Lenovo Updates
3093Warning Date
Severity Level
Warning Number
Target Sector
11 November, 2020
● High
2020-2040
All
Description:
Lenovo has released a security updates to address multiple vulnerabilities in the following products:
- Lenovo Notebook/IdeaPad/ThinkBooks
- Intel PROSet Wireless WiFi Software
- Intel Thunderbolt DCH Drivers for Windows
- Intel Wireless Bluetooth
- Intel High Definition Audio
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Intel Graphics Driver for Windows
- ThinkPad
- Intel PROSet Wireless WiFi Software
- Intel Thunderbolt DCH Drivers for Windows
- Intel Wireless Bluetooth
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Intel Graphics Driver for Windows
- ThinkServer
- Intel High Definition Audio
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Intel Graphics Driver for Windows
- ThinkSystem
- NetApp SANtricity OS Controller Software
- NetApp Clustered Data ONTAP 9.7.x
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- AMI MegaRAC SP-X BMC
- Intel Graphics Driver for Windows
- Hyperscale
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- AMI MegaRAC SP-X BMC
- Converged HX
- BIOS
- Desktop
- Intel PROSet Wireless WiFi Software
- Intel Thunderbolt DCH Drivers for Windows
- Intel Wireless Bluetooth
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Desktop - All in One
- Intel PROSet Wireless WiFi Software
- Intel Thunderbolt DCH Drivers for Windows
- Intel Wireless Bluetooth
- Intel HID Event Filter Driver
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Storage
- BIOS
- System x
- BIOS
- ThinkAgile
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- ThinkStation
- Intel PROSet Wireless WiFi Software
- Intel Thunderbolt DCH Drivers for Windows
- Intel Wireless Bluetooth
- Intel CSME, SPS, TXE, DAL and AMT
- BIOS
- Tablets
- Intel CSME, SPS, TXE, DAL and AMT
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Privileges escalation
- Denial of service (DoS)
- Information disclosure
Best practice and Recommendations:
The CERT team encourages users to apply the necessary updates, and for details on the affected versions and components, please review Lenovo security advisory:
- https://support.lenovo.com/us/en/product_security/LEN-50102
- https://support.lenovo.com/us/en/product_security/LEN-49998
- https://support.lenovo.com/us/en/product_security/LEN-45682
- https://support.lenovo.com/us/en/product_security/LEN-45678
- https://support.lenovo.com/us/en/product_security/LEN-45681
- https://support.lenovo.com/us/en/product_security/LEN-45679
- https://support.lenovo.com/us/en/product_security/LEN-45680
- https://support.lenovo.com/us/en/product_security/LEN-39432#Lenovo%20Notebook
- https://support.lenovo.com/us/en/product_security/LEN-49266
- https://support.lenovo.com/us/en/product_security/LEN-42578
- https://support.lenovo.com/us/en/product_security/LEN-36229