Lucene search

[email protected]CVE-2022-3432

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-3432

2023-01-2621:15:51

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-3432

vulnerability

driver

ideapad y700-14isk

manufacturing process

nvram

secure boot

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected configurations

NVD

Node

lenovoideapad_y700-14isk_firmwareMatch-

AND

lenovoideapad_y700-14iskMatch-

CPENameOperatorVersion
lenovo:ideapad_y700-14isk_firmwarelenovo ideapad y700-14isk firmwareeq-

CPE	Name	Operator	Version
lenovo:ideapad_y700-14isk_firmware	lenovo ideapad y700-14isk firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-94952

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-3432

prion1 cvelist1 nvd1 thn1