CVE-2015-5684

Name: CVE-2015-5684
Creator: NVD / NIST
Published: 2020-03-27T15:15:11.507+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 3.69%

Last modified Jun 17, 2026

CVE-2015-5684 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.. EPSS estimates a 3.69% chance of exploitation in the next 30 days.

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.69%

88.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Lenovo	B50-10 Firmware	< cccn13ww\(v1.02\)
Lenovo	Flex 2 Pro-15 Firmware	< a9cn46ww
Lenovo	Edge 15 Firmware	< a9cn46ww
Lenovo	Edge 15 Firmware	< b9cn17ww
Lenovo	Flex 2 Pro-15 Firmware	< b9cn17ww
Lenovo	Flex 3-1470 Firmware	< bdcn30ww
Lenovo	Flex 3-1570 Firmware	< bdcn30ww
Lenovo	Flex 3-1120 Firmware	< c0cn25ww
Lenovo	G40-80 Firmware	< b0cn75ww
Lenovo	G50-80 Firmware	< b0cn75ww
Lenovo	G50-80 Touch Firmware	< b0cn75ww
Lenovo	G50-80 Touch V3000 Firmware	< b0cn75ww
Lenovo	G40-80m Firmware	< cbcn75ww
Lenovo	G50-80m Firmware	< cbcn75ww
Lenovo	Ideapad 100-14iby Firmware	< v1.02_\(cccn13ww\)
Lenovo	Ideapad 100-15iby Firmware	< v1.02_\(cccn13ww\)
Lenovo	S21e Firmware	< c4cn14ww\(v1.04\)
Lenovo	S41-70 Firmware	< bdcn30ww
Lenovo	U41-70 Firmware	< bdcn30ww
Lenovo	S435 Firmware	< bbcn15ww\(v1.06\)
Lenovo	M40-35 Firmware	< bbcn15ww\(v1.06\)
Lenovo	U31-70 Firmware	< afcn30ww\(v2.02\)
Lenovo	Yoga 3 14 Firmware	< bacn33ww
Lenovo	Yoga 3 11 Firmware	< b8cn30ww\(v2.08\)
Lenovo	Y40-80 Firmware	< b5cn36ww\(v2.02\)
Lenovo	Z41-70 Firmware	< c2cn18ww\(v1.04\)
Lenovo	Z51-70 Firmware	< c2cn18ww\(v1.04\)
Lenovo	Z70-80 Firmware	< abcn75ww
Lenovo	G70-80 Firmware	< abcn75ww

References

https://support.lenovo.com/us/en/product_security/lse_bios_notebookVendor Advisory
https://support.lenovo.com/us/en/product_security/lse_bios_notebookVendor Advisory

Timeline

Published: Mar 27, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-5684?

How severe is CVE-2015-5684?

CVE-2015-5684 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 3.69% probability of exploitation in the next 30 days.

How do I fix CVE-2015-5684?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-5684?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST