CVE-2008-3894: Infoleak
First published: Wed Sep 03 2008(Updated: )
IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Lenovo 7CETB5WW | =2.05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-3894?
CVE-2008-3894 is classified as a medium severity vulnerability due to its potential to expose sensitive information.
How do I fix CVE-2008-3894?
To fix CVE-2008-3894, it's recommended to update the affected firmware to a version that addresses this vulnerability.
Who is affected by CVE-2008-3894?
CVE-2008-3894 specifically affects users of IBM Lenovo firmware version 7CETB5WW 2.05.
What type of vulnerability is CVE-2008-3894?
CVE-2008-3894 is a local information disclosure vulnerability that allows unauthorized access to sensitive authentication passwords.
What could happen if I am affected by CVE-2008-3894?
If affected by CVE-2008-3894, local users could potentially read sensitive passwords stored in the BIOS Keyboard buffer.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ibm
- canonical/ibm lenovo 7cetb5ww
- version/ibm lenovo 7cetb5ww/2.05