Sign-up

ID

VAR-202003-1194


CVE

CVE-2015-5684


TITLE

Lenovo Service Engine Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008633

DESCRIPTION

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system. Lenovo Service Engine (LSE) Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Multiple products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2015-5684 // JVNDB: JVNDB-2015-008633 // BID: 76416 // VULMON: CVE-2015-5684

AFFECTED PRODUCTS

vendor:lenovomodel:g40-80scope:ltversion:b0cn75ww

Trust: 1.0

vendor:lenovomodel:g50-80 touch v3000scope:ltversion:b0cn75ww

Trust: 1.0

vendor:lenovomodel:flex 2 pro-15scope:ltversion:b9cn17ww

Trust: 1.0

vendor:lenovomodel:flex 3-1120scope:ltversion:c0cn25ww

Trust: 1.0

vendor:lenovomodel:z41-70scope:ltversion:c2cn18ww\(v1.04\)

Trust: 1.0

vendor:lenovomodel:ideapad 100-15ibyscope:ltversion:v1.02_\(cccn13ww\)

Trust: 1.0

vendor:lenovomodel:m40-35scope:ltversion:bbcn15ww\(v1.06\)

Trust: 1.0

vendor:lenovomodel:g50-80 touchscope:ltversion:b0cn75ww

Trust: 1.0

vendor:lenovomodel:flex 3-1570scope:ltversion:bdcn30ww

Trust: 1.0

vendor:lenovomodel:yoga 3 14scope:ltversion:bacn33ww

Trust: 1.0

vendor:lenovomodel:s435scope:ltversion:bbcn15ww\(v1.06\)

Trust: 1.0

vendor:lenovomodel:ideapad 100-14ibyscope:ltversion:v1.02_\(cccn13ww\)

Trust: 1.0

vendor:lenovomodel:flex 2 pro-15scope:ltversion:a9cn46ww

Trust: 1.0

vendor:lenovomodel:edge 15scope:ltversion:b9cn17ww

Trust: 1.0

vendor:lenovomodel:g50-80mscope:ltversion:cbcn75ww

Trust: 1.0

vendor:lenovomodel:g40-80mscope:ltversion:cbcn75ww

Trust: 1.0

vendor:lenovomodel:flex 3-1470scope:ltversion:bdcn30ww

Trust: 1.0

vendor:lenovomodel:y40-80scope:ltversion:b5cn36ww\(v2.02\)

Trust: 1.0

vendor:lenovomodel:u41-70scope:ltversion:bdcn30ww

Trust: 1.0

vendor:lenovomodel:g50-80scope:ltversion:b0cn75ww

Trust: 1.0

vendor:lenovomodel:s41-70scope:ltversion:bdcn30ww

Trust: 1.0

vendor:lenovomodel:s21escope:ltversion:c4cn14ww\(v1.04\)

Trust: 1.0

vendor:lenovomodel:g70-80scope:ltversion:abcn75ww

Trust: 1.0

vendor:lenovomodel:edge 15scope:ltversion:a9cn46ww

Trust: 1.0

vendor:lenovomodel:u31-70scope:ltversion:afcn30ww\(v2.02\)

Trust: 1.0

vendor:lenovomodel:z51-70scope:ltversion:c2cn18ww\(v1.04\)

Trust: 1.0

vendor:lenovomodel:z70-80scope:ltversion:abcn75ww

Trust: 1.0

vendor:lenovomodel:yoga 3 11scope:ltversion:b8cn30ww\(v2.08\)

Trust: 1.0

vendor:lenovomodel:b50-10scope:ltversion:cccn13ww\(v1.02\)

Trust: 1.0

vendor:lenovomodel:b50-10scope: - version: -

Trust: 0.8

vendor:lenovomodel:edge 15scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex 2 pro-15scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex 3-1120scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex 3-1470scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex 3-1570scope: - version: -

Trust: 0.8

vendor:lenovomodel:g40-80scope: - version: -

Trust: 0.8

vendor:lenovomodel:g50-80 touch v3000scope: - version: -

Trust: 0.8

vendor:lenovomodel:g50-80 touchscope: - version: -

Trust: 0.8

vendor:lenovomodel:g50-80scope: - version: -

Trust: 0.8

vendor:lenovomodel:flex pro-15scope:eqversion:20

Trust: 0.6

vendor:lenovomodel:edgescope:eqversion:150

Trust: 0.6

vendor:lenovomodel:z70-80scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z51-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z50-75scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z50-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z41-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z40-75scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:z40-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt s4040scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt s4030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt s4005scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt s2000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt m2620nscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yt a7700kscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yoga3scope:eqversion:140

Trust: 0.3

vendor:lenovomodel:yoga2pro-13scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:yogascope:eqversion:3110

Trust: 0.3

vendor:lenovomodel:y50-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:y430pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:y40-80scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:y40-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:x315scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:x310scope:eqversion:0

Trust: 0.3

vendor:lenovomodel: - scope:eqversion:v30000

Trust: 0.3

vendor:lenovomodel:u430touchscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:u430pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:u41-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:u330touchscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:u330pscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:service enginescope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s435scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s415scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s410scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s41-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s40-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s310scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s21escope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s20-30 touchscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:s20-30scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:m7100nscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:m5790nscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:m5310nscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:m40-35scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:horizon2scope:eqversion:270

Trust: 0.3

vendor:lenovomodel:horizon 2sscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:h5055scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:h5050scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:h5000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:h3050scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:h3000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g70-80scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g510scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g5055scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g5050scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g5000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g50-80scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g50-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g50-45scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g50-30scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g410scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g40-80scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g40-70scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g40-45scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:g40-30scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:flex2scope:eqversion:150

