Vulnerabilites related to lenovo - thinkstation_p360_ultra_firmware
Vulnerability from fkie_nvd
Published
2023-06-05 22:15
Modified
2024-11-21 07:32
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_aio_3_21itl7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF434C4-92FB-4285-9D70-346CEEC22535",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_aio_3_21itl7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06FA56AE-3377-41FE-B2FA-3D7C48668FE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_aio_3-22itl6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A88174-FD66-4A97-8C09-25D83FA3B080",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_aio_3-22itl6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35E8DEFA-7E34-4B38-9555-505CD5EAACA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_aio_3-24itl6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "213EBCF5-5ACC-49C3-B80A-6F7ACC095292",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_aio_3-24itl6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A264E0C3-8D56-443B-9EAE-E08F46748A80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_aio_3-27itl6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35BA2F95-6488-4D5E-A498-89FEB7996AD6",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_aio_3-27itl6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B1DBF8-0788-40BA-BE29-5B2EA35874B1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m720e_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ABB82BF-1F1C-4E02-8956-43CBD91B459E",
"versionEndExcluding": "m1zkt40a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m720e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02F399A4-01A9-4D9E-9371-F260C31CB942",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m720q_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEAAD454-64DA-4ABF-8AC3-6DCCCA700366",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m720q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "90230B12-DF65-4D6B-90E0-65F523BA98CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m720s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD01C911-C7B0-4A9C-93D3-A3F7735C161C",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m720s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C245AA0-A5AA-4375-B781-23159D4F69B3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m720t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD698A4-11C9-4913-9FF1-074ED0DED491",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m720t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC3DBF5-3CE2-48BE-82E2-F52A776E68E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m725s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1438E6-791A-45E6-A5BB-4DDA151C2465",
"versionEndExcluding": "m25kt63a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m725s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4298C6F6-191F-427B-8827-9C6580FBC657",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m75s_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A45A119-4388-44FA-840C-F51FB91480A3",
"versionEndExcluding": "m46kt30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m75s_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04B34D9E-9504-4CEF-8056-01C6BAEAB8CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m75s_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20437C26-886C-45DD-B010-250F0CE6F83F",
"versionEndExcluding": "m3bkt30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m75s_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04B34D9E-9504-4CEF-8056-01C6BAEAB8CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m75t_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93DFDC44-81C6-484D-8D71-520625A7AA26",
"versionEndExcluding": "m46kt30a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m75t_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2102F1DF-7A45-4080-B52A-3D51028FE82A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m75t_gen_2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B955072B-C1F4-47B6-A50E-F929EA3A3F1C",
"versionEndExcluding": "m3akt4ca",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m75t_gen_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2102F1DF-7A45-4080-B52A-3D51028FE82A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m920q_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DACE230A-FDC0-420E-B977-AFA4C1A8E211",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m920q:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18964E52-51F6-4C64-A471-A09FB2E7A4C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m920s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F29A7E-E699-454C-A8B0-142A9324BA96",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m920s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86CEA502-29BC-4F04-AF51-53B8CE39D1DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m920t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D83D0761-E412-41FF-ACE7-BC29BB864DDB",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m920t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AA136174-6A29-4DD8-BF2F-BEC629ED216B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m920x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D31A1B33-F4F7-4E37-BA1E-AC2D9B93A8C3",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m920x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9DDEC1BD-4511-4231-9502-A65FFFA35116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkcentre_m920z_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9F4005-02A1-490E-A7A5-E2ABEAE37DEB",
"versionEndExcluding": "m1mkt55a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_m920z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E07299B-26F5-438D-A522-20FAFC970E47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_510s-07icb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6036BB-4E44-4A4D-81B0-25F32A21C25B",
"versionEndExcluding": "m22kt48a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_510s-07icb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "501B5AB2-483A-42D6-97B6-C47413232811",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_510s-07icb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "811228D4-5CB0-4F81-8D7A-B851046C5AB7",
"versionEndExcluding": "m22kt49a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_510s-07icb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "501B5AB2-483A-42D6-97B6-C47413232811",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_510s-07ick_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52C05B9F-72A7-4913-9DD7-65F2373340ED",
"versionEndExcluding": "m30kt28a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_510s-07ick:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BC5F0E-9AD4-4E73-B6A9-0A927C22DB14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_510s-07ick_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3563D2-7F31-4E73-A599-41357F60952F",
"versionEndExcluding": "m1zkt40a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_510s-07ick:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BC5F0E-9AD4-4E73-B6A9-0A927C22DB14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:ideacentre_720-18apr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35DB207A-0A44-48D2-A079-DF016C8D222E",
"versionEndExcluding": "m25kt63a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:ideacentre_720-18apr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D468EDDA-AE71-451E-9CE2-91C4F62C66DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:v30a-22itl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2ABC33C-DAA2-4831-AC8C-8FCD774D303A",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:v30a-22itl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5515B1D-5869-4BCD-912E-DA3ADCA08896",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:v30a-24itl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E257CC87-E4FC-4026-8518-2BAE82BF2AA3",
"versionEndExcluding": "o5akt33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:v30a-24itl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A8C95F-1C20-4FA4-8584-F93E9877F84C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:v530s-07icb_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD5F91D-45CB-4CE0-8E71-053936449C1B",
"versionEndExcluding": "m22kt49a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:v530s-07icb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1F8C3B-CA56-49C3-9089-24857ACF65FC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:v530s-07icr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A41BA8-D940-4A9B-801A-80FA1C5C84A0",
"versionEndExcluding": "m1zkt40a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:v530s-07icr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2846C59E-89B6-478E-8406-5BC09326E3B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkstation_p330_tiny_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02FCA682-FD95-4641-8FC7-2B65A3740DB6",
"versionEndExcluding": "m1ukt70a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p330_tiny:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCC5B38-D665-43E6-A4FB-0A9D464E1406",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkstation_p360_ultra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC490D6-72FF-4328-97AA-1C78F951AFE0",
"versionEndExcluding": "s0fkt27a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p360_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C496049-4FB1-4F42-8F28-FEE66B3B3D56",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkstation_p520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ABAD5C6-D995-482C-B9BE-9584DD358958",
"versionEndExcluding": "s03kt58a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6840BC60-44C3-4EA8-96D3-E93796C15310",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:lenovo:thinkstation_p520c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5448FEB7-0357-4CA7-8D4F-81028F3F6938",
"versionEndExcluding": "s03kt58a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:lenovo:thinkstation_p520c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0431D83D-1AC8-4EDE-8568-8695F8E68C35",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code."
}
],
"id": "CVE-2022-48188",
"lastModified": "2024-11-21T07:32:56.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-05T22:15:11.563",
"references": [
{
"source": "psirt@lenovo.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495"
}
],
"sourceIdentifier": "psirt@lenovo.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@lenovo.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-48188
Vulnerability from cvelistv5
Published
2023-06-05 21:03
Modified
2025-01-08 15:50
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | ThinkStation BIOS |
Version: various |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:10:58.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T15:50:33.034689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T15:50:42.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ThinkStation BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Lenovo thanks River Li and Fangtao Cao for reporting this issue. "
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code."
}
],
"value": "A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-05T21:03:07.044Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-124495"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-124495\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-124495\u003c/a\u003e"
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the related Lenovo advisory:\u00a0 https://support.lenovo.com/us/en/product_security/LEN-124495 https://support.lenovo.com/us/en/product_security/LEN-124495 "
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-48188",
"datePublished": "2023-06-05T21:03:07.044Z",
"dateReserved": "2022-12-29T17:29:25.496Z",
"dateUpdated": "2025-01-08T15:50:42.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}