10

CVE-2015-5684

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoB50-10 Firmware Version < cccn13ww\(v1.02\)
   LenovoB50-10 Version-
LenovoFlex 2 Pro-15 Firmware Version < a9cn46ww
   LenovoFlex 2 Pro-15 Version-
LenovoEdge 15 Firmware Version < a9cn46ww
   LenovoEdge 15 Version-
LenovoEdge 15 Firmware Version < b9cn17ww
   LenovoEdge 15 Version-
LenovoFlex 2 Pro-15 Firmware Version < b9cn17ww
   LenovoFlex 2 Pro-15 Version-
LenovoFlex 3-1470 Firmware Version < bdcn30ww
   LenovoFlex 3-1470 Version-
LenovoFlex 3-1570 Firmware Version < bdcn30ww
   LenovoFlex 3-1570 Version-
LenovoFlex 3-1120 Firmware Version < c0cn25ww
   LenovoFlex 3-1120 Version-
LenovoG40-80 Firmware Version < b0cn75ww
   LenovoG40-80 Version-
LenovoG50-80 Firmware Version < b0cn75ww
   LenovoG50-80 Version-
LenovoG50-80 Touch Firmware Version < b0cn75ww
   LenovoG50-80 Touch Version-
LenovoG50-80 Touch V3000 Firmware Version < b0cn75ww
   LenovoG50-80 Touch V3000 Version-
LenovoG40-80m Firmware Version < cbcn75ww
   LenovoG40-80m Version-
LenovoG50-80m Firmware Version < cbcn75ww
   LenovoG50-80m Version-
LenovoIdeapad 100-14iby Firmware Version < v1.02_\(cccn13ww\)
   LenovoIdeapad 100-14iby Version-
LenovoIdeapad 100-15iby Firmware Version < v1.02_\(cccn13ww\)
   LenovoIdeapad 100-15iby Version-
LenovoS21e Firmware Version < c4cn14ww\(v1.04\)
   LenovoS21e Version-
LenovoS41-70 Firmware Version < bdcn30ww
   LenovoS41-70 Version-
LenovoU41-70 Firmware Version < bdcn30ww
   LenovoU41-70 Version-
LenovoS435 Firmware Version < bbcn15ww\(v1.06\)
   LenovoS435 Version-
LenovoM40-35 Firmware Version < bbcn15ww\(v1.06\)
   LenovoM40-35 Version-
LenovoU31-70 Firmware Version < afcn30ww\(v2.02\)
   LenovoU31-70 Version-
LenovoYoga 3 14 Firmware Version < bacn33ww
   LenovoYoga 3 14 Version-
LenovoYoga 3 11 Firmware Version < b8cn30ww\(v2.08\)
   LenovoYoga 3 11 Version-
LenovoY40-80 Firmware Version < b5cn36ww\(v2.02\)
   LenovoY40-80 Version-
LenovoZ41-70 Firmware Version < c2cn18ww\(v1.04\)
   LenovoZ41-70 Version-
LenovoZ51-70 Firmware Version < c2cn18ww\(v1.04\)
   LenovoZ51-70 Version-
LenovoZ70-80 Firmware Version < abcn75ww
   LenovoZ70-80 Version-
LenovoG70-80 Firmware Version < abcn75ww
   LenovoG70-80 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.07% 0.874
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.