CVE-2022-3430 | Severity.io

Description

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Related CPE's

d330-10igl_firmware

Vulnerable

ideapad_5_pro_16iah7_firmware

Vulnerable

ideapad_5_pro_16iah7

ideapad_5_pro_16arh7_firmware

Vulnerable

ideapad_5_pro_16arh7

ideapad_duet_3_10igl5_firmware

Vulnerable

ideapad_duet_3_10igl5

slim_7_16arh7_firmware

Vulnerable

thinkbook_15p_imp_firmware

Vulnerable

thinkbook_15p_imp

slim_7-14are05_firmware

Vulnerable

ideapad_slim_7-14iil05_firmware

Vulnerable

ideapad_slim_7-14iil05

ideapad_slim_7-14itl05_firmware

Vulnerable

ideapad_slim_7-14itl05

ideapad_slim_7-15iil05_firmware

Vulnerable

ideapad_slim_7-15iil05

slim_7-15imh05_firmware

Vulnerable

slim_7-15itl05_firmware

Vulnerable

thinkbook_13x_itg_firmware

Vulnerable

thinkbook_13x_itg

thinkbook_14_g2_are_firmware

Vulnerable

thinkbook_14_g2_are

thinkbook_14_g2_itl_firmware

Vulnerable

thinkbook_14_g2_itl

thinkbook_14_g3_acl_firmware

Vulnerable

thinkbook_14_g3_acl

thinkbook_14_g3_itl_firmware

Vulnerable

thinkbook_14_g3_itl

thinkbook_14_g4\+_ara_firmware

Vulnerable

thinkbook_14_g4\+_ara

thinkbook_14_g4\+_iap_firmware

Vulnerable

thinkbook_14_g4\+_iap

thinkbook_14p_g3_arh_firmware

Vulnerable

thinkbook_14p_g3_arh

thinkbook_14s_yoga_itl_firmware

Vulnerable

thinkbook_14s_yoga_itl

thinkbook_15_g2_are_firmware

Vulnerable

thinkbook_15_g2_are

thinkbook_15_g2_itl_firmware

Vulnerable

thinkbook_15_g2_itl

thinkbook_15_g3_acl_firmware

Vulnerable

thinkbook_15_g3_acl

thinkbook_15_g3_itl_firmware

Vulnerable

thinkbook_15_g3_itl

thinkbook_15_gd_aba_firmware

Vulnerable

thinkbook_15_g4_aba

thinkbook_15p_g2_ith_firmware

Vulnerable

thinkbook_15p_g2_ith

thinkbook_16_g4\+_ara_firmware

Vulnerable

thinkbook_16_g4\+_ara

thinkbook_16_g4\+_iap_firmware

Vulnerable

thinkbook_16_g4\+_iap

thinkbook_16p_g3_arh_firmware

Vulnerable

thinkbook_16p_g3_arh

thinkbook_16p_nx_arh_firmware

Vulnerable

thinkbook_16p_nx_arh

thinkbook_plus_g2_itg_firmware

Vulnerable

thinkbook_plus_g2_itg

thinkbook_plus_g3_iap_firmware

Vulnerable

thinkbook_plus_g3_iap

yoga_creator_7-15imh05_firmware

Vulnerable

yoga_creator_7-15imh05

yoga_duet_7-13iml05_firmware

Vulnerable

yoga_duet_7-13iml05

yoga_duet_7-13itl6_firmware

Vulnerable

yoga_duet_7-13itl6

yoga_duet_7-13itl6-lte_firmware

Vulnerable

yoga_duet_7-13itl6-lte

yoga_slim_7_pro_16arh7_firmware

Vulnerable

yoga_slim_7_pro_16arh7

yoga_slim_7-14are05_firmware

Vulnerable

yoga_slim_7-14are05

yoga_slim_7-14iil05_firmware

Vulnerable

yoga_slim_7-14iil05

yoga_slim_7-14itl05_firmware

Vulnerable

yoga_slim_7-14itl05

yoga_slim_7-15iil05_firmware

Vulnerable

yoga_slim_7-15iil05

yoga_slim_7-15imh05_firmware

Vulnerable

yoga_slim_7-15imh05

yoga_slim_7-15itl05_firmware

Vulnerable

yoga_slim_7-15itl05

References

https://support.lenovo.com/us/en/product_security/LEN-94952

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-276

[email protected]

Secondary

CWE-276

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-01-23T17:15:10.647

2 years ago

Last modified

2023-02-03T17:25:29.287

2 years ago