Skip to main content

Esprimo D556 2 Firmware CVE-2023-40238

MEDIUM
Cleartext Storage of Sensitive Information (CWE-312)
2023-12-07 cve@mitre.org
Lenovo Information Disclosure Esprimo D556 2 Firmware Esprimo D6011 Firmware Esprimo D6012 Firmware Esprimo D7010 Firmware Esprimo D7010 8 Firmware Esprimo D7011 Firmware Esprimo D7012 Firmware Esprimo D7013 Firmware Esprimo D738 Firmware Esprimo D757 Firmware Esprimo D9010 Firmware Esprimo D9011 Firmware Esprimo D9012 Firmware Esprimo D9013 Firmware Esprimo D957 Firmware Esprimo D957 E9X Firmware Esprimo D958 Firmware Esprimo G5010 Firmware Esprimo G5011 Firmware Esprimo G558 Firmware Esprimo G6012 Firmware Esprimo G9010 Firmware Esprimo G9012 Firmware Esprimo G9013 Firmware Esprimo K5010 24 Firmware Esprimo K557 24 Firmware Esprimo K558 24 Firmware Esprimo P5010 Firmware Esprimo P5011 Firmware Esprimo P557 Firmware Esprimo P558 Power Firmware Esprimo P6012 Firmware Esprimo P7010 Firmware Esprimo P7011 Firmware Esprimo P7012 Firmware Esprimo P7013 Firmware Esprimo P757 Firmware Esprimo P758 Firmware Esprimo P9010 Firmware Esprimo P9011 Firmware Esprimo P9012 Firmware Esprimo P9013 Firmware Esprimo P957 Firmware Lifebook U9313X Firmware Lifebook U939 Firmware Lifebook U939X Firmware Lifebook U9413 Firmware Stylistic Q5010 Firmware Stylistic Q509 Firmware Stylistic Q7310 Firmware Stylistic Q7311 Firmware Stylistic Q7312 Firmware Stylistic Q739 Firmware Primequest 3800B Firmware Primequest 3800B2 Firmware Primequest 3800E Firmware Primequest 3800E2 Firmware Primequest 4400E Firmware Primergy Bx2560 M2 Firmware Primergy Bx2580 M2 Firmware Primergy Cx2550 M4 Firmware Primergy Cx2550 M5 Firmware Primergy Cx2550 M6 Firmware Primergy Cx2550 M7 Firmware Primergy Cx2560 M4 Firmware Primergy Cx2560 M5 Firmware Primergy Cx2560 M6 Firmware Primergy Cx2560 M7 Firmware Primergy Cx2570 M4 Firmware Primergy Cx2570 M5 Firmware Primergy Gx2460 M1 Firmware Primergy Gx2560 M7 Firmware Primergy Gx2570 M6 Firmware Primergy Rx1330 M3 Firmware Primergy Rx1330 M4 Firmware Primergy Rx1330 M5 Firmware Primergy Rx1440 M2 Firmware Primergy Rx2450 M1 Firmware Primergy Rx2450 M2 Firmware Primergy Rx2520 M4 Firmware Primergy Rx2520 M5 Firmware Primergy Rx2530 M4 Firmware Primergy Rx2530 M5 Firmware Esprimo P958 Firmware Esprimo P958 Power Firmware Esprimo P9910 Firmware Esprimo Q556 2 Firmware Esprimo Q556 2 D Firmware Esprimo Q558 Firmware Esprimo Q7010 Firmware Esprimo Q957 Mre Firmware Esprimo Q957 Firmware Esprimo Q958 Firmware Esprimo Q958 Mre Firmware Celsius C780 Firmware Celsius J5010 Firmware Celsius J550 2 Firmware Celsius J580 Firmware Celsius M7010 Firmware Celsius M7010Power Firmware Celsius M7010X Firmware Celsius M7010Xpower Firmware Celsius R970 Firmware Celsius R970B Firmware Celsius R970Bpower Firmware Celsius W5010 Firmware Celsius W5010 L Firmware Celsius W5011 Firmware Celsius W5012 Firmware Celsius W5012 Ll Firmware Celsius W570 Firmware Celsius W570Power Firmware Celsius W580 Firmware Celsius W580Power Firmware Celsius H5511 Firmware Celsius H7510 Firmware Celsius H7613 Firmware Celsius H780 Firmware Celsius H980 Firmware Lifebook A3510 Firmware Lifebook A3511 Firmware Primergy Rx2530 M6 Firmware Primergy Rx2530 M7 Firmware Primergy Rx2540 M4 Firmware Primergy Rx2540 M5 Firmware Primergy Rx2540 M6 Firmware Primergy Rx2540 M7 Firmware Primergy Rx4770 M3 Firmware Primergy Rx4770 M4 Firmware Primergy Rx4770 M5 Firmware Primergy Rx4770 M6 Firmware Primergy Rx4770 M7 Firmware Primergy Rx8770 M7 Firmware Primergy Tx1310 M3 Firmware Primergy Tx1310 M5 Firmware Primergy Tx1320 M3 Firmware Primergy Tx1320 M4 Firmware Primergy Tx1320 M5 Firmware Primergy Tx1330 M3 Firmware Primergy Tx1330 M4 Firmware Primergy Tx1330 M5 Firmware Primergy Tx2550 M4 Firmware Primergy Tx2550 M5 Firmware Primergy Tx2550 M7 Firmware Lifebook E4411 Firmware Lifebook E4511 Firmware Lifebook E5410 Firmware Lifebook E5411 Firmware Lifebook E5412 Firmware Lifebook E5412 Mtc Firmware Lifebook E5413 Firmware Lifebook E549 Firmware Lifebook E5510 Firmware Lifebook E5511 Firmware Lifebook E5512 Firmware Lifebook E5513 Firmware Lifebook E559 Firmware Lifebook E736 Firmware Lifebook E736 Vpro Firmware Lifebook E746 Firmware Lifebook E746 Vpro Firmware Lifebook T939 Firmware Lifebook U5313X Firmware Lifebook U729 Firmware Lifebook U729X Firmware Lifebook U7310 Firmware Lifebook U7311 Firmware Lifebook U7312 Firmware Lifebook U7313 Firmware Lifebook U7410 Firmware Lifebook U7411 Firmware Lifebook U7412 Firmware Lifebook U7413 Firmware Lifebook U749 Firmware Lifebook U7510 Firmware Lifebook U7511 Firmware Lifebook U7512 Firmware Lifebook U759 Firmware Lifebook U7613 Firmware Lifebook U9310 Firmware Lifebook U9310X Firmware Lifebook U9311 Firmware Lifebook U9312 Firmware Lifebook U9312X Firmware Insydeh2o
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 07, 2023 - 04:15 nvd
MEDIUM 5.5

DescriptionNVD

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression.

AnalysisAI

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-312. A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. Affected products include: Fujitsu Esprimo D556\/2 Firmware, Fujitsu Esprimo D6011 Firmware, Fujitsu Esprimo D6012 Firmware, Fujitsu Esprimo D7010 Firmware, Fujitsu Esprimo D7010\/8 Firmware. Version information: before 05.28.47.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2023-40238 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy