Lucene search

LenovoCVE-2023-5080

HistoryJan 19, 2024 - 8:15 p.m.

CVE-2023-5080

2024-01-1920:15:12

CWE-266

lenovo

web.nvd.nist.gov

lenovo

tablet

privilege escalation

vulnerability

nvd

cve-2023-5080

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Affected configurations

Nvd

Node

lenovotab_m8_hd_tb8505f_firmwareRange<8505f_usr_s301106_2309140042_v9.56_bmp_row

AND

lenovotab_m8_hd_tb8505fMatch-

Node

lenovotab_m8_hd_tb8505fs_firmwareRange<8505fs_usr_s301107_2309140028_v9.56_bmp_row

AND

lenovotab_m8_hd_tb8505fsMatch-

Node

lenovotab_m8_hd_tb8505x_firmwareRange<8505x_usr_s301129_2309141226_v9.56_bmp_row

AND

lenovotab_m8_hd_tb8505xMatch-

Node

lenovotab_m8_hd_tb8505xs_firmwareRange<8505xs_usr_s301077_2309140036_v9.56_bmp_row

AND

lenovotab_m8_hd_tb8505xsMatch-

Node

lenovotab_m10_plus_gen_3_tb125fu_firmwareRange<tb125fu_usr_s100116_2311171525_mp1rc_row

AND

lenovotab_m10_plus_gen_3_tb125fuMatch-

Node

lenovotab_p11_pro_gen_2_tb132fu_firmwareRange<tb132fu_s240219_231123_row

AND

lenovotab_p11_pro_gen_2_tb132fuMatch-

VendorProductVersionCPE
lenovotab_m8_hd_tb8505f_firmware*cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505f-cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505fs_firmware*cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505fs-cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505x_firmware*cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505x-cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505xs_firmware*cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*
lenovotab_m8_hd_tb8505xs-cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*
lenovotab_m10_plus_gen_3_tb125fu_firmware*cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:*:*:*:*:*:*:*:*
lenovotab_m10_plus_gen_3_tb125fu-cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	tab_m8_hd_tb8505f_firmware	*	cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware::::::::
lenovo	tab_m8_hd_tb8505f	-	cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:::::::*
lenovo	tab_m8_hd_tb8505fs_firmware	*	cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware::::::::
lenovo	tab_m8_hd_tb8505fs	-	cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:::::::*
lenovo	tab_m8_hd_tb8505x_firmware	*	cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware::::::::
lenovo	tab_m8_hd_tb8505x	-	cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:::::::*
lenovo	tab_m8_hd_tb8505xs_firmware	*	cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware::::::::
lenovo	tab_m8_hd_tb8505xs	-	cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:::::::*
lenovo	tab_m10_plus_gen_3_tb125fu_firmware	*	cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware::::::::
lenovo	tab_m10_plus_gen_3_tb125fu	-	cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Tablet",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-142135

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-5080