CVE-2023-34419

EPSS 0.04%
Published 17.08.2023 17:15:09
Last modified 21.11.2024 08:07:12
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Legion 5 Pro 16iah7h Firmware Version < j2cn51ww

Lenovo ≫ Legion 5 Pro 16iah7h Version-

Lenovo ≫ Legion 5 Pro 16iah7 Firmware Version < j2cn51ww

Lenovo ≫ Legion 5 Pro 16iah7 Version-

Lenovo ≫ Legion 5 Pro 16arh7 Firmware Version-

Lenovo ≫ Legion 5 Pro 16arh7 Version-

Lenovo ≫ Legion 5 Pro 16arh7h Firmware Version-

Lenovo ≫ Legion 5 Pro 16arh7h Version-

Lenovo ≫ Legion 5 15arh7 Firmware Version-

Lenovo ≫ Legion 5 15arh7 Version-

Lenovo ≫ Legion 5 15arh7h Firmware Version-

Lenovo ≫ Legion 5 15arh7h Version-

Lenovo ≫ Legion 5 15iah7h Firmware Version < j2cn51ww

Lenovo ≫ Legion 5 15iah7h Version-

Lenovo ≫ Legion 5 15iah7 Firmware Version < j2cn51ww

Lenovo ≫ Legion 5 15iah7 Version-

Lenovo ≫ Legion 5 Pro-16ach6 Firmware Version-

Lenovo ≫ Legion 5 Pro-16ach6 Version-

Lenovo ≫ Legion 5 Pro-16ach6h Firmware Version-

Lenovo ≫ Legion 5 Pro-16ach6h Version-

Lenovo ≫ Legion 5 Pro-16ith6 Firmware Version-

Lenovo ≫ Legion 5 Pro-16ith6 Version-

Lenovo ≫ Legion 5 Pro-16ith6h Firmware Version-

Lenovo ≫ Legion 5 Pro-16ith6h Version-

Lenovo ≫ Legion 5-15ach6 Firmware Version-

Lenovo ≫ Legion 5-15ach6 Version-

Lenovo ≫ Legion 5-15ach6a Firmware Version-

Lenovo ≫ Legion 5-15ach6a Version-

Lenovo ≫ Legion 5-15ach6h Firmware Version-

Lenovo ≫ Legion 5-15ach6h Version-

Lenovo ≫ Legion 5-15ith6 Firmware Version-

Lenovo ≫ Legion 5-15ith6 Version-

Lenovo ≫ Legion 5-15ith6h Firmware Version-

Lenovo ≫ Legion 5-15ith6h Version-

Lenovo ≫ Legion 5-17ach6 Firmware Version-

Lenovo ≫ Legion 5-17ach6 Version-

Lenovo ≫ Legion 5-17ach6h Firmware Version-

Lenovo ≫ Legion 5-17ach6h Version-

Lenovo ≫ Legion 5-17ith6 Firmware Version-

Lenovo ≫ Legion 5-17ith6 Version-

Lenovo ≫ Legion 5-17ith6h Firmware Version-

Lenovo ≫ Legion 5-17ith6h Version-

Lenovo ≫ Legion 7-16arha7 Firmware Version-

Lenovo ≫ Legion 7-16arha7 Version-

Lenovo ≫ Legion 7-16achg6 Firmware Version-

Lenovo ≫ Legion 7-16achg6 Version-

Lenovo ≫ Legion 7-16ithg6 Firmware Version-

Lenovo ≫ Legion 7-16ithg6 Version-

Lenovo ≫ Legion Pro 5 16irx8 Firmware Version < kwcn37ww

Lenovo ≫ Legion Pro 5 16irx8 Version-

Lenovo ≫ Legion Pro 7 16irx8 Firmware Version < kwcn37ww

Lenovo ≫ Legion Pro 7 16irx8 Version-

Lenovo ≫ Legion Pro 7 16irx8h Firmware Version < kwcn37ww

Lenovo ≫ Legion Pro 7 16irx8h Version-

Lenovo ≫ Legion S7 16arha7 Firmware Version-

Lenovo ≫ Legion S7 16arha7 Version-

Lenovo ≫ Thinkbook 16p G3 Arh Firmware Version-

Lenovo ≫ Thinkbook 16p G3 Arh Version-

Lenovo ≫ Thinkbook 15p G2 Ith Firmware Version-

Lenovo ≫ Thinkbook 15p G2 Ith Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.lenovo.com/us/en/product_security/LEN-134879

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-34419

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-34419

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-34419

EUVD