CVE-2024-45105

EPSS 0.04%
Veröffentlicht 13.09.2024 18:15:05
Zuletzt bearbeitet 14.09.2024 11:47:14
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerlenovo

≫

Produkt thinkagile_hx5530_firmware

Default Statusunaffected

Version < afe130c

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkedge_se450__firmware

Default Statusunaffected

Version < cme116d

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkedge_se350_v2_firmware

Default Statusunaffected

Version < iye110f

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_st250_v3_firmware

Default Statusunaffected

Version < cte110i

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkagile_hx3375_firmware

Default Statusunaffected

Version < d8e138d

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sr950_v3_firmware

Default Statusunaffected

Version < ebe108h

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkagile_hx650_v3_firmware

Default Statusunaffected

Version < ese126h

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sd530_v3_firmware

Default Statusunaffected

Version < fne118d

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkagile_hx645_v3_integrated_system_firmware

Default Statusunaffected

Version < kae120j

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sr850_v2_firmware

Default Statusunaffected

Version < m5e128i

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinkedge_se455_v3_firmware

Default Statusunaffected

Version < mbe110h

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sd665_v3_firmware

Default Statusunaffected

Version < qge124h

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sr850_v3_firmware

Default Statusunaffected

Version < rse110h

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sr250_v2_firmware

Default Statusunaffected

Version < tqe116c

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sd630_v2_firmware

Default Statusunaffected

Version < u8e128l

Version 0

Status affected

Herstellerlenovo

≫

Produkt thinksystem_sd650_v3_firmware

Default Statusunaffected

Version < use130g

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

https://support.lenovo.com/us/en/product_security/LEN-165524

https://nvd.nist.gov/vuln/detail/CVE-2024-45105

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45105

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45105

EUVD