1. Home
  2. CVE Database
  3. CVE-2015-5684
CRITICAL · 9.8

CVE-2015-5684

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (L...

Vulnerability Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoB50-10 Firmware< cccn13ww\(v1.02\)
LenovoB50-10-
LenovoFlex 2 Pro-15 Firmware< a9cn46ww
LenovoFlex 2 Pro-15-
LenovoEdge 15 Firmware< a9cn46ww
LenovoEdge 15-
LenovoFlex 3-1470 Firmware< bdcn30ww
LenovoFlex 3-1470-
LenovoFlex 3-1570 Firmware< bdcn30ww
LenovoFlex 3-1570-
LenovoFlex 3-1120 Firmware< c0cn25ww
LenovoFlex 3-1120-
LenovoG40-80 Firmware< b0cn75ww
LenovoG40-80-
LenovoG50-80 Firmware< b0cn75ww
LenovoG50-80-
LenovoG50-80 Touch Firmware< b0cn75ww
LenovoG50-80 Touch-
LenovoG50-80 Touch V3000 Firmware< b0cn75ww
LenovoG50-80 Touch V3000-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2015-5684?

CVE-2015-5684 is a vulnerability with a CVSS score of 9.8 (CRITICAL). MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (L...

How severe is CVE-2015-5684?

CVE-2015-5684 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-5684?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo B50-10 Firmware, Lenovo B50-10, Lenovo Flex 2 Pro-15 Firmware, Lenovo Flex 2 Pro-15, Lenovo Edge 15 Firmware.