CVE-2023-5080

EPSS 0.04%
Published 19.01.2024 20:15:12
Last modified 21.11.2024 08:41:01
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Tab M8 Hd Tb8505f Firmware Version < 8505f_usr_s301106_2309140042_v9.56_bmp_row

Lenovo ≫ Tab M8 Hd Tb8505f Version-

Lenovo ≫ Tab M8 Hd Tb8505fs Firmware Version < 8505fs_usr_s301107_2309140028_v9.56_bmp_row

Lenovo ≫ Tab M8 Hd Tb8505fs Version-

Lenovo ≫ Tab M8 Hd Tb8505x Firmware Version < 8505x_usr_s301129_2309141226_v9.56_bmp_row

Lenovo ≫ Tab M8 Hd Tb8505x Version-

Lenovo ≫ Tab M8 Hd Tb8505xs Firmware Version < 8505xs_usr_s301077_2309140036_v9.56_bmp_row

Lenovo ≫ Tab M8 Hd Tb8505xs Version-

Lenovo ≫ Tab M10 Plus Gen 3 Tb125fu Firmware Version < tb125fu_usr_s100116_2311171525_mp1rc_row

Lenovo ≫ Tab M10 Plus Gen 3 Tb125fu Version-

Lenovo ≫ Tab P11 Pro Gen 2 Tb132fu Firmware Version < tb132fu_s240219_231123_row

Lenovo ≫ Tab P11 Pro Gen 2 Tb132fu Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.8	2.5	4.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://support.lenovo.com/us/en/product_security/LEN-142135

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5080

EUVD