Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lenovo bios - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3322
Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers prior to 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows malicious users to decrypt the passwords via unspecified vectors.
Lenovo Thinkserver Rd650 Firmware
Lenovo Thinkserver Rd650
Lenovo Thinkserver Td350 Firmware
Lenovo Thinkserver Td350
Lenovo Thinkserver Rd350 Firmware
Lenovo Thinkserver Rd350
Lenovo Thinkserver Rd550 Firmware
Lenovo Thinkserver Rd550
Lenovo Thinkserver Rd450 Firmware
Lenovo Thinkserver Rd450
4.4
CVSSv3
CVE-2022-40134
An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
Lenovo Ideacentre C5-14imb05 Firmware O4hkt38a
Lenovo Thinkcentre E96z Firmware M26kt22a
Lenovo Ideacentre 3 07iab7 Firmware M49kt1da
Lenovo Ideacentre 3-07imb05 Firmware M2vkt1da
Lenovo Ideacentre 5 14iab7 Firmware M42kt40a
Lenovo Ideacentre 5-14acn6 Firmware O5ekt21a
Lenovo Ideacentre 5-14imb05 Firmware O4hkt38a
Lenovo Ideacentre 5-14iob6 Firmware M3gkt33a
Lenovo Ideacentre Creator 5-14iob6 Firmware M3gkt33a
Lenovo Ideacentre G5-14imb05 Firmware O4hkt38a
Lenovo Ideacentre Gaming 5 17acn7 Firmware O5ekt21a
Lenovo Ideacentre Gaming 5 17iab7 Firmware M42kt40a
Lenovo Ideacentre Gaming 5-14acn6 Firmware O5ekt21a
Lenovo Ideacentre Gaming 5-14iob6 Firmware M3gkt33a
Lenovo Legion C530-19icb Firmware O4bkt20a
Lenovo Legion T5-26iob6 Firmware O54kt1da
Lenovo Legion T5-28icb05 Firmware O4bkt20a
Lenovo Legion T530-28apr Firmware O4gkt16a
Lenovo Legion T530-28icb Firmware O4bkt20a
Lenovo Legion T7-34imz5 Firmware O4lkt1ea
Lenovo Thinkcentre M60e Tiny Firmware O5fkt14a
Lenovo Thinkcentre M625q Firmware M3skt21a
6.8
CVSSv3
CVE-2020-8334
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A285, A475, A275 which may allow for unauthorized access.
Lenovo Thinkpad T495s Firmware -
Lenovo Thinkpad X395 Firmware -
Lenovo Thinkpad T495 Firmware -
Lenovo Thinkpad A485 Firmware -
Lenovo Thinkpad A285 Firmware -
Lenovo Thinkpad A475 Firmware -
Lenovo Thinkpad A275 Firmware -
6.4
CVSSv3
CVE-2017-3775
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
Lenovo Flex System X240 M5 Bios
Lenovo Flex System X280 X6 Bios
Lenovo Flex System X480 X6 Bios
Lenovo Flex System X880 Bios
Lenovo Nextscale Nx360 M5 Bios
Lenovo System X3250 M6 Bios
Lenovo System X3500 M5 Bios
Lenovo System X3550 M5 Bios
Lenovo System X3650 M5 Bios
Lenovo System X3850 X6 Bios
Lenovo System X3950 X6 Bios
6.7
CVSSv3
CVE-2021-4212
A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Lenovo C340-14iml Firmware -
Lenovo C340-15iml Firmware -
Lenovo D330-10igm Firmware -
Lenovo Duet 3-10igl5 Firmware -
Lenovo E41-50 Firmware -
Lenovo Flex-14iml Firmware -
Lenovo Flex-15iml Firmware -
Lenovo Ideapad 3-14are05 Firmware -
Lenovo Ideapad 3-15are05 Firmware -
Lenovo Ideapad 3-17are05 Firmware -
Lenovo Ideapad 5-14alc05 Firmware -
Lenovo Ideapad 5-14are05 Firmware -
Lenovo Ideapad 5-15itl05 Firmware -
Lenovo Ideapad 5 Pro-14acn6 Firmware -
Lenovo Ideapad 5 Pro-14itl6 Firmware -
Lenovo Ideapad 5 Pro-16ihu6 Firmware -
Lenovo Ideapad Creator 5-15imh05 Firmware -
Lenovo Ideapad Gaming 3-15ach6 Firmware -
Lenovo Ideapad Gaming 3-15arh05 Firmware -
Lenovo Ideapad Gaming 3-15imh05 Firmware -
Lenovo L340-15irh Firmware -
Lenovo L340-15iwl Firmware -
7.8
CVSSv3
CVE-2023-4030
A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.
