CVE-2023-34419
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.
Se ha identificado un desbordamiento de búfer en el controlador SetupUtility de algunos productos portátiles de Lenovo los cuales podrían permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario.
*Credits:
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-06-05 CVE Reserved
- 2023-08-17 CVE Published
- 2023-08-25 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-134879 | 2023-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Legion 5 Pro 16iah7h Firmware Search vendor "Lenovo" for product "Legion 5 Pro 16iah7h Firmware" | < j2cn51ww Search vendor "Lenovo" for product "Legion 5 Pro 16iah7h Firmware" and version " < j2cn51ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro 16iah7h Search vendor "Lenovo" for product "Legion 5 Pro 16iah7h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro 16iah7 Firmware Search vendor "Lenovo" for product "Legion 5 Pro 16iah7 Firmware" | < j2cn51ww Search vendor "Lenovo" for product "Legion 5 Pro 16iah7 Firmware" and version " < j2cn51ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro 16iah7 Search vendor "Lenovo" for product "Legion 5 Pro 16iah7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro 16arh7 Firmware Search vendor "Lenovo" for product "Legion 5 Pro 16arh7 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro 16arh7 Search vendor "Lenovo" for product "Legion 5 Pro 16arh7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro 16arh7h Firmware Search vendor "Lenovo" for product "Legion 5 Pro 16arh7h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro 16arh7h Search vendor "Lenovo" for product "Legion 5 Pro 16arh7h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 15arh7 Firmware Search vendor "Lenovo" for product "Legion 5 15arh7 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 15arh7 Search vendor "Lenovo" for product "Legion 5 15arh7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 15arh7h Firmware Search vendor "Lenovo" for product "Legion 5 15arh7h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 15arh7h Search vendor "Lenovo" for product "Legion 5 15arh7h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 15iah7h Firmware Search vendor "Lenovo" for product "Legion 5 15iah7h Firmware" | < j2cn51ww Search vendor "Lenovo" for product "Legion 5 15iah7h Firmware" and version " < j2cn51ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 15iah7h Search vendor "Lenovo" for product "Legion 5 15iah7h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 15iah7 Firmware Search vendor "Lenovo" for product "Legion 5 15iah7 Firmware" | < j2cn51ww Search vendor "Lenovo" for product "Legion 5 15iah7 Firmware" and version " < j2cn51ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 15iah7 Search vendor "Lenovo" for product "Legion 5 15iah7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ach6 Firmware Search vendor "Lenovo" for product "Legion 5 Pro-16ach6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ach6 Search vendor "Lenovo" for product "Legion 5 Pro-16ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ach6h Firmware Search vendor "Lenovo" for product "Legion 5 Pro-16ach6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ach6h Search vendor "Lenovo" for product "Legion 5 Pro-16ach6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ith6 Firmware Search vendor "Lenovo" for product "Legion 5 Pro-16ith6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ith6 Search vendor "Lenovo" for product "Legion 5 Pro-16ith6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ith6h Firmware Search vendor "Lenovo" for product "Legion 5 Pro-16ith6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5 Pro-16ith6h Search vendor "Lenovo" for product "Legion 5 Pro-16ith6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-15ach6 Firmware Search vendor "Lenovo" for product "Legion 5-15ach6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-15ach6 Search vendor "Lenovo" for product "Legion 5-15ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-15ach6a Firmware Search vendor "Lenovo" for product "Legion 5-15ach6a Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-15ach6a Search vendor "Lenovo" for product "Legion 5-15ach6a" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-15ach6h Firmware Search vendor "Lenovo" for product "Legion 5-15ach6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-15ach6h Search vendor "Lenovo" for product "Legion 5-15ach6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-15ith6 Firmware Search vendor "Lenovo" for product "Legion 5-15ith6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-15ith6 Search vendor "Lenovo" for product "Legion 5-15ith6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-15ith6h Firmware Search vendor "Lenovo" for product "Legion 5-15ith6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-15ith6h Search vendor "Lenovo" for product "Legion 5-15ith6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-17ach6 Firmware Search vendor "Lenovo" for product "Legion 5-17ach6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-17ach6 Search vendor "Lenovo" for product "Legion 5-17ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-17ach6h Firmware Search vendor "Lenovo" for product "Legion 5-17ach6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-17ach6h Search vendor "Lenovo" for product "Legion 5-17ach6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-17ith6 Firmware Search vendor "Lenovo" for product "Legion 5-17ith6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-17ith6 Search vendor "Lenovo" for product "Legion 5-17ith6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 5-17ith6h Firmware Search vendor "Lenovo" for product "Legion 5-17ith6h Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 5-17ith6h Search vendor "Lenovo" for product "Legion 5-17ith6h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 7-16arha7 Firmware Search vendor "Lenovo" for product "Legion 7-16arha7 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 7-16arha7 Search vendor "Lenovo" for product "Legion 7-16arha7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 7-16achg6 Firmware Search vendor "Lenovo" for product "Legion 7-16achg6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 7-16achg6 Search vendor "Lenovo" for product "Legion 7-16achg6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion 7-16ithg6 Firmware Search vendor "Lenovo" for product "Legion 7-16ithg6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion 7-16ithg6 Search vendor "Lenovo" for product "Legion 7-16ithg6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion Pro 5 16irx8 Firmware Search vendor "Lenovo" for product "Legion Pro 5 16irx8 Firmware" | < kwcn37ww Search vendor "Lenovo" for product "Legion Pro 5 16irx8 Firmware" and version " < kwcn37ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion Pro 5 16irx8 Search vendor "Lenovo" for product "Legion Pro 5 16irx8" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion Pro 7 16irx8 Firmware Search vendor "Lenovo" for product "Legion Pro 7 16irx8 Firmware" | < kwcn37ww Search vendor "Lenovo" for product "Legion Pro 7 16irx8 Firmware" and version " < kwcn37ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion Pro 7 16irx8 Search vendor "Lenovo" for product "Legion Pro 7 16irx8" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion Pro 7 16irx8h Firmware Search vendor "Lenovo" for product "Legion Pro 7 16irx8h Firmware" | < kwcn37ww Search vendor "Lenovo" for product "Legion Pro 7 16irx8h Firmware" and version " < kwcn37ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion Pro 7 16irx8h Search vendor "Lenovo" for product "Legion Pro 7 16irx8h" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Legion S7 16arha7 Firmware Search vendor "Lenovo" for product "Legion S7 16arha7 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Legion S7 16arha7 Search vendor "Lenovo" for product "Legion S7 16arha7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 16p G3 Arh Firmware Search vendor "Lenovo" for product "Thinkbook 16p G3 Arh Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 16p G3 Arh Search vendor "Lenovo" for product "Thinkbook 16p G3 Arh" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 15p G2 Ith Firmware Search vendor "Lenovo" for product "Thinkbook 15p G2 Ith Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 15p G2 Ith Search vendor "Lenovo" for product "Thinkbook 15p G2 Ith" | - | - |
Safe
|