7.2
CVE-2022-1107
- EPSS 0.03%
- Published 22.04.2022 21:15:10
- Last modified 21.11.2024 06:40:03
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Thinkpad 11e Firmware Version < n15et78w
Lenovo ≫ Thinkpad Helix Firmware Version < n17eta8w
Lenovo ≫ Thinkpad L560 Firmware Version < n1het85w
Lenovo ≫ Thinkpad L570 Firmware Version < n1xet65w
Lenovo ≫ Thinkpad P50s Firmware Version < n1ket46w
Lenovo ≫ Thinkpad P51s Firmware Version < n1vet50w
Lenovo ≫ Thinkpad P52s Firmware Version < n27et36w
Lenovo ≫ Thinkpad S540 Firmware Version < gpet80ww
Lenovo ≫ Thinkpad T550 Firmware Version < n11et50w
Lenovo ≫ Thinkpad T560 Firmware Version < n1ket46w
Lenovo ≫ Thinkpad T570 Firmware Version < n1vet50w
Lenovo ≫ Thinkpad T580 Firmware Version < n27et36w
Lenovo ≫ Thinkpad X1 Tablet Gen 1 Firmware Version < n1let86w
Lenovo ≫ Thinkpad X1 Tablet Gen 2 Firmware Version < n1oet50w
Lenovo ≫ Thinkpad W540 Firmware Version < gnet92ww
Lenovo ≫ Thinkpad W541 Firmware Version < gnet92ww
Lenovo ≫ Thinkpad W550s Firmware Version < n11et50w
Lenovo ≫ Thinkpad X1 Carbon 3rd Gen Firmware Version < n14et52w
Lenovo ≫ Thinkpad X1 Carbon 4th Gen Firmware Version < n1fet70w
Lenovo ≫ Thinkpad X1 Carbon 5th Gen Kabylake Firmware Version < n1met55w
Lenovo ≫ Thinkpad X1 Carbon 5th Gen Skylake Firmware Version < n1met55w
Lenovo ≫ Thinkpad X1 Yoga Firmware Version < n1fet70w
Lenovo ≫ Thinkpad X1 Yoga Gen 2 Firmware Version < n1net47w
Lenovo ≫ Thinkpad X1 Yoga Gen 3 Firmware Version < n25et50w
Lenovo ≫ Thinkpad X250 Firmware Version < n10et58w
Lenovo ≫ Thinkpad X280 Firmware Version < n20et44w
Lenovo ≫ Thinkpad X390 Firmware Version < n2let60w
Lenovo ≫ Thinkpad 11e Yoga Firmware Version < n15et78w
Lenovo ≫ Thinkpad Yoga 15 Firmware Version < n19et61w
Lenovo ≫ Thinkpad Yoga 260 Firmware Version < n1get98w
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.074 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.