Search criteria
14 vulnerabilities found for ideapad_3-17iml05_firmware by lenovo
CVE-2022-3746 (GCVE-0-2022-3746)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
Severity ?
6.7 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:54.077Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3746",
"datePublished": "2023-08-23T19:43:54.077Z",
"dateReserved": "2022-10-28T14:48:24.490Z",
"dateUpdated": "2024-08-03T01:20:57.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3745 (GCVE-0-2022-3745)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-10-01 15:49
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:04:56.231492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:49:56.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:34.512Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3745",
"datePublished": "2023-08-23T19:43:34.512Z",
"dateReserved": "2022-10-28T14:48:21.380Z",
"dateUpdated": "2024-10-01T15:49:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3744 (GCVE-0-2022-3744)
Vulnerability from nvd – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:17.503Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3744",
"datePublished": "2023-08-23T19:43:17.503Z",
"dateReserved": "2022-10-28T14:48:18.783Z",
"dateUpdated": "2024-08-03T01:20:57.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3743 (GCVE-0-2022-3743)
Vulnerability from nvd – Published: 2023-08-23 19:42 – Updated: 2024-10-01 15:50
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:05:06.288708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:50:12.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:59.163Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3743",
"datePublished": "2023-08-23T19:42:59.163Z",
"dateReserved": "2022-10-28T14:48:05.339Z",
"dateUpdated": "2024-10-01T15:50:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3742 (GCVE-0-2022-3742)
Vulnerability from nvd – Published: 2023-08-23 19:42 – Updated: 2024-10-09 19:17
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-14ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-14ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-15ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-15ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_17iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_17iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5_15ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5_15ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jbcn27ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fhcn70ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ejcn30ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gfcn29ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "g8cn22ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7_16iax7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7_16iax7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k1cn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7-16ithg6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7-16ithg6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g2_itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g2_itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_imh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_imh_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f6cn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s540-13itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s540-13itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fzcn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_g2_ith_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_g2_ith_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hjcn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17-iil_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17-iil_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_14ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_14ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-15itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-15itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hncn42ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "krcn14ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iap7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_o_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_o_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j3cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dpcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_creator_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_creator_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_gaming_3-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_gaming_3-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:13:55.262472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:17:23.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:15.848Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3742",
"datePublished": "2023-08-23T19:42:15.848Z",
"dateReserved": "2022-10-28T14:47:08.485Z",
"dateUpdated": "2024-10-09T19:17:23.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3972 (GCVE-0-2021-3972)
Vulnerability from nvd – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI?
Summary
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Severity ?
6.7 (Medium)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Martin Smolár from ESET for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:40",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3972",
"datePublished": "2022-04-22T20:30:40",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3970 (GCVE-0-2021-3970)
Vulnerability from nvd – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI?
Summary
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Martin Smolár from ESET for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:37",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3970",
"datePublished": "2022-04-22T20:30:37",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3746 (GCVE-0-2022-3746)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
Severity ?
6.7 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": " CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:54.077Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3746",
"datePublished": "2023-08-23T19:43:54.077Z",
"dateReserved": "2022-10-28T14:48:24.490Z",
"dateUpdated": "2024-08-03T01:20:57.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3745 (GCVE-0-2022-3745)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-10-01 15:49
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:04:56.231492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:49:56.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:34.512Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3745",
"datePublished": "2023-08-23T19:43:34.512Z",
"dateReserved": "2022-10-28T14:48:21.380Z",
"dateUpdated": "2024-10-01T15:49:56.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3744 (GCVE-0-2022-3744)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:43 – Updated: 2024-08-03 01:20
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.
Severity ?
6.7 (Medium)
CWE
- CWE-798 - Use of Hard-coded Credentials
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:43:17.503Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3744",
"datePublished": "2023-08-23T19:43:17.503Z",
"dateReserved": "2022-10-28T14:48:18.783Z",
"dateUpdated": "2024-08-03T01:20:57.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3743 (GCVE-0-2022-3743)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:42 – Updated: 2024-10-01 15:50
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T15:05:06.288708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T15:50:12.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:59.163Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3743",
"datePublished": "2023-08-23T19:42:59.163Z",
"dateReserved": "2022-10-28T14:48:05.339Z",
"dateUpdated": "2024-10-01T15:50:12.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3742 (GCVE-0-2022-3742)
Vulnerability from cvelistv5 – Published: 2023-08-23 19:42 – Updated: 2024-10-09 19:17
VLAI?
