CVE-2023-4030 : A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Ge

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

Published 2023-08-17 17:15:10

Updated 2023-08-17 18:54:21

Source Lenovo Group Ltd.

View at NVD, CVE.org

Products affected by CVE-2023-4030

We don't have affected product information for this CVE yet

Exploit prediction scoring system (EPSS) score for CVE-2023-4030

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 23 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4030

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.4	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	2.5	5.9	Lenovo Group Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-4030

CWE-636 Not Failing Securely ('Failing Open')

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

Assigned by: psirt@lenovo.com (Primary)

References for CVE-2023-4030

https://support.lenovo.com/us/en/product_security/LEN-134879

Multi-vendor BIOS Security Vulnerabilities (August 2023) - Lenovo Support US

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-4030

Products affected by CVE-2023-4030

Exploit prediction scoring system (EPSS) score for CVE-2023-4030

CVSS scores for CVE-2023-4030

CWE ids for CVE-2023-4030

References for CVE-2023-4030