Lucene search

[email protected]CVE-2022-3430

HistoryJan 23, 2023 - 5:15 p.m.

CVE-2022-3430

2023-01-2317:15:00

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-3430

vulnerability

lenovo

wmi setup driver

secure boot

nvram variable

consumer notebook

elevated privileges

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.6%

JSON

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CPENameOperatorVersion
lenovo:d330-10igl_firmwarelenovo d330-10igl firmwareltg0cn11ww
lenovo:ideapad_5_pro_16iah7_firmwarelenovo ideapad 5 pro 16iah7 firmwareltj4cn33ww
lenovo:ideapad_5_pro_16arh7_firmwarelenovo ideapad 5 pro 16arh7 firmwareltj5cn27ww
lenovo:ideapad_duet_3_10igl5_firmwarelenovo ideapad duet 3 10igl5 firmwarelteqcn37ww
lenovo:slim_7_16arh7_firmwarelenovo slim 7 16arh7 firmwareltklcn15ww
lenovo:thinkbook_15p_imp_firmwarelenovo thinkbook 15p imp firmwareltf6cn25ww
lenovo:slim_7-14are05_firmwarelenovo slim 7-14are05 firmwareltdmcn43ww
lenovo:ideapad_slim_7-14iil05_firmwarelenovo ideapad slim 7-14iil05 firmwareltdhcn35ww
lenovo:ideapad_slim_7-14itl05_firmwarelenovo ideapad slim 7-14itl05 firmwareltfbcn29ww
lenovo:ideapad_slim_7-15iil05_firmwarelenovo ideapad slim 7-15iil05 firmwareltdhcn35ww

CPE	Name	Operator	Version
lenovo:d330-10igl_firmware	lenovo d330-10igl firmware	lt	g0cn11ww
lenovo:ideapad_5_pro_16iah7_firmware	lenovo ideapad 5 pro 16iah7 firmware	lt	j4cn33ww
lenovo:ideapad_5_pro_16arh7_firmware	lenovo ideapad 5 pro 16arh7 firmware	lt	j5cn27ww
lenovo:ideapad_duet_3_10igl5_firmware	lenovo ideapad duet 3 10igl5 firmware	lt	eqcn37ww
lenovo:slim_7_16arh7_firmware	lenovo slim 7 16arh7 firmware	lt	klcn15ww
lenovo:thinkbook_15p_imp_firmware	lenovo thinkbook 15p imp firmware	lt	f6cn25ww
lenovo:slim_7-14are05_firmware	lenovo slim 7-14are05 firmware	lt	dmcn43ww
lenovo:ideapad_slim_7-14iil05_firmware	lenovo ideapad slim 7-14iil05 firmware	lt	dhcn35ww
lenovo:ideapad_slim_7-14itl05_firmware	lenovo ideapad slim 7-14itl05 firmware	lt	fbcn29ww
lenovo:ideapad_slim_7-15iil05_firmware	lenovo ideapad slim 7-15iil05 firmware	lt	dhcn35ww

Rows per page:

1-10 of 441

References

support.lenovo.com/us/en/product_security/LEN-94952

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:M/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.6%

JSON

Related for CVE-2022-3430

cvelist1 prion1 thn1