Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-4028
HistoryAug 17, 2023 - 5:15 p.m.

CVE-2023-4028

2023-08-1717:15:10
CWE-120
[email protected]
web.nvd.nist.gov
21
cve-2023-4028
buffer overflow
lenovo
systemusermasterhddpwddxe
driver
local access
elevated privileges
arbitrary code
nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected configurations

NVD
Node
lenovo13w_yogaMatch-
AND
lenovo13w_yoga_firmwareRange<jacn38ww
Node
lenovo13w_yoga_gen_2_firmwareRange<kbcn20ww
AND
lenovo13w_yoga_gen_2Match-
Node
lenovoideapad_1-11ada05_firmwareRange<fqcn29ww
AND
lenovoideapad_1-11ada05Match-
Node
lenovoideapad_1-11igl05_firmwareRange<dwcn28ww
AND
lenovoideapad_1-11igl05Match-
Node
lenovoideapad_1-14ada05_firmwareRange<fqcn29ww
AND
lenovoideapad_1-14ada05Match-
Node
lenovoideapad_1-14igl05_firmwareRange<dwcn28ww
AND
lenovoideapad_1-14igl05Match-
Node
lenovoflex_5-14alc05_firmwareRange<gjcn32ww
AND
lenovoflex_5-14alc05Match-
Node
lenovoflex_5-14are05_firmwareRange<eecn43ww
AND
lenovoflex_5-14are05Match-
Node
lenovoflex_5-14iil05_firmwareRange<eccn45ww
AND
lenovoflex_5-14iil05Match-
Node
lenovoflex_5-14itl05_firmwareRange<fxcn44ww
AND
lenovoflex_5-14itl05Match-
Node
lenovoflex_5-15alc05_firmwareRange<gjcn32ww
AND
lenovoflex_5-15alc05Match-
Node
lenovoflex_5-15iil05_firmwareRange<eccn45ww
AND
lenovoflex_5-15iil05Match-
Node
lenovoflex_5-15itl05_firmwareRange<fxcn44ww
AND
lenovoflex_5-15itl05Match-
Node
lenovoideapad_flex_5_14abr8_firmwareRange<l7cn17ww
AND
lenovoideapad_flex_5_14abr8Match-
Node
lenovoideapad_flex_5_14alc7_firmwareRange<jccn35ww
AND
lenovoideapad_flex_5_14alc7Match-
Node
lenovoideapad_flex_5_14iau7_firmwareRange<j7cn44ww
AND
lenovoideapad_flex_5_14iau7Match-
Node
lenovoideapad_flex_5_14iru8_firmwareRange<l6cn20ww
AND
lenovoideapad_flex_5_14iru8Match-
Node
lenovoideapad_flex_5_16abr8_firmwareRange<l7cn17ww
AND
lenovoideapad_flex_5_16abr8Match-
Node
lenovoideapad_flex_5_16alc7_firmwareRange<jccn35ww
AND
lenovoideapad_flex_5_16alc7Match-
Node
lenovoideapad_flex_5_16iau7_firmwareRange<j7cn44ww
AND
lenovoideapad_flex_5_16iau7Match-
Node
lenovoideapad_flex_5_16iru8_firmwareRange<l6cn20ww
AND
lenovoideapad_flex_5_16iru8Match-
Node
lenovoflex_7_14iru8_firmwareRange<l6cn20ww
AND
lenovoflex_7_14iru8Match-
Node
lenovothinkbook_13s_g2_are_firmwareRange<fvcn28ww
AND
lenovothinkbook_13s_g2_areMatch-
Node
lenovothinkbook_13s_g2_itl_firmwareRange<f9cn57ww
AND
lenovothinkbook_13s_g2_itlMatch-
Node
lenovothinkbook_13s_g3_acn_firmwareRange<gmcn35ww
AND
lenovothinkbook_13s_g3_acnMatch-
Node
lenovothinkbook_13s_g4_iap_firmwareRange<hwcn49ww
AND
lenovothinkbook_13s_g4_iapMatch-
Node
lenovothinkbook_13x_g2_iap_firmwareRange<hxcn54ww
AND
lenovothinkbook_13x_g2_iapMatch-
Node
lenovothinkbook_14s_g2_itl_firmwareRange<f9cn57ww
AND
lenovothinkbook_14s_g2_itlMatch-
Node
lenovoyoga_9-15imh5_firmwareRange<epcn32ww
AND
lenovoyoga_9-15imh5Match-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Lenovo Notebook",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
nvd
nvd
CVE-2023-4028
2023-08-17 17:15:10
cvelist
cvelist
CVE-2023-4028
2023-08-17 16:48:06
prion
prion
Buffer overflow
2023-08-17 17:15:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVE-2023-4028
nvd1cvelist1prion1