Strix
26.1K

CVE-2023-43576

MEDIUMCVSS 6.7/10EPSS 0.23%

Last modified

CVE-2023-43576 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.23%

13.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre C5-14imb05 Firmware< o4hkt3ca
LenovoIdeacentre 3-07ada05 Firmware< o4fkt39a
LenovoIdeacentre 3-07imb05 Firmware< m2vkt21a
LenovoIdeacentre 5 14iab7 Firmware< m42kt46a
LenovoIdeacentre 5 14irb8 Firmware< m4ukt36a
LenovoIdeacentre 5-14acn6 FirmwareAll versions
LenovoIdeacentre T540-15ama G FirmwareAll versions
LenovoThinkcentre Neo 70t Gen 3 Firmware< m40kt45a
LenovoThinkcentre Neo 50t Gen 3 Firmware< m42kt46a
LenovoThinkcentre Neo 50a 24 Gen 4 Firmware< o5xkt18a
LenovoThinkcentre Neo 50a 24 Gen 3 Firmware< o5rkt41a
LenovoThinkcentre Neo 30a 27 Gen 4 Firmware< o5nkt33a
LenovoThinkcentre Neo 30a 27 Gen 4 Firmwareo5nkt33a
LenovoThinkcentre Neo 30a 27 Gen 3 Firmware< o5nkt33a
LenovoThinkcentre Neo 30a 24 Gen 4 Firmware< o5nkt33a
LenovoThinkcentre Neo 30a 24 Gen 3 Firmware< o5nkt33a
LenovoThinkcentre Neo 30a 22 Gen 4 Firmware< o5nkt33a
LenovoThinkcentre Neo 30a 22 Gen 3 Firmware< o5nkt33a
LenovoThinkcentre M920z All-In-One Firmware< m1mkt56a
LenovoThinkcentre M90t Gen 3 Firmware< m40kt45a
LenovoThinkcentre M90t Firmware< m2tkt55a
LenovoThinkcentre M90s Gen 3 Firmware< m40kt45a
LenovoThinkcentre M90s Firmware< m2tkt55a
LenovoThinkcentre M90q Tiny FirmwareAll versions
LenovoThinkcentre M90q Gen 3 FirmwareAll versions
LenovoThinkcentre M90q Gen 2 FirmwareAll versions
LenovoThinkcentre M90a Pro Gen 3 Firmware< m4hkt1da
LenovoThinkcentre M90a Gen 3 Firmware< m4ikt1da
LenovoThinkcentre M90a Gen 2 Firmware< m3lkt2aa
LenovoThinkcentre M90a Firmware< m2rkt57a
LenovoThinkcentre M80t Gen 3 Firmware< m40kt45a
LenovoThinkcentre M80t Firmware< m2tkt55a
LenovoThinkcentre M80s Gen 3 Firmware< m40kt45a
LenovoThinkcentre M80s Firmware< m2tkt55a
LenovoThinkcentre M80q Gen 3 FirmwareAll versions
LenovoThinkcentre M80q FirmwareAll versions
LenovoThinkcentre M75t Gen 2 FirmwareAll versions
LenovoThinkcentre M75s Gen 2 FirmwareAll versions
LenovoThinkcentre M75q Gen 2 FirmwareAll versions
LenovoThinkcentre M75n Firmware< m33kt29a
LenovoThinkcentre M70t Gen 3 Firmware< m41kt45a
LenovoThinkcentre M70t Firmware< m2tkt55a
LenovoThinkcentre M70s Gen 3 Firmware< m41kt45a
LenovoThinkcentre M70s Firmware< m2tkt55a
LenovoThinkcentre M70q Gen 2 FirmwareAll versions
LenovoThinkcentre M70q FirmwareAll versions
LenovoThinkcentre M70c Firmware< m2vkt21a
LenovoThinkcentre M70a Gen 3 FirmwareAll versions
LenovoThinkcentre M630e Firmware< m28kt42a
LenovoThinkcentre M625q FirmwareAll versions

Showing 50 of 113 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-43576?
A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
How severe is CVE-2023-43576?
CVE-2023-43576 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.
How do I fix CVE-2023-43576?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-43576?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST