Multiple Vulnerabilities Spotted In Lenovo Server Infrastructure

  • 3

Researchers have spotted multiple vulnerabilities in Lenovo server infrastructure. These vulnerabilities, upon exploit, could have compromised the security and integrity of Lenovo systems.

Vulnerabilities In Lenovo Server Infrastructure

Researchers from Swascan, an Italian cybersecurity firm, have spotted numerous vulnerabilities targeting Lenovo systems. Exploiting the vulnerabilities by a potential attacker could result in various conditions, including arbitrary code execution and system crashes.

As described in their blog post, Team Swascan discovered nine different security vulnerabilities in Lenovo server infrastructure. These include two high-severity flaws and seven medium severity bugs.

The researchers haven’t clearly stated the flaws discovered. But they did share the details regarding the nature of these vulnerabilities via CWE numbers. The vulnerabilities include an improper restriction of operations within the bounds of a memory buffer, NULL Pointer Dereference, improper input validation, improper neutralization of special elements used in an OS command, improper authentication vulnerability, and use after free flaws. These vulnerabilities could allow an attacker to execute arbitrary codes, read sensitive information, and trigger system crashes.

Lenovo Fixed The Bugs

Upon discovering the flaws, the researchers promptly notified the Lenovo Security Department. Together with Swascan, Lenovo patched the vulnerabilities that affected the availability, integrity, and confidentiality of the systems.

The researchers also praised the promptness of the Lenovo security team in handling the vulnerabilities. As stated in their blog,

Lenovo’s attention to our discoveries together with the email exchanges, the evaluations, the remediation activities, and the resolution times were among the most serious, professional, and transparent that we have witnessed.

The researchers also emphasized the importance of collaborations between the security researchers and vendors to promptly handle any security incidents.

In April, the team also highlighted various vulnerabilities in Microsoft server infrastructure that could allow arbitrary code execution upon an exploit. Before this one, the researchers also shared their findings regarding vulnerabilities in Adobe IT systems.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!