Shodan
Vulnerabilities
Vulnerable Software
Lenovo:  Security Vulnerabilities
CVE-2022-48181
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-05
CVE-2022-48188
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-05
CVE-2022-4569
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-06-05
CVE-2022-48186
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-05-01
CVE-2022-4568
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVSS Score
7.0
EPSS Score
0.0
Published
2023-05-01
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVSS Score
8.3
EPSS Score
0.002
Published
2023-05-01
CVE-2023-25492
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
CVSS Score
6.3
EPSS Score
0.002
Published
2023-05-01
CVE-2023-0896
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-01
CVE-2023-25496
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-04-28
CVE-2023-29056
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved