CVE-2024-11679
4/11/2025 7:15:41 PM
28 روز قبل
28 روز قبل
1
Reporter :psirt@lenovo.com
Modified :4/11/2025 7:15:41 PM
Problem Data :CWE-125
Description
An input validation weakness was reported in the TpmSetup module for some legacy System x server products that could allow a local attacker with elevated privileges to read the contents of memory.
Cvss Version 3.1
4.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
Cvss Version 4.0
6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | High |
| User Interaction | None |
| Vulnerability Complexity | High |
| Vulnerability Impact | None |
EPSS
| Epss Score | 0 |
|---|---|
| Epss Percentile | 0 |
Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.
Reference
| لینک | منبع | تگ ها |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-193044 |