Trust: 0.3

vendor:lenovomodel:flex2scope:eqversion:140

Trust: 0.3

vendor:lenovomodel:flexscope:eqversion:3-15700

Trust: 0.3

vendor:lenovomodel:flexscope:eqversion:3-14700

Trust: 0.3

vendor:lenovomodel:flexscope:eqversion:3-11200

Trust: 0.3

vendor:lenovomodel:flexscope:eqversion:100

Trust: 0.3

vendor:lenovomodel:f5055scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:f5050scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:f5000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:edgescope:eqversion:71

Trust: 0.3

vendor:lenovomodel:e10-30scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:d5055scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:d5050scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:d3000scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c5030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c4030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c4005scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c260scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c2030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:c2005scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:b750scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:b5035scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:b5030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:b4030scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:a740scope:eqversion:0

Trust: 0.3

vendor:lenovomodel:a5700kscope:eqversion:0

Trust: 0.3

vendor:lenovomodel:a540scope:eqversion:0

Trust: 0.3

vendor:hpmodel:workstations z82scope:eqversion:0

Trust: 0.3

vendor:hpmodel:workstations z620scope:eqversion:0

Trust: 0.3

vendor:hpmodel:workstations z420scope:eqversion:0

Trust: 0.3

vendor:hpmodel:workstations z220scope:eqversion:0

Trust: 0.3

vendor:hpmodel:workstations z1scope:eqversion:0

Trust: 0.3

vendor:hpmodel:probook sscope:eqversion:0

Trust: 0.3

vendor:hpmodel:probook mscope:eqversion:0

Trust: 0.3

vendor:hpmodel:probook bscope:eqversion:0

Trust: 0.3

vendor:hpmodel:elitebook p seriesscope:eqversion:0

Trust: 0.3

vendor:hpmodel:elitebook 8770wscope:eqversion:0

Trust: 0.3

vendor:hpmodel:elitebook 8570wscope:eqversion:0

Trust: 0.3

vendor:hpmodel:compaq elite seriesscope:eqversion:83000

Trust: 0.3

vendor:hpmodel:compaq pro seriesscope:eqversion:63050

Trust: 0.3

vendor:hpmodel:compaqscope:eqversion:63000

Trust: 0.3

sources: BID: 76416 // JVNDB: JVNDB-2015-008633 // NVD: CVE-2015-5684

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5684
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2015-008633
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201512-682
value: CRITICAL

Trust: 0.6

VULMON: CVE-2015-5684
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5684
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2015-008633
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2015-5684
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008633
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2015-5684 // JVNDB: JVNDB-2015-008633 // CNNVD: CNNVD-201512-682 // NVD: CVE-2015-5684

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2015-008633 // NVD: CVE-2015-5684

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-682

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201512-682

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008633

PATCH
title:LEN-2015-020url:https://support.lenovo.com/us/en/product_security/lse_bios_notebook
Trust: 0.8
title:Lenovo Service Engine Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=113086
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-008633 // 
            
            
            
            CNNVD: CNNVD-201512-682

EXTERNAL IDS
db:NVDid:CVE-2015-5684
Trust: 2.8
db:JVNDBid:JVNDB-2015-008633
Trust: 0.8
db:CNNVDid:CNNVD-201512-682
Trust: 0.6
db:BIDid:76416
Trust: 0.4
db:VULMONid:CVE-2015-5684
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5684 // 
            
            
            
            BID: 76416 // 
            
            
            
            JVNDB: JVNDB-2015-008633 // 
            
            
            
            CNNVD: CNNVD-201512-682 // 
            
            
            
            NVD: CVE-2015-5684

REFERENCES
url:https://support.lenovo.com/us/en/product_security/lse_bios_notebook
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2015-5684
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5684
Trust: 0.8
url:http://seclists.org/bugtraq/2015/aug/44
Trust: 0.3
url:https://support.lenovo.com/us/en/product_security/lse_bios_desktop
Trust: 0.3
url:http://h10032.www1.hp.com/ctg/manual/c03857419.pdf
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/120.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/76416
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-5684 // 
            
            
            
            BID: 76416 // 
            
            
            
            JVNDB: JVNDB-2015-008633 // 
            
            
            
            CNNVD: CNNVD-201512-682 // 
            
            
            
            NVD: CVE-2015-5684

CREDITS
Roel Schouwenberg and Microsoft
Trust: 0.9
sources:
            
            
            BID: 76416 // 
            
            
            
            CNNVD: CNNVD-201512-682

SOURCES
db:VULMONid:CVE-2015-5684
db:BIDid:76416
db:JVNDBid:JVNDB-2015-008633
db:CNNVDid:CNNVD-201512-682
db:NVDid:CVE-2015-5684

LAST UPDATE DATE
2024-11-23T22:21:14.882000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2015-5684date:2020-04-01T00:00:00
db:BIDid:76416date:2015-07-31T00:00:00
db:JVNDBid:JVNDB-2015-008633date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-201512-682date:2020-04-03T00:00:00
db:NVDid:CVE-2015-5684date:2024-11-21T02:33:37.920

SOURCES RELEASE DATE
db:VULMONid:CVE-2015-5684date:2020-03-27T00:00:00
db:BIDid:76416date:2015-07-31T00:00:00
db:JVNDBid:JVNDB-2015-008633date:2020-04-17T00:00:00
db:CNNVDid:CNNVD-201512-682date:2015-07-31T00:00:00
db:NVDid:CVE-2015-5684date:2020-03-27T15:15:11.507