Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-1107
HistoryApr 22, 2022 - 9:15 p.m.

CVE-2022-1107

2022-04-2221:15:10
CWE-20
CWE-269
[email protected]
web.nvd.nist.gov
59
cve-2022-1107
boot services
thinkpad
vulnerability
smm handler
code execution

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Affected configurations

NVD
Node
lenovothinkpad_11eMatch-
AND
lenovothinkpad_11e_firmwareRange<n15et78w
Node
lenovothinkpad_helixMatch-
AND
lenovothinkpad_helix_firmwareRange<n17eta8w
Node
lenovothinkpad_l560Match-
AND
lenovothinkpad_l560_firmwareRange<n1het85w
Node
lenovothinkpad_l570Match-
AND
lenovothinkpad_l570_firmwareRange<n1xet65w
Node
lenovothinkpad_p50sMatch-
AND
lenovothinkpad_p50s_firmwareRange<n1ket46w
Node
lenovothinkpad_p51sMatch-
AND
lenovothinkpad_p51s_firmwareRange<n1vet50w
Node
lenovothinkpad_p52sMatch-
AND
lenovothinkpad_p52s_firmwareRange<n27et36w
Node
lenovothinkpad_s540Match-
AND
lenovothinkpad_s540_firmwareRange<gpet80ww
Node
lenovothinkpad_t550_firmwareRange<n11et50w
AND
lenovothinkpad_t550Match-
Node
lenovothinkpad_t560_firmwareRange<n1ket46w
AND
lenovothinkpad_t560Match-
Node
lenovothinkpad_t570_firmwareRange<n1vet50w
AND
lenovothinkpad_t570Match-
Node
lenovothinkpad_t580_firmwareRange<n27et36w
AND
lenovothinkpad_t580Match-
Node
lenovothinkpad_x1_tablet_gen_1_firmwareRange<n1let86w
AND
lenovothinkpad_x1_tablet_gen_1Match-
Node
lenovothinkpad_x1_tablet_gen_2_firmwareRange<n1oet50w
AND
lenovothinkpad_x1_tablet_gen_2Match-
Node
lenovothinkpad_w540_firmwareRange<gnet92ww
AND
lenovothinkpad_w540Match-
Node
lenovothinkpad_w541_firmwareRange<gnet92ww
AND
lenovothinkpad_w541Match-
Node
lenovothinkpad_w550s_firmwareRange<n11et50w
AND
lenovothinkpad_w550sMatch-
Node
lenovothinkpad_x1_carbon_3rd_gen_firmwareRange<n14et52w
AND
lenovothinkpad_x1_carbon_3rd_genMatch-
Node
lenovothinkpad_x1_carbon_4th_gen_firmwareRange<n1fet70w
AND
lenovothinkpad_x1_carbon_4th_genMatch-
Node
lenovothinkpad_x1_carbon_5th_gen_kabylake_firmwareRange<n1met55w
AND
lenovothinkpad_x1_carbon_5th_gen_kabylakeMatch-
Node
lenovothinkpad_x1_carbon_5th_gen_skylake_firmwareRange<n1met55w
AND
lenovothinkpad_x1_carbon_5th_gen_skylakeMatch-
Node
lenovothinkpad_x1_yoga_firmwareRange<n1fet70w
AND
lenovothinkpad_x1_yogaMatch-
Node
lenovothinkpad_x1_yoga_gen_2_firmwareRange<n1net47w
AND
lenovothinkpad_x1_yoga_gen_2Match-
Node
lenovothinkpad_x1_yoga_gen_3_firmwareRange<n25et50w
AND
lenovothinkpad_x1_yoga_gen_3Match-
Node
lenovothinkpad_x250_firmwareRange<n10et58w
AND
lenovothinkpad_x250Match-
Node
lenovothinkpad_x280_firmwareRange<n20et44w
AND
lenovothinkpad_x280Match-
Node
lenovothinkpad_x390_firmwareRange<n2let60w
AND
lenovothinkpad_x390Match-
Node
lenovothinkpad_11e_yoga_firmwareRange<n15et78w
AND
lenovothinkpad_11e_yogaMatch-
Node
lenovothinkpad_yoga_15_firmwareRange<n19et61w
AND
lenovothinkpad_yoga_15Match-
Node
lenovothinkpad_yoga_260_firmwareRange<n1get98w
AND
lenovothinkpad_yoga_260Match-

CNA Affected

[
  {
    "product": "ThinkPad BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
nvd
nvd
CVE-2022-1107
2022-04-22 21:15:10
prion
prion
Code injection
2022-04-22 21:15:00
cvelist
cvelist
CVE-2022-1107
2022-04-22 20:30:50

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CVE-2022-1107
nvd1prion1cvelist1