CVE-2023-5080

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-142135	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:tab_p11_pro_gen_2_tb132fu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_p11_pro_gen_2_tb132fu:-:*:*:*:*:*:*:*

History

16 Sep 2024, 15:15

Type	Values Removed	Values Added
CWE	~~CWE-269~~	CWE-266

26 Jan 2024, 16:02

Type	Values Removed	Values Added
First Time		Lenovo tab P11 Pro Gen 2 Tb132fu Lenovo tab M8 Hd Tb8505f Firmware Lenovo tab M8 Hd Tb8505fs Firmware Lenovo tab M8 Hd Tb8505f Lenovo tab M8 Hd Tb8505fs Lenovo tab M8 Hd Tb8505xs Lenovo tab M10 Plus Gen 3 Tb125fu Firmware Lenovo tab M8 Hd Tb8505xs Firmware Lenovo tab M10 Plus Gen 3 Tb125fu Lenovo tab M8 Hd Tb8505x Lenovo tab P11 Pro Gen 2 Tb132fu Firmware Lenovo Lenovo tab M8 Hd Tb8505x Firmware
CWE	~~CWE-269~~	NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~6.8~~	v2 : unknown v3 : 7.8
References	~~() https://support.lenovo.com/us/en/product_security/LEN-142135 -~~	() https://support.lenovo.com/us/en/product_security/LEN-142135 - Vendor Advisory
CPE		cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:::::::* cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:::::::: cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:::::::: cpe:2.3:o:lenovo:tab_p11_pro_gen_2_tb132fu_firmware:::::::: cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:::::::* cpe:2.3:h:lenovo:tab_p11_pro_gen_2_tb132fu:-:::::::* cpe:2.3:h:lenovo:tab_m10_plus_gen_3_tb125fu:-:::::::* cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:::::::* cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:::::::* cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:::::::: cpe:2.3:o:lenovo:tab_m10_plus_gen_3_tb125fu_firmware:::::::: cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware::::::::

19 Jan 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-19 20:15

Updated : 2024-09-16 15:15

NVD link : CVE-2023-5080

Mitre link : CVE-2023-5080

CVE.ORG link : CVE-2023-5080

JSON object : View

Products Affected

lenovo

tab_m8_hd_tb8505x_firmware
tab_m10_plus_gen_3_tb125fu_firmware
tab_m8_hd_tb8505x
tab_m8_hd_tb8505fs
tab_m8_hd_tb8505f_firmware
tab_m8_hd_tb8505xs
tab_p11_pro_gen_2_tb132fu_firmware
tab_m10_plus_gen_3_tb125fu
tab_m8_hd_tb8505fs_firmware
tab_m8_hd_tb8505xs_firmware
tab_p11_pro_gen_2_tb132fu
tab_m8_hd_tb8505f

CWE

NVD-CWE-noinfo CWE-266

Incorrect Privilege Assignment

7.8 /10