Detects many security vulnerabilities in Lenovo server infrastructure
Security researchers have recently discovered the presence of multiple vulnerabilities from simple to dangerous in Lenovo's server infrastructure. These vulnerabilities, if successfully exploited, will seriously damage the security and integrity of Lenovo's systems.
More specifically, researchers from Swascan, an Italian-based cyber security company, have discovered many vulnerabilities exist on Lenovo systems. If an attacker can exploit these vulnerabilities, it will cause many complex problems on the company's system, including arbitrary code execution behavior, and the occurrence of system problems that affect directly. Next to customers.
- Overview of building enterprise security detection and response system
There have been 9 medium to serious vulnerabilities found in Lenovo's system
According to information posted on the Swascan personal blog, there were a total of nine different security holes found in Lenovo's server infrastructure. In particular, there are 2 cases that are classified as particularly serious, which can lead to high security risks, and 7 vulnerabilities are rated at an average level.
The researchers did not specify details of the discovered vulnerabilities. However, they shared some relatively important information regarding the nature of these vulnerabilities through CWE numbers. The recorded vulnerabilities include limited errors that operate incorrectly in the buffer memory limit, NULL Pointer Pereference, incorrect input validation, and neutralizing incorrectly used special elements in the OS command, false authentication errors . These vulnerabilities can basically allow an attacker to execute arbitrary code, read sensitive information and trigger remote system problems.
- Botnet Echobot spreads across a wide range, specifically targeting Oracle and VMware applications
Lenovo patched the flaw
Immediately after discovering the above errors, Swascan researchers promptly informed the security - security department of Lenovo. With the help of the Italian security group, Chinese technology equipment manufacturers have successfully patched the gaps that seriously affect the availability, integrity and security of systems. .
Observers and security experts appreciate the agility and seriousness of Lenovo security team in dealing with vulnerabilities before they can leave the consequences. On the personal blog, the Swascan group made the following comments:
"Lenovo has shown seriousness and absolute focus on our findings. Along with email exchange, analysis, situation assessment and planning to fix problems almost immediately. immediately, it is not surprising that they can handle the vulnerabilities so quickly, it can be said that Lenovo owns the most serious, professional and transparent security team we have ever witnessed and collaborated with. ".
In addition, the researchers did not forget to emphasize the importance of good cooperation between the security research group and the supplier in timely handling of all security incidents.
- Find out about Ghidra - NSA's powerful cybersecurity tool
In April, the Swascan group also pointed out the existence of various vulnerabilities in Microsoft server infrastructure that could allow arbitrary code execution when successfully exploited by exploiters. Previously, researchers also shared their findings regarding serious security vulnerabilities in Adobe IT systems and were highly appreciated.
You should read it
- IBM developed a new technology to patch security holes
- How to scan websites for potential security vulnerabilities with Vega on Kali Linux
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- This is the operating system containing the most holes in a decade
- 5 common errors in managing security vulnerabilities
- 70% of Microsoft security vulnerabilities stem from memory errors
- Release software to check DNS server vulnerabilities
- There are vulnerabilities that allow hackers to bypass the fingerprint security mechanism of Lenovo computers
- Find security holes on every site with Nikto
- Warning of zero-day vulnerabilities in window manager on PC
- Security vulnerabilities - basic insights
- 9 misconceptions about security and how to resolve
Maybe you are interested
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications
Series of DrayTek router models have security holes
If you have an AMD CPU, install this important security update!
Roundup of new Chrome features and security updates
Google releases emergency security patch, fixes 4 security flaws on Chrome