Potential BIOS Update Tool Vulnerability Could Allow Local User Execution of Arbitrary Code
CVE-2023-25493

6.7MEDIUM

Key Information:

Vendor: Lenovo
Status: BiOS
Vendor: CVE Published:; 5 April 2024

What is CVE-2023-25493?

A vulnerability has been identified in the BIOS update tool driver used in several Lenovo products, including Desktop models, Smart Edge, Smart Office, and ThinkStation lines. This vulnerability could provide a local user with elevated privileges the opportunity to execute arbitrary code, potentially compromising the system's integrity and security. It is crucial for users to stay informed and apply the necessary security updates to mitigate risks associated with this issue.

Affected Version(s)

BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-141775

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2024

Credit

Lenovo thanks Souhardya Sardar of Cyberstanc for reporting this issue.