Summary
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.
Severity ?
6.7 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_14igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_14igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1_15igl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1_15igl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "kkcn15ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-14ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-14ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_1-15ijl7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_1-15ijl7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_14iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_14iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_15iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_15iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3_17iau7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3_17iau7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5_15ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5_15ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jbcn27ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fhcn70ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ejcn30ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:l3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "l3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gfcn29ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_15iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_15iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro_16iah7h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro_16iah7h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j2cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5_pro-16ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5_pro-16ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15imh6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15imh6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "g8cn22ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-15ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-15ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5-17ith6h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5-17ith6h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_5p-15imh05h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_5p-15imh05h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "efcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7_16iax7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7_16iax7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k1cn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:legion_7-16ithg6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "legion_7-16ithg6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "h1cn52ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g2_itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g2_itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_imh_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_imh_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f6cn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2_ijl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2_ijl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "htcn31ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g3_iap_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g3_iap_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jkcn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:s540-13itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "s540-13itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fzcn26ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkbook_15p_g2_ith_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "thinkbook_15p_g2_ith_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hjcn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v14-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v14-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g1-iml_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g1-iml_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v15-igl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v15-igl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17_g2-itl_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17_g2-itl_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:v17-iil_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "v17-iil_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_14ial7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_14ial7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7_16iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7_16iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j1cn35ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_7-15itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_7-15itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "f5cn59ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hncn42ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_carbon_13iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "k2cn34ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "krcn14ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro_14iap7_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "jhcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14ihu5_o_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14ihu5_o_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_pro-14itl5_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_pro-14itl5_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "fjcn74ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_7_prox_14iah7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_7_prox_14iah7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "hmcn41ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9_14iap7_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9_14iap7_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "j3cn49ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:yoga_slim_9-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "yoga_slim_9-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "escn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14igl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14igl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dvcn28ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-14itl6_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-14itl6_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "ggcn51ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "emcn56ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-15itl05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-15itl05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "gccn32ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_3-17iml05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_3-17iml05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dxcn44ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_5-15iil05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_5-15iil05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "dpcn58ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_creator_5-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_creator_5-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:ideapad_gaming_3-15imh05_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "ideapad_gaming_3-15imh05_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "egcn40ww",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T20:13:55.262472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:17:23.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Notebook",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"value": "A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:42:15.848Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-103710"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-103710."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2022-3742",
"datePublished": "2023-08-23T19:42:15.848Z",
"dateReserved": "2022-10-28T14:47:08.485Z",
"dateUpdated": "2024-10-09T19:17:23.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3972 (GCVE-0-2021-3972)
Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI?
Summary
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Severity ?
6.7 (Medium)
CWE
- CWE-489 - Leftover Debug Code
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Martin Smolár from ESET for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Leftover Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:40",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices\u0027 BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489 Leftover Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3972",
"datePublished": "2022-04-22T20:30:40",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3970 (GCVE-0-2021-3970)
Vulnerability from cvelistv5 – Published: 2022-04-22 20:30 – Updated: 2024-08-03 17:09
VLAI?
Summary
A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.
Severity ?
6.7 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lenovo | Notebook BIOS |
Affected:
various
|
Credits
Lenovo thanks Martin Smolár from ESET for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Notebook BIOS",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T20:30:37",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
],
"solutions": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2021-3970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Notebook BIOS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-73440",
"refsource": "MISC",
"url": "https://support.lenovo.com/us/en/product_security/LEN-73440"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."
}
],
"source": {
"advisory": "LEN-73440",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2021-3970",
"datePublished": "2022-04-22T20:30:37",
"dateReserved": "2021-11-17T00:00:00",
"dateUpdated": "2024-08-03T17:09:09.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}