Lucene search

[email protected]NVD:CVE-2022-3431

HistoryOct 09, 2023 - 7:15 p.m.

CVE-2022-3431

2023-10-0919:15:09

CWE-276

[email protected]

web.nvd.nist.gov

cve-2022-3431

potential vulnerability

manufacturing process

lenovo

notebook

elevated privileges

secure boot

nvram variable

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected configurations

NVD

Node

lenovoideapad_creator_5-16ach6_firmwareRange<gscn34ww

AND

lenovoideapad_creator_5-16ach6Match-

Node

lenovoideapad_5_pro-16ihu6_firmwareRange<grcn22ww

AND

lenovoideapad_5_pro-16ihu6Match-

Node

lenovoideapad_5_pro-16ach6_firmwareRange<gscn34ww

AND

lenovoideapad_5_pro-16ach6Match-

Node

lenovoyoga_slim_7-13itl05_firmwareRange<f7cn39ww

AND

lenovoyoga_slim_7-13itl05Match-

Node

lenovoyoga_slim_7-13acn05_firmwareRange<ghcn28ww

AND

lenovoyoga_slim_7-13acn05Match-

Node

lenovoyoga_slim_7_pro_16arh7_firmwareRange<klcn15ww

AND

lenovoyoga_slim_7_pro_16arh7Match-

Node

lenovoyoga_slim_7_pro_16ach6_firmwareRange<hucn16ww

AND

lenovoyoga_slim_7_pro_16ach6Match-

Node

lenovoyoga_slim_7_carbon_13itl5_firmwareRange<f7cn39ww

AND

lenovoyoga_slim_7_carbon_13itl5Match-

Node

lenovoyoga_duet_7-13itl6-lte_firmwareRange<gpcn24ww

AND

lenovoyoga_duet_7-13itl6-lteMatch-

Node

lenovoyoga_duet_7-13itl6_firmwareRange<gpcn24ww

AND

lenovoyoga_duet_7-13itl6Match-

Node

lenovoyoga_duet_7-13iml05_firmwareRange<ercn30ww

AND

lenovoyoga_duet_7-13iml05Match-

Node

lenovothinkbook_plus_g3_iap_firmwareRange<k6cn29ww

AND

lenovothinkbook_plus_g3_iapMatch-

Node

lenovothinkbook_plus_g2_itg_firmwareRange<gycn31ww

AND

lenovothinkbook_plus_g2_itgMatch-

Node

lenovothinkbook_16p_nx_arh_firmwareRange<kjcn27ww

AND

lenovothinkbook_16p_nx_arhMatch-

Node

lenovothinkbook_16_g4\+_iap_firmwareRange<hycn40ww

AND

lenovothinkbook_16_g4\+_iapMatch-

Node

lenovothinkbook_16_g4\+_ara_firmwareRange<j6cn40ww

AND

lenovothinkbook_16_g4\+_araMatch-

Node

lenovothinkbook_14_g4\+_iap_firmwareRange<hycn40ww

AND

lenovothinkbook_14_g4\+_iapMatch-

Node

lenovothinkbook_14_g4\+_ara_firmwareRange<j6cn40ww

AND

lenovothinkbook_14_g4\+_araMatch-

Node

lenovothinkbook_13x_itg_firmwareRange<hlcn30ww

AND

lenovothinkbook_13x_itgMatch-

Node

lenovoideapad_slim_7_pro_16ach6_firmwareRange<hucn16ww

AND

lenovoideapad_slim_7_pro_16ach6Match-

Node

lenovos540-15iml_firmwareRange<cncn22ww

AND

lenovos540-15imlMatch-

Node

lenovoslim_7_16arh7_firmwareRange<klcn15ww

AND

lenovoslim_7_16arh7Match-

Node

lenovoideapad_duet_3_10igl5_firmwareRange<eqcn37ww

AND

lenovoideapad_duet_3_10igl5Match-

Node

lenovoideapad_5_pro_16arh7_firmwareRange<j4cn33ww

AND

lenovoideapad_5_pro_16arh7Match-

Node

lenovod330-10igl_firmwareRange<g0cn11ww

AND

lenovod330-10iglMatch-

References

support.lenovo.com/us/en/product_security/LEN-94952

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2022-3431

prion1 cvelist1 cve1 thn1