CVE-2023-43578

CVE

Medium

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privile…

CVSS

6.7

Medium

EPSS

0.00

p13

Published

2023-01-01

Updated

2023-01-01

Description

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Tags · CWE

CWE-120

CAPEC-8

CAPEC-9

CAPEC-10

CAPEC-14

CAPEC-24

CAPEC-42

CAPEC-44

CAPEC-45

CAPEC-46

CAPEC-47

CAPEC-67

CAPEC-92

CAPEC-100

Affected products

Ideacentre_3-07ada05_firmwareIdeacentre_3-07imb05_firmwareIdeacentre_5-14acn6_firmwareIdeacentre_5-14imb05_firmwareIdeacentre_5-14iob6_firmwareIdeacentre_5_14iab7_firmwareIdeacentre_5_14irb8_firmwareIdeacentre_aio_3-22iil5_firmwareIdeacentre_aio_3-22imb05_firmwareIdeacentre_aio_3-22itl6_firmwareIdeacentre_aio_3-24alc6_firmwareIdeacentre_aio_3-24iil5_firmwareIdeacentre_aio_3-24imb05_firmwareIdeacentre_aio_3-24itl6_firmwareIdeacentre_aio_3-27imb05_firmwareIdeacentre_aio_3-27itl6_firmwareIdeacentre_aio_3_21itl7_firmwareIdeacentre_aio_3_22iap7_firmwareIdeacentre_aio_3_24iap7_firmwareIdeacentre_aio_3_27iap7_firmware

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

2023-01-01

Published

2023-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: H

High (H)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.002 · p13

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Lenovo

Thinkcentre M625q Thinkcentre M625q Firmware Ideacentre 5-14iob6 Ideacentre 5-14iob6 Firmware Ideacentre G5-14imb05 Ideacentre G5-14imb05 Firmware Ideacentre Gaming 5-14iob6 Ideacentre Gaming 5-14iob6 Firmware Thinkcentre M75n Thinkcentre M75n Firmware+212

Product	Vendor	Status
ideacentre_3-07ada05_firmware	*	Tracked
ideacentre_3-07imb05_firmware	*	Tracked
ideacentre_5-14acn6_firmware	*	Tracked
ideacentre_5-14imb05_firmware	*	Tracked
ideacentre_5-14iob6_firmware	*	Tracked
ideacentre_5_14iab7_firmware	*	Tracked
ideacentre_5_14irb8_firmware	*	Tracked
ideacentre_aio_3-22iil5_firmware	*	Tracked
ideacentre_aio_3-22imb05_firmware	*	Tracked
ideacentre_aio_3-22itl6_firmware	*	Tracked
ideacentre_aio_3-24alc6_firmware	*	Tracked
ideacentre_aio_3-24iil5_firmware	*	Tracked
ideacentre_aio_3-24imb05_firmware	*	Tracked
ideacentre_aio_3-24itl6_firmware	*	Tracked
ideacentre_aio_3-27imb05_firmware	*	Tracked
ideacentre_aio_3-27itl6_firmware	*	Tracked
ideacentre_aio_3_21itl7_firmware	*	Tracked
ideacentre_aio_3_22iap7_firmware	*	Tracked
ideacentre_aio_3_24iap7_firmware	*	Tracked
ideacentre_aio_3_27iap7_firmware	*	Tracked

Showing first 20 of 112

Source databases

CVE