← Back

CVE-2023-5081

nvd nist
Published: Jan 19, 2024Modified: Nov 21, 2024

JSON object

Loading...
3.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.8 / Impact: 1.4
Source: psirt@lenovo.com (Secondary)

Description

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

Affected (4)

Lenovo
4 products
Tab M8 Hd Tb8505f Firmware
Tab M8 Hd Tb8505fs Firmware
Tab M8 Hd Tb8505x Firmware
Tab M8 Hd Tb8505xs Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tab M8 Hd Tb8505f Firmware
Before 8505f_usr_s301106_2309140042_v9.56_bmp_row
Running on/withPlatform Versions
Lenovo
Tab M8 Hd Tb8505f
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tab M8 Hd Tb8505fs Firmware
Before 8505fs_usr_s301107_2309140028_v9.56_bmp_row
Running on/withPlatform Versions
Lenovo
Tab M8 Hd Tb8505fs
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tab M8 Hd Tb8505x Firmware
Before 8505x_usr_s301129_2309141226_v9.56_bmp_row
Running on/withPlatform Versions
Lenovo
Tab M8 Hd Tb8505x
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Tab M8 Hd Tb8505xs Firmware
Before 8505xs_usr_s301077_2309140036_v9.56_bmp_row
Running on/withPlatform Versions
Lenovo
Tab M8 Hd Tb8505xs
All versions

Related CWEs

CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (2)

Source: psirt@lenovo.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.