





3





3 Shares

Researchers have spotted multiple vulnerabilities in Lenovo server infrastructure. These vulnerabilities, upon exploit, could have compromised the security and integrity of Lenovo systems.

Vulnerabilities In Lenovo Server Infrastructure

Researchers from Swascan, an Italian cybersecurity firm, have spotted numerous vulnerabilities targeting Lenovo systems. Exploiting the vulnerabilities by a potential attacker could result in various conditions, including arbitrary code execution and system crashes.

As described in their blog post, Team Swascan discovered nine different security vulnerabilities in Lenovo server infrastructure. These include two high-severity flaws and seven medium severity bugs.

The researchers haven’t clearly stated the flaws discovered. But they did share the details regarding the nature of these vulnerabilities via CWE numbers. The vulnerabilities include an improper restriction of operations within the bounds of a memory buffer, NULL Pointer Dereference, improper input validation, improper neutralization of special elements used in an OS command, improper authentication vulnerability, and use after free flaws. These vulnerabilities could allow an attacker to execute arbitrary codes, read sensitive information, and trigger system crashes.

Lenovo Fixed The Bugs

Upon discovering the flaws, the researchers promptly notified the Lenovo Security Department. Together with Swascan, Lenovo patched the vulnerabilities that affected the availability, integrity, and confidentiality of the systems.

The researchers also praised the promptness of the Lenovo security team in handling the vulnerabilities. As stated in their blog,

Lenovo’s attention to our discoveries together with the email exchanges, the evaluations, the remediation activities, and the resolution times were among the most serious, professional, and transparent that we have witnessed.

The researchers also emphasized the importance of collaborations between the security researchers and vendors to promptly handle any security incidents.

In April, the team also highlighted various vulnerabilities in Microsoft server infrastructure that could allow arbitrary code execution upon an exploit. Before this one, the researchers also shared their findings regarding vulnerabilities in Adobe IT systems.

Let us know your thoughts in the comments.