Thinkpad T15 Gen 2 Firmware
CVE-2023-4030
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
AnalysisAI
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-636. A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. Affected products include: Lenovo Thinkpad T15 Gen 2 Firmware, Lenovo Thinkpad P14S Gen 2 Firmware, Lenovo Thinkpad P15S Gen 2 Firmware, Lenovo Thinkpad T14 Gen 2 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Thinkpad T15 Gen 2 Firmware
View allA potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elev
A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an
A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad s
Same weakness CWE-636 – Not Failing Securely ('Failing Open')
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today