Lucene search

[email protected]NVD:CVE-2023-25493

HistoryApr 05, 2024 - 9:15 p.m.

CVE-2023-25493

2024-04-0521:15:07

CWE-306

[email protected]

web.nvd.nist.gov

bios update

desktop

smart edge

smart office

thinkstation

elevated privileges

arbitrary code

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code.

References

support.lenovo.com/us/en/product_security/LEN-141775

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2023-25493

cvelist1 vulnrichment1 cve1