CVE-2023-4030 - OpenCVE

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	Thinkpad P14s Gen 2 Firmware Thinkpad P15s Gen 2 Firmware Thinkpad T14 Gen 2 Thinkpad T15 Gen 2 Firmware Thinkpad T15 Gen 2 Thinkpad P14s Gen 2 Thinkpad T14 Gen 2 Firmware Thinkpad P15s Gen 2

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t15_gen_2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t15_gen_2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p15s_gen_2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p15s_gen_2:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-134879	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: lenovo

Published: 2023-08-17T16:48:47.172Z

Updated: 2023-08-17T16:48:47.172Z

Reserved: 2023-07-31T16:54:49.207Z

Link: CVE-2023-4030

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-17T17:15:10.403

Modified: 2023-08-24T20:29:39.293

Link: CVE-2023-4030

JSON object: View

Redhat Information

No data.

CWE

CWE-636

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4030", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-07-31T16:54:49.207Z", "datePublished": "2023-08-17T16:48:47.172Z", "dateUpdated": "2023-08-17T16:48:47.172Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ThinkPad", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."}], "value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-636", "description": "CWE-636: Not Failing Securely ('Failing Open')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2023-08-17T16:48:47.172Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-134879"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."}], "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-134879."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t15_gen_2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "44ECDB6C-F7B1-46AD-A0D3-41C5BDC3A6A6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t15_gen_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF9FB9A3-B1B5-42FF-9B07-0245E54237E3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_p14s_gen_2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "68E8C048-B2DE-4167-ABDA-D8B429699A98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE970F53-856F-4DFF-B845-A8C5A8B14C90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_p15s_gen_2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2764465A-3477-4ABB-98B0-CD356CA35A0F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_p15s_gen_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4AE8F28-A87C-4F62-951D-92EE9952E4B1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t14_gen_2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FC7DE47A-4C00-4BE8-ABA5-294B9BAD5F41", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD6A601D-0427-453F-B4A8-4EB9C18A58C6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt."}, {"lang": "es", "value": "Se ha reportado una vulnerabilidad en BIOS en ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, y T15 Gen 2 que podr\u00eda hacer que el sistema se recupere en configuraciones inseguras si el BIOS se corrompe."}], "id": "CVE-2023-4030", "lastModified": "2023-08-24T20:29:39.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}]}, "published": "2023-08-17T17:15:10.403", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-134879"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-636"}], "source": "psirt@lenovo.com", "type": "Primary"}]}