CVE & CISA-KEV Catalog

CVE-2015-5684

CRITICALEPSS 88th pctl
9.8
CVSS v3
NVD

Description

MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.

How to fix

Remediation Available
b50-10 firmwareNVD
Affected:< cccn13ww(v1.02)Fixed in:cccn13ww(v1.02)CVE-2015-5684derived from NVD
edge 15 firmwareNVD
Affected:< b9cn17wwFixed in:b9cn17wwCVE-2015-5684derived from NVD
flex 2 pro-15 firmwareNVD
Affected:< b9cn17wwFixed in:b9cn17wwCVE-2015-5684derived from NVD
flex 3-1120 firmwareNVD
Affected:< c0cn25wwFixed in:c0cn25wwCVE-2015-5684derived from NVD
flex 3-1470 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
flex 3-1570 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
g40-80 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g40-80m firmwareNVD
Affected:< cbcn75wwFixed in:cbcn75wwCVE-2015-5684derived from NVD
g50-80 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80 touch firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80 touch v3000 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80m firmwareNVD
Affected:< cbcn75wwFixed in:cbcn75wwCVE-2015-5684derived from NVD
g70-80 firmwareNVD
Affected:< abcn75wwFixed in:abcn75wwCVE-2015-5684derived from NVD
ideapad 100-14iby firmwareNVD
Affected:< v1.02_(cccn13ww)Fixed in:v1.02_(cccn13ww)CVE-2015-5684derived from NVD
ideapad 100-15iby firmwareNVD
Affected:< v1.02_(cccn13ww)Fixed in:v1.02_(cccn13ww)CVE-2015-5684derived from NVD
m40-35 firmwareNVD
Affected:< bbcn15ww(v1.06)Fixed in:bbcn15ww(v1.06)CVE-2015-5684derived from NVD
s21e firmwareNVD
Affected:< c4cn14ww(v1.04)Fixed in:c4cn14ww(v1.04)CVE-2015-5684derived from NVD
s41-70 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
s435 firmwareNVD
Affected:< bbcn15ww(v1.06)Fixed in:bbcn15ww(v1.06)CVE-2015-5684derived from NVD
u31-70 firmwareNVD
Affected:< afcn30ww(v2.02)Fixed in:afcn30ww(v2.02)CVE-2015-5684derived from NVD
u41-70 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
y40-80 firmwareNVD
Affected:< b5cn36ww(v2.02)Fixed in:b5cn36ww(v2.02)CVE-2015-5684derived from NVD
yoga 3 11 firmwareNVD
Affected:< b8cn30ww(v2.08)Fixed in:b8cn30ww(v2.08)CVE-2015-5684derived from NVD
yoga 3 14 firmwareNVD
Affected:< bacn33wwFixed in:bacn33wwCVE-2015-5684derived from NVD
z41-70 firmwareNVD
Affected:< c2cn18ww(v1.04)Fixed in:c2cn18ww(v1.04)CVE-2015-5684derived from NVD
z51-70 firmwareNVD
Affected:< c2cn18ww(v1.04)Fixed in:c2cn18ww(v1.04)CVE-2015-5684derived from NVD
z70-80 firmwareNVD
Affected:< abcn75wwFixed in:abcn75wwCVE-2015-5684derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

3.69%probability of exploitation in 30 days
88thpercentile

Elevated risk: more likely to be exploited than 88% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-120 (Classic Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2014-0195Medium6.8100%-Fix
CVE-2017-7269Critical9.8100%KEV-
CVE-2019-11043High8.799%KEV + RansomFix
CVE-2011-4862High10.095%-Fix
CVE-2007-5659High7.894%KEVFix
CVE-2022-3786High7.591%-Fix
Embed a live status badge for CVE-2015-5684
CVE-2015-5684 severity badge

Markdown

[![CVE-2015-5684](https://tridentstack.com/cve/badge/CVE-2015-5684.svg)](https://tridentstack.com/cve/CVE-2015-5684)

HTML

<a href="https://tridentstack.com/cve/CVE-2015-5684"><img src="https://tridentstack.com/cve/badge/CVE-2015-5684.svg" alt="CVE-2015-5684"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.