CVE-2023-0896: Input Validation
First published: Mon May 01 2023(Updated: )
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Smart Clock Essential | <90 | |
| Lenovo Smart Clock Essential with Alexa Built In firmware |
Remedy
Update to Lenovo Smart Clock Essential software version 90 or later.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-0896.
What is the severity of CVE-2023-0896?
CVE-2023-0896 has a severity rating of 8.8 (high).
What is the affected software for CVE-2023-0896?
The affected software for CVE-2023-0896 is Lenovo Smart Clock Essential with Alexa Built In firmware version up to exclusive 90.
How can an attacker exploit CVE-2023-0896?
An attacker with local network access can exploit CVE-2023-0896 by using the default password to gain unauthorized device access.
Is there a fix available for CVE-2023-0896?
Yes, Lenovo has released a fix for CVE-2023-0896. Please refer to the following link for more information: [https://support.lenovo.com/us/en/product_security/LEN-113714](https://support.lenovo.com/us/en/product_security/LEN-113714)
- collector/nvd-latest
- agent/type
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/remedy
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo smart clock essential
- canonical/lenovo smart clock essential with alexa built in firmware