Lenovo: Security Vulnerabilities
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.
CVSS Score
6.1
EPSS Score
0.0
Published
2023-10-27
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-10-27
A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.
CVSS Score
8.8
EPSS Score
0.038
Published
2023-10-27
Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-27
An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-25
An authenticated XCC user can change permissions for any user through a crafted API command.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-25
An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command.
This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.
CVSS Score
4.1
EPSS Score
0.001
Published
2023-10-25
A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-25
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-10-25
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
CVSS Score
7.8
EPSS Score
0.851
Published
2023-10-25