CVE-2023-5079 HIGH

CVE-2023-5079

Vendor Lenovo

Product LeCloud Application

Weakness CWE-20 · Input validation

Published November 8, 2023

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.

Key dates

02Disclosure timeline

November 8, 2023 CVE published

September 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5079 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2022-48321 SSRF in agent-receiver API CVE-2019-18995 ABB PB610 HMISimulator does not check content-length of the HTTP request CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data CVE-2019-1721 Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability