CVE-2023-43571

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 88.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Ideacentre 3-07ada05 Firmware Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 5-14imb05 Firmware +78 more

Timeline

PublishedNov 8

Latest updateNov 9

Description

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages81 packages

▶CVEListV5lenovo/desktop_biosvarious

▶NVDlenovo/loq_17irb8_firmware< m4ukt36a

▶NVDlenovo/v30a-22iml_firmware< m37kt31a

▶NVDlenovo/v30a-22itl_firmware< o5akt34a

▶NVDlenovo/v30a-24iml_firmware< m37kt31a

🔴Vulnerability Details

GHSA

GHSA-mxq5-hwfr-q6p8: A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privile↗2023-11-09

▶

CVEList

CVE-2023-43571: A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privile↗2023-11-08

▶