CVE-2023-4029 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
lenovo	CNA	6.7 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Affected Products (NVD)

Vendor	Product	Version
lenovo	k14_type_21cu_firmware	𝑥 < 1.12
lenovo	k14_type_21cv_firmware	𝑥 < 1.12
lenovo	thinkpad_s2_yoga_gen_8_firmware	𝑥 < 1.10
lenovo	thinkpad_e14_gen_3_firmware	𝑥 < 1.15
lenovo	thinkpad_e15_gen_3_firmware	𝑥 < 1.15
lenovo	thinkpad_l13_gen_2_firmware	𝑥 < 1.30
lenovo	thinkpad_l13_gen_3_firmware	𝑥 < 1.19
lenovo	thinkpad_l13_gen_4_firmware	𝑥 < 1.10
lenovo	thinkpad_l13_yoga_gen_4_firmware	𝑥 < 1.10
lenovo	thinkpad_l13_yoga_gen_2_firmware	𝑥 < 1.30
lenovo	thinkpad_l13_yoga_gen_3_firmware	𝑥 < 1.19
lenovo	thinkpad_l14_gen_2_firmware	𝑥 < 1.28
lenovo	thinkpad_l14_gen_3_firmware	𝑥 < 1.23
lenovo	thinkpad_l14_gen_4_firmware	𝑥 < 1.06
lenovo	thinkpad_l15_gen_2_firmware	𝑥 < 1.28
lenovo	thinkpad_l15_gen_3_firmware	𝑥 < 1.23
lenovo	thinkpad_l15_gen_4_firmware	𝑥 < 1.06
lenovo	thinkpad_p14s_gen_2_firmware	𝑥 < 1.34
lenovo	thinkpad_t14_gen_2_firmware	𝑥 < 1.34
lenovo	thinkpad_t14s_gen_2_firmware	𝑥 < 1.37
lenovo	thinkpad_s2_gen_6_firmware	𝑥 < 1.30
lenovo	thinkpad_s2_gen_7_firmware	𝑥 < 1.19
lenovo	thinkpad_s2_gen_8_firmware	𝑥 < 1.10
lenovo	thinkpad_s2_yoga_gen_6_firmware	𝑥 < 1.30
lenovo	thinkpad_s2_yoga_gen_7_firmware	𝑥 < 1.19
lenovo	thinkpad_x13_gen_2_firmware	𝑥 < 1.37

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://support.lenovo.com/us/en/product_security/LEN-134879

https://support.lenovo.com/us/en/product_security/LEN-134879