CVE-2023-5081 - OpenCVE

An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	Tab M8 Hd Tb8505f Tab M8 Hd Tb8505f Firmware Tab M8 Hd Tb8505fs Tab M8 Hd Tb8505fs Firmware Tab M8 Hd Tb8505x Tab M8 Hd Tb8505x Firmware Tab M8 Hd Tb8505xs Tab M8 Hd Tb8505xs Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.lenovo.com/us/en/product_security/LEN-142135

History

Mon, 16 Sep 2024 15:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Mon, 16 Sep 2024 15:15:00 +0000

Type	Values Removed	Values Added
Description	An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.	An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.
Weaknesses		CWE-497

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2024-01-19T20:07:36.051Z

Updated: 2024-09-16T14:53:54.587Z

Reserved: 2023-09-19T21:01:59.167Z

Link: CVE-2023-5081

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-19T20:15:12.230

Modified: 2024-09-16T15:15:15.767

Link: CVE-2023-5081

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5081", "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "state": "PUBLISHED", "assignerShortName": "lenovo", "dateReserved": "2023-09-19T21:01:59.167Z", "datePublished": "2024-01-19T20:07:36.051Z", "dateUpdated": "2024-09-16T14:53:54.587Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Tablet", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lenovo thanks Ryan Johnson and Mohamed Elsabagh of Quokka for reporting this issue."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier."}], "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo", "dateUpdated": "2024-09-16T14:53:54.587Z"}, "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-142135"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:</span>\n\n<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-142135\">https://support.lenovo.com/us/en/product_security/LEN-142135</a><br>"}], "value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory:\n\n\n https://support.lenovo.com/us/en/product_security/LEN-142135"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.804Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-142135", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505f_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1600932-86AD-4062-9BBE-7E05823E0841", "versionEndExcluding": "8505f_usr_s301106_2309140042_v9.56_bmp_row", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505f:-:*:*:*:*:*:*:*", "matchCriteriaId": "C36249B8-17F5-4C84-80DA-D53B15ECB132", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505fs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25FEBB11-E2A9-4BF2-A4EA-864EA28D4428", "versionEndExcluding": "8505fs_usr_s301107_2309140028_v9.56_bmp_row", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505fs:-:*:*:*:*:*:*:*", "matchCriteriaId": "F11D4E8A-9D72-424F-A9EF-8DFD7CC6B373", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE24D7D6-76BC-4FDA-9A20-D2367C6C7BB8", "versionEndExcluding": "8505x_usr_s301129_2309141226_v9.56_bmp_row", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505x:-:*:*:*:*:*:*:*", "matchCriteriaId": "1181F5AF-6A77-4B24-A8AD-41940D344829", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:tab_m8_hd_tb8505xs_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2687A841-CF4C-4DD9-A9F5-F18AD3A8144D", "versionEndExcluding": "8505xs_usr_s301077_2309140036_v9.56_bmp_row", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:tab_m8_hd_tb8505xs:-:*:*:*:*:*:*:*", "matchCriteriaId": "D690DD9B-767A-4487-8F81-E527E4838989", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. "}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Lenovo Tab M8 HD que podr\u00eda permitir que una aplicaci\u00f3n local recopile un identificador de dispositivo no reiniciable."}], "id": "CVE-2023-5081", "lastModified": "2024-09-16T15:15:15.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "psirt@lenovo.com", "type": "Primary"}]}, "published": "2024-01-19T20:15:12.230", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-142135"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@lenovo.com", "type": "Secondary"}]}