Lucene search
LenovoCVELIST:CVE-2023-43570HistoryNov 08, 2023 - 10:07 p.m.
CVE-2023-43570
2023-11-0822:07:32
CWE-20
lenovo
www.cve.org
8
vulnerability
smi
oemsmi
driver
local attacker
arbitrary code
elevated permissions
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Desktop BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
]Related
prion
prion
Code injection
2023-11-08 22:15:00
nvd
nvd
CVE-2023-43570
2023-11-08 22:15:10
vulnrichment
vulnrichment
CVE-2023-43570
2023-11-08 22:07:32
cve
cve
CVE-2023-43570
2023-11-08 22:15:10
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for CVELIST:CVE-2023-43570