Lucene search

LenovoCVE-2023-25493

HistoryApr 05, 2024 - 9:15 p.m.

CVE-2023-25493

2024-04-0521:15:07

CWE-306

lenovo

web.nvd.nist.gov

bios update

driver vulnerability

desktop

smart edge

smart office

thinkstation

elevated privileges

arbitrary code

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-141775

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-25493