CVE-2023-4030
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
Se ha reportado una vulnerabilidad en BIOS en ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, y T15 Gen 2 que podrĂa hacer que el sistema se recupere en configuraciones inseguras si el BIOS se corrompe.
*Credits:
Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-31 CVE Reserved
- 2023-08-17 CVE Published
- 2023-08-18 EPSS Updated
- 2024-10-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-636: Not Failing Securely ('Failing Open')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-134879 | 2023-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkpad T15 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad T15 Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T15 Gen 2 Search vendor "Lenovo" for product "Thinkpad T15 Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad P14s Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad P14s Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad P14s Gen 2 Search vendor "Lenovo" for product "Thinkpad P14s Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad P15s Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad P15s Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad P15s Gen 2 Search vendor "Lenovo" for product "Thinkpad P15s Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T14 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad T14 Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T14 Gen 2 Search vendor "Lenovo" for product "Thinkpad T14 Gen 2" | - | - |
Safe
|