CVE-2023-43570Improper Input Validation in Lenovo Ideacentre 3-07ada05 Firmware

CWE-20Improper Input Validation3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 85.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
81
Lenovo Ideacentre 3-07ada05 FirmwareLenovo Ideacentre 3-07imb05 FirmwareLenovo Ideacentre 5-14imb05 Firmware+78 more
Timeline
PublishedNov 8
Latest updateNov 9

Description

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages81 packages

🔴Vulnerability Details

2
GHSA
GHSA-2974-5gjv-486c: A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to2023-11-09
CVEList
CVE-2023-43570: A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to2023-11-08
CVE-2023-43570 — Improper Input Validation in Lenovo | cvebase