_firmwarelenovo g50-80 firmwareltb0cn75ww

CPE	Name	Operator	Version
lenovo:b50-10_firmware	lenovo b50-10 firmware	lt	cccn13ww\(v1.02\)
lenovo:flex_2_pro-15_firmware	lenovo flex 2 pro-15 firmware	lt	a9cn46ww
lenovo:edge_15_firmware	lenovo edge 15 firmware	lt	a9cn46ww
lenovo:edge_15_firmware	lenovo edge 15 firmware	lt	b9cn17ww
lenovo:flex_2_pro-15_firmware	lenovo flex 2 pro-15 firmware	lt	b9cn17ww
lenovo:flex_3-1470_firmware	lenovo flex 3-1470 firmware	lt	bdcn30ww
lenovo:flex_3-1570_firmware	lenovo flex 3-1570 firmware	lt	bdcn30ww
lenovo:flex_3-1120_firmware	lenovo flex 3-1120 firmware	lt	c0cn25ww
lenovo:g40-80_firmware	lenovo g40-80 firmware	lt	b0cn75ww
lenovo:g50-80_firmware	lenovo g50-80 firmware	lt	b0cn75ww

Rows per page:

1-10 of 291

References

support.lenovo.com/us/en/product_security/lse_bios_notebook

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2015-5684

lenovo2 cvelist1 prion1