Lenovo Archives - Security Affairs

Pierluigi Paganini November 26, 2022

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. […]

Pierluigi Paganini November 10, 2022

Lenovo warns of flaws that can be used to bypass security features

Lenovo fixed two high-severity flaws impacting various laptop models that could allow an attacker to deactivate UEFI Secure Boot. Lenovo has released security updates to address a couple of high-severity vulnerabilities impacting various ThinkBook, IdeaPad, and Yoga laptop models. An attacker can exploit the flaws to disable UEFI Secure Boot. Secure Boot is a security feature […]

Pierluigi Paganini July 13, 2022

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

IT giant Lenovo released security fixes to address three vulnerabilities that impact the UEFI firmware shipped with over 70 product models. The multinational technology company Lenovo released security fixes to address three vulnerabilities that reside in the UEFI firmware shipped with over 70 product models, including several ThinkBook models. A remote attacker can trigger these […]

Pierluigi Paganini April 19, 2022

ESET warns of three flaws that affect over 100 Lenovo notebook models

Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its notebook models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga […]

Pierluigi Paganini December 16, 2021

Flaws in Lenovo laptops allow escalating to admin privileges

The ImControllerService service of Lenovo laptops is affected by a privilege elevation bug that can allow to execute commands with admin privileges. Lenovo laptops, including ThinkPad and Yoga families, are affected by a privilege elevation issues that resides in the ImControllerService service allowing attackers to execute commands with admin privileges. The vulnerabilities, tracked as CVE-2021-3922 and CVE-2021-3969, […]

Pierluigi Paganini October 03, 2018

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Experts discovered nine vulnerabilities affecting NAS devices that could be exploited by unauthenticated attackers to access protected content. Nine flaws affecting NAS devices could be exploited by unauthenticated attackers to access protected content. The vulnerabilities are traked as CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081 and CVE-2018-9082. According to Lenovo, the flaws affect 20 models of network attached storage (NAS) devices sold by the […]

Pierluigi Paganini May 10, 2018

Lenovo releases updates to fix Secure Boot flaw in servers and other issues

Lenovo has released security patches that address the High severity vulnerability CVE-2017-3775 in the Secure Boot function on some System x servers. The standard operator configurations disable signature checking, this means that some Server x BIOS/UEFI versions do not properly authenticate signed code before booting it. “Lenovo internal testing discovered some System x server BIOS/UEFI versions that, […]

Pierluigi Paganini January 27, 2018

Hurry up, update your Lenovo Fingerprint Manager Pro if you use Windows 7, 8 and 8.1

Lenovo has fixed a hardcoded password vulnerability in Lenovo Fingerprint Manager Pro affecting a dozen laptop models running Windows 7, 8 and the 8.1 OS. The PC vendor Lenovo has fixed a hardcoded password vulnerability, tracked as (CVE-2017-3762), affecting a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 […]

Pierluigi Paganini July 04, 2017

How to chain flaws in Lenovo VIBE smartphones to gain root privileges

Researchers from Mandiant found a way to gain root privileges on Lenovo VIBE smartphones by chaining three vulnerabilities. The Lenovo VIBE smartphones were affected by security vulnerabilities that could allow an attacker with physical access to the device to gain root privileges. Researchers from Lenovo confirmed that the vulnerabilities could be exploited only on devices that […]

Pierluigi Paganini April 30, 2017

Lenovo warns of IBM Storwize shipped with infected initialization USB drives

Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo contain a malicious file. Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code. The Initialization Tool […]

Lenovo

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Lenovo warns of flaws that can be used to bypass security features

Three UEFI Firmware flaws found in tens of Lenovo Notebook models

ESET warns of three flaws that affect over 100 Lenovo notebook models

Flaws in Lenovo laptops allow escalating to admin privileges

Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack

Lenovo releases updates to fix Secure Boot flaw in servers and other issues

Hurry up, update your Lenovo Fingerprint Manager Pro if you use Windows 7, 8 and 8.1

How to chain flaws in Lenovo VIBE smartphones to gain root privileges

Lenovo warns of IBM Storwize shipped with infected initialization USB drives

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Taking over millions of developers exploiting an Open VSX Registry flaw

OneClik APT campaign targets energy sector with stealthy backdoors

APT42 impersonates cyber professionals to phish Israeli academics and journalists

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Cisco fixed critical ISE flaws allowing Root-level remote code execution

QUICK LINKS

Lenovo

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!