Vulnerability Description
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lenovo | Smart Clock Essential With Alexa Built In Firmware | < 90 |
| Lenovo | Smart Clock Essential With Alexa Built In | - |
Related Weaknesses (CWE)
References
- https://support.lenovo.com/us/en/product_security/LEN-113714Vendor Advisory
- https://support.lenovo.com/us/en/product_security/LEN-113714Vendor Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1692
FAQ
What is CVE-2023-0896?
CVE-2023-0896 is a vulnerability with a CVSS score of 8.8 (HIGH). A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
How severe is CVE-2023-0896?
CVE-2023-0896 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0896?
Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Smart Clock Essential With Alexa Built In Firmware, Lenovo Smart Clock Essential With Alexa Built In.