Description
MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/lse_bios_notebook
Scores
CVSS v3
9.8
EPSS
0.0406
EPSS Percentile
88.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (27)
lenovo/b50-10_firmware
< cccn13ww\(v1.02\)
lenovo/edge_15_firmware
< a9cn46ww
lenovo/flex_2_pro-15_firmware
< a9cn46ww
lenovo/flex_3-1120_firmware
< c0cn25ww
lenovo/flex_3-1470_firmware
< bdcn30ww
lenovo/flex_3-1570_firmware
< bdcn30ww
lenovo/g40-80_firmware
< b0cn75ww
lenovo/g40-80m_firmware
< cbcn75ww
lenovo/g50-80_firmware
< b0cn75ww
lenovo/g50-80_touch_firmware
< b0cn75ww
... and 17 more
Published
Mar 27, 2020
Tracked Since
Feb 18, 2026