Lenovo Thinkpad T15 Gen 2 Firmware -
Lenovo Thinkpad P14s Gen 2 Firmware -
Lenovo Thinkpad P15s Gen 2 Firmware -
Lenovo Thinkpad T14 Gen 2 Firmware -
1 Github repository
6.7
CVSSv3
CVE-2022-3430
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Lenovo D330-10igl Firmware
Lenovo Ideapad 5 Pro 16iah7 Firmware
Lenovo Ideapad 5 Pro 16arh7 Firmware
Lenovo Ideapad Duet 3 10igl5 Firmware
Lenovo Slim 7 16arh7 Firmware
Lenovo Thinkbook 15p Imp Firmware
Lenovo Slim 7-14are05 Firmware
Lenovo Ideapad Slim 7-14iil05 Firmware
Lenovo Ideapad Slim 7-14itl05 Firmware
Lenovo Ideapad Slim 7-15iil05 Firmware
Lenovo Slim 7-15imh05 Firmware
Lenovo Slim 7-15itl05 Firmware
Lenovo Thinkbook 13x Itg Firmware
Lenovo Thinkbook 14 G2 Are Firmware
Lenovo Thinkbook 14 G2 Itl Firmware
Lenovo Thinkbook 14 G3 Acl Firmware
Lenovo Thinkbook 14 G3 Itl Firmware
Lenovo Thinkbook 14 G4\\+ Ara Firmware
Lenovo Thinkbook 14 G4\\+ Iap Firmware
Lenovo Thinkbook 14p G3 Arh Firmware
Lenovo Thinkbook 14s Yoga Itl Firmware
Lenovo Thinkbook 15 G2 Are Firmware
6.8
CVSSv3
CVE-2021-3614
A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Lenovo Ideapad 1-11ada05 Firmware Fqcn19ww
Lenovo Ideapad 1-14ada05 Firmware Fqcn19ww
Lenovo V130-15ikb Firmware -
Lenovo 100e 2nd Gen Firmware -
Lenovo 300e 2nd Gen Firmware -
Lenovo Ideapad 730-13iml Firmware -
Lenovo Ideapad Flex 5-14alc05 Firmware -
Lenovo Ideapad Flex 5-15alc05 Firmware -
Lenovo Ideapad 1-11igl05 Firmware -
Lenovo Ideapad 1-14igl05 Firmware -
Lenovo Ideapad S940-14iil Firmware -
Lenovo Ideapad S940-14iwl Firmware -
Lenovo Ideapad Slim 1-11ast-05 Firmware -
Lenovo Ideapad Slim 1-14ast-05 Firmware -
Lenovo V130-15igm Firmware -
Lenovo V330-15ikb Firmware -
Lenovo V330-15isk Firmware -
Lenovo Ideapad Yoga C940-15irh Firmware -
Lenovo Ideapad Yoga S730-13iml Firmware -
Lenovo Ideapad Yoga S940-14iil Firmware -
Lenovo Ideapad Yoga S940-14iwl Firmware -
4.6
CVSSv3
CVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Lenovo Thinkpad Helix Firmware N17etb4w
Lenovo Thinkpad T550 Firmware N11et53w
Lenovo Thinkpad W550s Firmware N11et53w
Lenovo Thinkpad X1 Carbon 3rd Gen Firmware N14et55w
Lenovo Thinkpad X250 Firmware N10et62w
Lenovo Thinkpad Yoga 15 Firmware N19et65w
Lenovo 730s-13iml Firmware -
Lenovo Ideapad 1-11igl05 Firmware -
Lenovo Ideapad 1-14igl05 Firmware -
Lenovo Ideapad S940-14iil Firmware -
Lenovo Ideapad S940-14iwl Firmware -
Lenovo Ideapad Slim 1-11ast-05 Firmware -
Lenovo Ideapad Slim 1-14ast-05 Firmware -
Lenovo V130-15igm Firmware -
Lenovo V330-15ikb Firmware -
Lenovo V330-15isk Firmware -
Lenovo Yoga S730-13iml Firmware -
Lenovo Yoga S940-14iil Firmware -
Lenovo Yoga S940-14iwl Firmware -
Lenovo Ideacentre Aio 5-24imb05 Firmware
Lenovo Ideacentre Aio 5-74imb05 Firmware
2.4
CVSSv3
CVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for ...
Lenovo Thinkpad T490 \\(20nx\\) Firmware
Lenovo Thinkpad T490 \\(20qx\\) Firmware
Lenovo Thinkpad T490 \\(20rx\\) Firmware
Lenovo Thinkpad T490s \\(20nx\\) Firmware
Lenovo Thinkpad T495 Drift Firmware
Lenovo Thinkpad T590 \\(20nx\\) Firmware
Lenovo Thinkpad X1 Carbon \\(20qx\\) Firmware
Lenovo Thinkpad X1 Yoga \\(20qx\\) Firmware
Lenovo Thinkpad X390 \\(20qx\\) Firmware
Lenovo Thinkpad X390 \\(20sx\\) Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »