Vulnerability Details : CVE-2008-3894
IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2008-3894
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-3894
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2008-3894
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3894
-
Lenovo 2008-11-05Lenovo has released a BIOS update to address this issue. http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-64580
- cpe:2.3:h:ibm:lenovo_7cetb5ww:2.05:*:*:*:*:*:*:*