Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5080

A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.8, requiring local system access to exploit with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, and availability (service disruption) for affected systems. Impacting 12 products from lenovo, from lenovo, from lenovo and 9 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-01-19T20:15:12.017

Last Modified

2024-11-21T08:41:01.643

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-266
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	tab_m8_hd_tb8505f_firmware	< 8505f_usr_s301106_2309140042_v9.56_bmp_row	Yes
Hardware	lenovo	tab_m8_hd_tb8505f	-	No
Operating System	lenovo	tab_m8_hd_tb8505fs_firmware	< 8505fs_usr_s301107_2309140028_v9.56_bmp_row	Yes
Hardware	lenovo	tab_m8_hd_tb8505fs	-	No
Operating System	lenovo	tab_m8_hd_tb8505x_firmware	< 8505x_usr_s301129_2309141226_v9.56_bmp_row	Yes
Hardware	lenovo	tab_m8_hd_tb8505x	-	No
Operating System	lenovo	tab_m8_hd_tb8505xs_firmware	< 8505xs_usr_s301077_2309140036_v9.56_bmp_row	Yes
Hardware	lenovo	tab_m8_hd_tb8505xs	-	No
Operating System	lenovo	tab_m10_plus_gen_3_tb125fu_firmware	< tb125fu_usr_s100116_2311171525_mp1rc_row	Yes
Hardware	lenovo	tab_m10_plus_gen_3_tb125fu	-	No
Operating System	lenovo	tab_p11_pro_gen_2_tb132fu_firmware	< tb132fu_s240219_231123_row	Yes
Hardware	lenovo	tab_p11_pro_gen_2_tb132fu	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-142135 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-142135 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For lenovo's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.