CVE-2015-5684

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://support.lenovo.com/us/en/product_security/lse_bios_notebook	Vendor Advisory
https://support.lenovo.com/us/en/product_security/lse_bios_notebook	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:b50-10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:b50-10:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:flex_2_pro-15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_2_pro-15:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:edge_15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:edge_15:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:edge_15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:edge_15:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:flex_2_pro-15_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_2_pro-15:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:flex_3-1470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_3-1470:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:flex_3-1570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_3-1570:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:flex_3-1120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:flex_3-1120:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:g40-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g40-80:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:g50-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g50-80:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:g50-80_touch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g50-80_touch:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lenovo:g50-80_touch_v3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g50-80_touch_v3000:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lenovo:g40-80m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g40-80m:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:g50-80m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g50-80m:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:ideapad_100-14iby_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_100-14iby:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:ideapad_100-15iby_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_100-15iby:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:s21e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s21e:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:s41-70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s41-70:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:u41-70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:u41-70:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lenovo:s435_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:s435:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lenovo:m40-35_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:m40-35:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:lenovo:u31-70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:u31-70:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:lenovo:yoga_3_14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_3_14:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:lenovo:yoga_3_11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_3_11:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:lenovo:y40-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:y40-80:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:lenovo:z41-70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:z41-70:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:lenovo:z51-70_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:z51-70:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:lenovo:z70-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:z70-80:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:lenovo:g70-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:g70-80:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:33

Type	Values Removed	Values Added
References	~~() https://support.lenovo.com/us/en/product_security/lse_bios_notebook - Vendor Advisory~~	() https://support.lenovo.com/us/en/product_security/lse_bios_notebook - Vendor Advisory

Information

Published : 2020-03-27 15:15

Updated : 2024-11-21 02:33

NVD link : CVE-2015-5684

Mitre link : CVE-2015-5684

CVE.ORG link : CVE-2015-5684

JSON object : View

Products Affected

lenovo

g50-80m
z51-70
g40-80
flex_3-1470_firmware
u31-70
y40-80_firmware
g70-80_firmware
g50-80m_firmware
flex_2_pro-15
flex_3-1470
g50-80_touch
ideapad_100-15iby_firmware
u41-70_firmware
z41-70
y40-80
flex_3-1120
s435
z70-80
ideapad_100-14iby
m40-35_firmware
g50-80_touch_v3000
s21e_firmware
s41-70
z41-70_firmware
g40-80m_firmware
z70-80_firmware
m40-35
flex_3-1120_firmware
ideapad_100-14iby_firmware
b50-10_firmware
g70-80
edge_15_firmware
ideapad_100-15iby
s435_firmware
z51-70_firmware
g50-80
g50-80_firmware
s41-70_firmware
flex_3-1570
edge_15
u31-70_firmware
yoga_3_14_firmware
yoga_3_14
s21e
flex_2_pro-15_firmware
g50-80_touch_v3000_firmware
u41-70
g40-80m
b50-10
g50-80_touch_firmware
yoga_3_11_firmware
flex_3-1570_firmware
g40-80_firmware
yoga_3_11

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

9.8 /10