CVE-2023-34419 — MEDIUM (6.7)

Q: What is CVE-2023-34419?

CVE-2023-34419 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

Q: How severe is CVE-2023-34419?

CVE-2023-34419 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-34419?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Legion 5 Pro 16Iah7H Firmware, Lenovo Legion 5 Pro 16Iah7H, Lenovo Legion 5 Pro 16Iah7 Firmware, Lenovo Legion 5 Pro 16Iah7, Lenovo Legion 5 Pro 16Arh7 Firmware.

Vulnerability Description

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Legion 5 Pro 16Iah7H Firmware	< j2cn51ww
Lenovo	Legion 5 Pro 16Iah7H	-
Lenovo	Legion 5 Pro 16Iah7 Firmware	< j2cn51ww
Lenovo	Legion 5 Pro 16Iah7	-
Lenovo	Legion 5 Pro 16Arh7 Firmware	-
Lenovo	Legion 5 Pro 16Arh7	-
Lenovo	Legion 5 Pro 16Arh7H Firmware	-
Lenovo	Legion 5 Pro 16Arh7H	-
Lenovo	Legion 5 15Arh7 Firmware	-
Lenovo	Legion 5 15Arh7	-
Lenovo	Legion 5 15Arh7H Firmware	-
Lenovo	Legion 5 15Arh7H	-
Lenovo	Legion 5 15Iah7H Firmware	< j2cn51ww
Lenovo	Legion 5 15Iah7H	-
Lenovo	Legion 5 15Iah7 Firmware	< j2cn51ww
Lenovo	Legion 5 15Iah7	-
Lenovo	Legion 5 Pro-16Ach6 Firmware	-
Lenovo	Legion 5 Pro-16Ach6	-
Lenovo	Legion 5 Pro-16Ach6H Firmware	-
Lenovo	Legion 5 Pro-16Ach6H	-

Related Weaknesses (CWE)

CWE-120

References

https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-134879Vendor Advisory

FAQ

What is CVE-2023-34419?

CVE-2023-34419 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.

How severe is CVE-2023-34419?

CVE-2023-34419 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-34419?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Legion 5 Pro 16Iah7H Firmware, Lenovo Legion 5 Pro 16Iah7H, Lenovo Legion 5 Pro 16Iah7 Firmware, Lenovo Legion 5 Pro 16Iah7, Lenovo Legion 5 Pro 16Arh7 Firmware.