MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A buffer overflow vulnerability was reported, (fixed and publicly disclosed in 2015) in the Lenovo Service Engine (LSE), affecting various versions of BIOS for Lenovo Notebooks, that could allow a remote user to execute arbitrary code on the system.
Affected:< cccn13ww(v1.02)Fixed in:cccn13ww(v1.02)CVE-2015-5684derived from NVD
edge 15 firmwareNVD
Affected:< b9cn17wwFixed in:b9cn17wwCVE-2015-5684derived from NVD
flex 2 pro-15 firmwareNVD
Affected:< b9cn17wwFixed in:b9cn17wwCVE-2015-5684derived from NVD
flex 3-1120 firmwareNVD
Affected:< c0cn25wwFixed in:c0cn25wwCVE-2015-5684derived from NVD
flex 3-1470 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
flex 3-1570 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
g40-80 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g40-80m firmwareNVD
Affected:< cbcn75wwFixed in:cbcn75wwCVE-2015-5684derived from NVD
g50-80 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80 touch firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80 touch v3000 firmwareNVD
Affected:< b0cn75wwFixed in:b0cn75wwCVE-2015-5684derived from NVD
g50-80m firmwareNVD
Affected:< cbcn75wwFixed in:cbcn75wwCVE-2015-5684derived from NVD
g70-80 firmwareNVD
Affected:< abcn75wwFixed in:abcn75wwCVE-2015-5684derived from NVD
ideapad 100-14iby firmwareNVD
Affected:< v1.02_(cccn13ww)Fixed in:v1.02_(cccn13ww)CVE-2015-5684derived from NVD
ideapad 100-15iby firmwareNVD
Affected:< v1.02_(cccn13ww)Fixed in:v1.02_(cccn13ww)CVE-2015-5684derived from NVD
m40-35 firmwareNVD
Affected:< bbcn15ww(v1.06)Fixed in:bbcn15ww(v1.06)CVE-2015-5684derived from NVD
s21e firmwareNVD
Affected:< c4cn14ww(v1.04)Fixed in:c4cn14ww(v1.04)CVE-2015-5684derived from NVD
s41-70 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
s435 firmwareNVD
Affected:< bbcn15ww(v1.06)Fixed in:bbcn15ww(v1.06)CVE-2015-5684derived from NVD
u31-70 firmwareNVD
Affected:< afcn30ww(v2.02)Fixed in:afcn30ww(v2.02)CVE-2015-5684derived from NVD
u41-70 firmwareNVD
Affected:< bdcn30wwFixed in:bdcn30wwCVE-2015-5684derived from NVD
y40-80 firmwareNVD
Affected:< b5cn36ww(v2.02)Fixed in:b5cn36ww(v2.02)CVE-2015-5684derived from NVD
yoga 3 11 firmwareNVD
Affected:< b8cn30ww(v2.08)Fixed in:b8cn30ww(v2.08)CVE-2015-5684derived from NVD
yoga 3 14 firmwareNVD
Affected:< bacn33wwFixed in:bacn33wwCVE-2015-5684derived from NVD
z41-70 firmwareNVD
Affected:< c2cn18ww(v1.04)Fixed in:c2cn18ww(v1.04)CVE-2015-5684derived from NVD
z51-70 firmwareNVD
Affected:< c2cn18ww(v1.04)Fixed in:c2cn18ww(v1.04)CVE-2015-5684derived from NVD
z70-80 firmwareNVD
Affected:< abcn75wwFixed in:abcn75wwCVE-2015-5684derived from NVD
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploit Intelligence
3.69%probability of exploitation in 30 days
88thpercentile
Elevated risk: more likely to be exploited than 88% of all known CVEs.
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.