Shodan
Vulnerabilities
Vulnerable Software
Lenovo:  Security Vulnerabilities
CVE-2023-34420
A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-06-26
CVE-2023-34421
A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
CVE-2023-34422
A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-06-26
CVE-2023-3113
An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-06-26
CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVSS Score
6.4
EPSS Score
0.0
Published
2023-06-26
CVE-2023-2992
An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-26
CVE-2022-48181
An ErrorMessage driver stack-based buffer overflow vulnerability in BIOS of some ThinkPad models could allow an attacker with local access to elevate their privileges and execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-05
CVE-2022-48188
A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-06-05
CVE-2022-4569
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-06-05
CVE-2022-48186
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-05-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved