We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-5078



Description

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.

Reserved 2023-09-19 | Published 2023-11-08 | Updated 2024-09-16 | Assigner lenovo


MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1419: Incorrect Initialization of Resource

Product status

Default status
unaffected

various
affected

Credits

Lenovo thanks Krzysztof Okupski, Enrique Nissim, Joseph Tartaro of IOActive for reporting this vulnerability. finder

References

support.lenovo.com/us/en/product_security/LEN-141775

cve.org (CVE-2023-5078)

nvd.nist.gov (CVE-2023-5078)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-5078

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.