Lucene search
HistoryNov 08, 2023 - 10:15 p.m.
CVE-2023-5078
vulnerability
thinkpad
bios
tampering
firmware
local attacker
elevated privileges
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
Affected configurations
Node
lenovothinkpad_x13_gen_3Match-
lenovothinkpad_x13_gen_3_firmwareMatch-
Node
lenovothinkpad_s2_yoga_gen_7Match-
lenovothinkpad_s2_yoga_gen_7_firmwareRange<1.19
Node
lenovothinkpad_s2_yoga_gen_6Match-
lenovothinkpad_s2_yoga_gen_6_firmwareMatch-
Node
lenovothinkpad_s2_gen_8Match-
lenovothinkpad_s2_gen_8_firmwareMatch-
Node
lenovothinkpad_p14s_gen_3Match-
lenovothinkpad_p14s_gen_3_firmwareMatch-
Node
lenovothinkpad_p16s_gen_1Match-
lenovothinkpad_p16s_gen_1_firmwareMatch-
Node
lenovothinkpad_t14_gen_3_firmwareMatch-
lenovothinkpad_t14_gen_3Match-
Node
lenovothinkpad_t14s_gen_3_firmwareMatch-
lenovothinkpad_t14s_gen_3Match-
Node
lenovothinkpad_t16_gen_1_firmwareMatch-
lenovothinkpad_t16_gen_1Match-
Node
lenovothinkpad_l14_gen_3_firmwareRange<1.23
lenovothinkpad_l14_gen_3Match-
Node
lenovothinkpad_l14_gen_4_firmwareRange<1.1
lenovothinkpad_l14_gen_4Match-
Node
lenovothinkpad_l15_gen_3_firmwareRange<1.23
lenovothinkpad_l15_gen_3Match-
Node
lenovothinkpad_l15_gen_4_firmwareRange<1.1
lenovothinkpad_l15_gen_4Match-
Node
lenovothinkpad_l13_yoga_gen_4_firmwareMatch-
lenovothinkpad_l13_yoga_gen_4Match-
Node
lenovothinkpad_l13_yoga_gen_3_firmwareRange<1.19
lenovothinkpad_l13_yoga_gen_3Match-
Node
lenovothinkpad_l13_yoga_gen_2_firmwareMatch-
lenovothinkpad_l13_yoga_gen_2Match-
Node
lenovothinkpad_l13_gen_4_firmwareMatch-
lenovothinkpad_l13_gen_4Match-
Node
lenovothinkpad_l13_gen_3_firmwareRange<1.19
lenovothinkpad_l13_gen_3Match-
Node
lenovothinkpad_l13_gen_2_firmwareMatch-
lenovothinkpad_l13_gen_2Match-
Node
lenovothinkpad_s2_yoga_gen_8_firmwareMatch-
lenovothinkpad_s2_yoga_gen_8Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lenovo | thinkpad_x13_gen_3 | - | cpe:2.3:h:lenovo:thinkpad_x13_gen_3:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_x13_gen_3_firmware | - | cpe:2.3:o:lenovo:thinkpad_x13_gen_3_firmware:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_yoga_gen_7 | - | cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_7:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_yoga_gen_7_firmware | * | cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_7_firmware:*:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_yoga_gen_6 | - | cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_yoga_gen_6_firmware | - | cpe:2.3:o:lenovo:thinkpad_s2_yoga_gen_6_firmware:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_gen_8 | - | cpe:2.3:h:lenovo:thinkpad_s2_gen_8:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_s2_gen_8_firmware | - | cpe:2.3:o:lenovo:thinkpad_s2_gen_8_firmware:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_p14s_gen_3 | - | cpe:2.3:h:lenovo:thinkpad_p14s_gen_3:-:*:*:*:*:*:*:* |
| lenovo | thinkpad_p14s_gen_3_firmware | - | cpe:2.3:o:lenovo:thinkpad_p14s_gen_3_firmware:-:*:*:*:*:*:*:* |
Related
prion
prion
Security feature bypass
2023-11-08 22:15:00
cve
cve
CVE-2023-5078
2023-11-08 22:15:11
vulnrichment
vulnrichment
CVE-2023-5078
2023-11-08 22:02:49
cvelist
cvelist
CVE-2023-5078
2023-11-08 22:02:49
CVSS3
6.7
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2023-5078