Skip to main content

Ideacentre C5 14Imb05 Firmware CVE-2023-43573

MEDIUM
Classic Buffer Overflow (CWE-120)
2023-11-08 psirt@lenovo.com
Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Iab7 Firmware Ideacentre 5 14Irb8 Firmware Ideacentre 5 14Acn6 Firmware Ideacentre T540 15Ama G Firmware Thinkcentre Neo 70T Gen 3 Firmware Thinkcentre Neo 50T Gen 3 Firmware Thinkcentre Neo 50A 24 Gen 4 Firmware Thinkcentre Neo 50A 24 Gen 3 Firmware Thinkcentre Neo 30A 27 Gen 4 Firmware Thinkcentre Neo 30A 27 Gen 3 Firmware Thinkcentre Neo 30A 24 Gen 4 Firmware Thinkcentre Neo 30A 24 Gen 3 Firmware Thinkcentre Neo 30A 22 Gen 4 Firmware Thinkcentre Neo 30A 22 Gen 3 Firmware Thinkcentre M920Z All In One Firmware Thinkcentre M90T Gen 3 Firmware Thinkcentre M90T Firmware Thinkcentre M90S Gen 3 Firmware Thinkcentre M90S Firmware Thinkcentre M90Q Tiny Firmware Thinkcentre M90Q Gen 3 Firmware Thinkcentre M90Q Gen 2 Firmware Thinkcentre M90A Pro Gen 3 Firmware Thinkcentre M90A Gen 3 Firmware Thinkcentre M90A Gen 2 Firmware Thinkcentre M90A Firmware Thinkcentre M80T Gen 3 Firmware Thinkcentre M80T Firmware Thinkcentre M80S Gen 3 Firmware Thinkcentre M80S Firmware Thinkcentre M80Q Gen 3 Firmware Thinkcentre M80Q Firmware Thinkcentre M75T Gen 2 Firmware Thinkcentre M75S Gen 2 Firmware Thinkcentre M75Q Gen 2 Firmware Thinkcentre M75N Firmware Thinkcentre M70T Gen 3 Firmware Thinkcentre M70T Firmware Thinkcentre M70S Gen 3 Firmware Thinkcentre M70S Firmware Thinkcentre M70Q Gen 2 Firmware Thinkcentre M70Q Firmware Thinkcentre M70C Firmware Thinkcentre M70A Gen 3 Firmware Thinkcentre M630E Firmware Thinkcentre M625Q Firmware Loq 17Irb8 Firmware Legion T5 26Iab7 Firmware Legion T7 34Imz5 Firmware Legion T7 34Iaz7 Firmware Legion T7 34Irz8 Firmware Legion T5 26Irb8 Firmware Ideacentre Mini 5 01Imh05 Firmware Ideacentre Mini 5 01Iaq7 Firmware Ideacentre Gaming 5 14Iob6 Firmware Ideacentre Gaming 5 14Acn6 Firmware Ideacentre Gaming 5 17Iab7 Firmware Ideacentre Gaming 5 17Acn7 Firmware Ideacentre G5 14Imb05 Firmware Ideacentre G5 14Amr05 Firmware Ideacentre Creator 5 14Iob6 Firmware Ideacentre Aio 5 27Iah7 Firmware Ideacentre Aio 5 24Iah7 Firmware Ideacentre Aio 3 27Itl6 Firmware Ideacentre Aio 3 27Imb05 Firmware Ideacentre Aio 3 24Itl6 Firmware Ideacentre Aio 3 24Imb05 Firmware Ideacentre Aio 3 24Iil5 Firmware Ideacentre Aio 3 24Alc6 Firmware Ideacentre Aio 3 22Itl6 Firmware Ideacentre Aio 3 22Imb05 Firmware Ideacentre Aio 3 22Iil5 Firmware Ideacentre Aio 3 27Iap7 Firmware Ideacentre Aio 3 24Iap7 Firmware Ideacentre Aio 3 22Iap7 Firmware Ideacentre Aio 3 21Itl7 Firmware Ideacentre 5 14Iob6 Firmware Ideacentre 5 14Imb05 Firmware V30A 22Iml Firmware V30A 22Itl Firmware V30A 24Iml Firmware V30A 24Itl Firmware V50A 22Imb Firmware V50A 24Imb Firmware V50S 07Imb Firmware V50T 13Imb Firmware V50T 13Imh Firmware V50T 13Iob Firmware V55T Gen 2 13Acn Firmware Yoga Aio 7 27Arh7 Firmware Yoga Aio 7 27Arh6 Firmware Thinkedge Se30 Firmware Thinkstation P920 Workstation Firmware Thinkstation P720 Workstation Firmware Thinkstation P520C Workstation Firmware Thinkstation P520 Workstation Firmware Thinkstation P360 Workstation Firmware Thinkstation P360 Ultra Workstation Firmware Thinkstation P360 Tiny Workstation Firmware Thinkstation P358 Workstation Firmware Thinkstation P350 Workstation Firmware Thinkstation P350 Tiny Workstation Firmware Thinkstation P348 Workstation Firmware Thinkstation P340 Workstation Firmware Thinkstation P340 Tiny Workstation Firmware Thinkstation P330 Workstation 2Nd Gen Firmware Thinkstation P330 Workstation Firmware Thinkstation P320 Workstation Firmware
6.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 08, 2023 - 23:15 nvd
MEDIUM 6.7

DescriptionNVD

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

AnalysisAI

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Affected products include: Lenovo Ideacentre C5-14Imb05 Firmware, Lenovo Ideacentre 3-07Ada05 Firmware, Lenovo Ideacentre 3-07Imb05 Firmware, Lenovo Ideacentre 5 14Iab7 Firmware, Lenovo Ideacentre 5 14Irb8 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2023-45079 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated pr

CVE-2023-45078 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with el

CVE-2023-45077 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45076 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated pri

CVE-2023-45075 MEDIUM
6.7 Nov 08

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated

CVE-2023-43581 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker

CVE-2023-43580 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacke

CVE-2023-43579 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker w

CVE-2023-43578 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker wi

CVE-2023-43577 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker wit

CVE-2023-43576 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker wi

CVE-2023-43575 MEDIUM
6.7 Nov 08

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local a

Share

CVE-2023-43573 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy