Home Latest Cyber Security News | Network Security Hacking Multiple Critical Vulnerabilities Affected “My Lenovo” Digital Assets
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Multiple Critical Vulnerabilities Affected “My Lenovo” Digital Assets

by Abeerah Hashim
written by Abeerah Hashim
Lenovo UEFI Firmware Vulnerabilities

Some critical security vulnerabilities existed in the “my Lenovo” digital assets. Exploiting these vulnerabilities could even allow an adversary to execute commands on the target systems. Lenovo has addressed the issues after researchers notified them of the bugs.

Critical My Lenovo Vulnerabilities

An Italian security firm Swascan’s Cyber Security Research Team, has recently shared details of some critical vulnerabilities affecting “My Lenovo” assets. The researchers found the bugs via their Domain Threat Intelligence (DTI) tool that works on the information available on the dark web.

As elaborated in their advisory exclusively shared with Latest Hacking News, the researchers found three critical vulnerabilities on two selected IPs.

Investigating the matter made them identify the bugs as LDAP anonymous bind allowed, LDAP password disclosure, and remote command execution.

While the advisory doesn’t precisely explain the technical issues. Yet, it does elaborate on the nature of bugs that fall in these three categories.

  • Insufficiently Protected Credentials: insecure storage of credentials allowing an adversary to access user accounts.
  • OS Command Injection: an adversary could execute dangerous commands at the level of the operating system on the target device.
  • Improper Authentication: insufficient user validation by software allowing an adversary to gain unwarranted access to sensitive data.

Bugs Fixed

Upon finding the bugs, team Swascan responsibly disclosed the report to Lenovo. Their report included the details of the flaws and the PoC and vulnerable addresses and credentials. As stated in the advisory,

Swascan recommended to Lenovo the upgrade of the exposed services, checking the configuration and/or close related ports if not needed in order to mitigate the risk.

Consequently, the vendors, together with the researchers, worked out to develop patches for the flaws. Highlighting the vigilant response from Lenovo, the cybersecurity firm appreciated the fixes.

The Lenovo PSIRT quickly followed through on the suggestions and the information provided by Swascan, showing once again the importance and the value of collaborations between Cyber Security companies and IT/Service providers.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...