CVE-2023-5078
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.
Se informó una vulnerabilidad en algunos BIOS de ThinkPad que podría permitir que un atacante físico o local con privilegios elevados altere el firmware del BIOS.
*Credits:
Lenovo thanks Krzysztof Okupski, Enrique Nissim, Joseph Tartaro of IOActive for reporting this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-19 CVE Reserved
- 2023-11-08 CVE Published
- 2024-09-16 CVE Updated
- 2025-04-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
- CWE-1419: Incorrect Initialization of Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-141775 | 2023-11-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Thinkpad X13 Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad X13 Gen 3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad X13 Gen 3 Search vendor "Lenovo" for product "Thinkpad X13 Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 7 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 7 Firmware" | < 1.19 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 7 Firmware" and version " < 1.19" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 7 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 6 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 6 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 6 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Gen 8 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Gen 8 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Gen 8 Search vendor "Lenovo" for product "Thinkpad S2 Gen 8" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad P14s Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad P14s Gen 3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad P14s Gen 3 Search vendor "Lenovo" for product "Thinkpad P14s Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad P16s Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad P16s Gen 1 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad P16s Gen 1 Search vendor "Lenovo" for product "Thinkpad P16s Gen 1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T14 Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad T14 Gen 3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T14 Gen 3 Search vendor "Lenovo" for product "Thinkpad T14 Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T14s Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad T14s Gen 3 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T14s Gen 3 Search vendor "Lenovo" for product "Thinkpad T14s Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad T16 Gen 1 Firmware Search vendor "Lenovo" for product "Thinkpad T16 Gen 1 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad T16 Gen 1 Search vendor "Lenovo" for product "Thinkpad T16 Gen 1" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad L14 Gen 3 Firmware" | < 1.23 Search vendor "Lenovo" for product "Thinkpad L14 Gen 3 Firmware" and version " < 1.23" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 3 Search vendor "Lenovo" for product "Thinkpad L14 Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 4 Firmware Search vendor "Lenovo" for product "Thinkpad L14 Gen 4 Firmware" | < 1.1 Search vendor "Lenovo" for product "Thinkpad L14 Gen 4 Firmware" and version " < 1.1" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L14 Gen 4 Search vendor "Lenovo" for product "Thinkpad L14 Gen 4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad L15 Gen 3 Firmware" | < 1.23 Search vendor "Lenovo" for product "Thinkpad L15 Gen 3 Firmware" and version " < 1.23" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 3 Search vendor "Lenovo" for product "Thinkpad L15 Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 4 Firmware Search vendor "Lenovo" for product "Thinkpad L15 Gen 4 Firmware" | < 1.1 Search vendor "Lenovo" for product "Thinkpad L15 Gen 4 Firmware" and version " < 1.1" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L15 Gen 4 Search vendor "Lenovo" for product "Thinkpad L15 Gen 4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 4 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 4 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 4 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 3 Firmware" | < 1.19 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 3 Firmware" and version " < 1.19" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 3 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Yoga Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Yoga Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 4 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Gen 4 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 4 Search vendor "Lenovo" for product "Thinkpad L13 Gen 4" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 3 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Gen 3 Firmware" | < 1.19 Search vendor "Lenovo" for product "Thinkpad L13 Gen 3 Firmware" and version " < 1.19" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 3 Search vendor "Lenovo" for product "Thinkpad L13 Gen 3" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Firmware Search vendor "Lenovo" for product "Thinkpad L13 Gen 2 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad L13 Gen 2 Search vendor "Lenovo" for product "Thinkpad L13 Gen 2" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 8 Firmware Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 8 Firmware" | - | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkpad S2 Yoga Gen 8 Search vendor "Lenovo" for product "Thinkpad S2 Yoga Gen 8" | - | - |
Safe
|