CVE-2023-43577
Severity CVSS v4.0:
Pending analysis
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
08/11/2023
Last modified:
16/11/2023
Description
A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
Impact
Base Score 3.x
6.70
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:lenovo:ideacentre_c5-14imb05_firmware:*:*:*:*:*:*:*:* | o4hkt3ca (excluding) | |
| cpe:2.3:h:lenovo:ideacentre_c5-14imb05:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_3-07ada05_firmware:*:*:*:*:*:*:*:* | o4fkt39a (excluding) | |
| cpe:2.3:h:lenovo:ideacentre_3-07ada05:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_3-07imb05_firmware:*:*:*:*:*:*:*:* | m2vkt21a (excluding) | |
| cpe:2.3:h:lenovo:ideacentre_3-07imb05:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_5_14iab7_firmware:*:*:*:*:*:*:*:* | m42kt46a (excluding) | |
| cpe:2.3:h:lenovo:ideacentre_5_14iab7:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_5_14irb8_firmware:*:*:*:*:*:*:*:* | m4ukt36a (excluding) | |
| cpe:2.3:h:lenovo:ideacentre_5_14irb8:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_5-14acn6_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:lenovo:ideacentre_5-14acn6:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:ideacentre_t540-15ama_g_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:lenovo:ideacentre_t540-15ama_g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:lenovo:thinkcentre_neo_70t_gen_3_firmware:*:*:*:*:*:*:*:* | m40kt45a (excluding) |
To consult the complete list of CPE names with products and versions, see this page