6.7
CVE-2022-3430
- EPSS 0.04%
- Published 23.01.2023 17:15:10
- Last modified 21.11.2024 07:19:29
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ D330-10igl Firmware Version < g0cn11ww
Lenovo ≫ Ideapad 5 Pro 16iah7 Firmware Version < j4cn33ww
Lenovo ≫ Ideapad 5 Pro 16arh7 Firmware Version < j5cn27ww
Lenovo ≫ Ideapad Duet 3 10igl5 Firmware Version < eqcn37ww
Lenovo ≫ Slim 7 16arh7 Firmware Version < klcn15ww
Lenovo ≫ Thinkbook 15p Imp Firmware Version < f6cn25ww
Lenovo ≫ Slim 7-14are05 Firmware Version < dmcn43ww
Lenovo ≫ Ideapad Slim 7-14iil05 Firmware Version < dhcn35ww
Lenovo ≫ Ideapad Slim 7-14itl05 Firmware Version < fbcn29ww
Lenovo ≫ Ideapad Slim 7-15iil05 Firmware Version < dhcn35ww
Lenovo ≫ Slim 7-15imh05 Firmware Version < dncn32ww
Lenovo ≫ Slim 7-15itl05 Firmware Version < fbcn29ww
Lenovo ≫ Thinkbook 13x Itg Firmware Version < hlcn30ww
Lenovo ≫ Thinkbook 14 G2 Are Firmware Version < facn33ww
Lenovo ≫ Thinkbook 14 G2 Itl Firmware Version < f8cn52ww
Lenovo ≫ Thinkbook 14 G3 Acl Firmware Version < gqcn35ww_hfcn30ww
Lenovo ≫ Thinkbook 14 G3 Itl Firmware Version < hrcn13ww
Lenovo ≫ Thinkbook 14 G4+ Ara Firmware Version < j6cn40ww
Lenovo ≫ Thinkbook 14 G4+ Iap Firmware Version < hycn40ww
Lenovo ≫ Thinkbook 14p G3 Arh Firmware Version < k4cn31ww
Lenovo ≫ Thinkbook 14s Yoga Itl Firmware Version < fncn40ww
Lenovo ≫ Thinkbook 15 G2 Are Firmware Version < facn33ww
Lenovo ≫ Thinkbook 15 G2 Itl Firmware Version < f8cn52ww
Lenovo ≫ Thinkbook 15 G3 Acl Firmware Version < gqcn35ww_hfcn30ww
Lenovo ≫ Thinkbook 15 G3 Itl Firmware Version < hrcn13ww
Lenovo ≫ Thinkbook 15 Gd Aba Firmware Version < jpcn20ww
Lenovo ≫ Thinkbook 15p G2 Ith Firmware Version < hjcn31ww
Lenovo ≫ Thinkbook 16 G4+ Ara Firmware Version < j6cn40ww
Lenovo ≫ Thinkbook 16 G4+ Iap Firmware Version < hycn40ww
Lenovo ≫ Thinkbook 16p G3 Arh Firmware Version < kccn31ww
Lenovo ≫ Thinkbook 16p Nx Arh Firmware Version < kjcn27ww
Lenovo ≫ Thinkbook Plus G2 Itg Firmware Version < gycn31ww
Lenovo ≫ Thinkbook Plus G3 Iap Firmware Version < k6cn29ww
Lenovo ≫ Yoga Creator 7-15imh05 Firmware Version < dncn32ww
Lenovo ≫ Yoga Duet 7-13iml05 Firmware Version < ercn30ww
Lenovo ≫ Yoga Duet 7-13itl6 Firmware Version < gpcn24ww
Lenovo ≫ Yoga Duet 7-13itl6-lte Firmware Version < gpcn24ww
Lenovo ≫ Yoga Slim 7 Pro 16arh7 Firmware Version < klcn15ww
Lenovo ≫ Yoga Slim 7-14are05 Firmware Version < dmcn43ww
Lenovo ≫ Yoga Slim 7-14iil05 Firmware Version < dmcn35ww
Lenovo ≫ Yoga Slim 7-14itl05 Firmware Version < fbcn29ww
Lenovo ≫ Yoga Slim 7-15iil05 Firmware Version < dhcn35ww
Lenovo ≫ Yoga Slim 7-15imh05 Firmware Version < dncn32ww
Lenovo ≫ Yoga Slim 7-15itl05 Firmware Version < fbcn29ww
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.109 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.