7.8

CVE-2022-3431

EPSS 0.04%
Published 09.10.2023 19:15:09
Last modified 21.11.2024 07:19:30
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Ideapad Creator 5-16ach6 Firmware Version < gscn34ww

Lenovo ≫ Ideapad Creator 5-16ach6 Version-

Lenovo ≫ Ideapad 5 Pro-16ihu6 Firmware Version < grcn22ww

Lenovo ≫ Ideapad 5 Pro-16ihu6 Version-

Lenovo ≫ Ideapad 5 Pro-16ach6 Firmware Version < gscn34ww

Lenovo ≫ Ideapad 5 Pro-16ach6 Version-

Lenovo ≫ Yoga Slim 7-13itl05 Firmware Version < f7cn39ww

Lenovo ≫ Yoga Slim 7-13itl05 Version-

Lenovo ≫ Yoga Slim 7-13acn05 Firmware Version < ghcn28ww

Lenovo ≫ Yoga Slim 7-13acn05 Version-

Lenovo ≫ Yoga Slim 7 Pro 16arh7 Firmware Version < klcn15ww

Lenovo ≫ Yoga Slim 7 Pro 16arh7 Version-

Lenovo ≫ Yoga Slim 7 Pro 16ach6 Firmware Version < hucn16ww

Lenovo ≫ Yoga Slim 7 Pro 16ach6 Version-

Lenovo ≫ Yoga Slim 7 Carbon 13itl5 Firmware Version < f7cn39ww

Lenovo ≫ Yoga Slim 7 Carbon 13itl5 Version-

Lenovo ≫ Yoga Duet 7-13itl6-lte Firmware Version < gpcn24ww

Lenovo ≫ Yoga Duet 7-13itl6-lte Version-

Lenovo ≫ Yoga Duet 7-13itl6 Firmware Version < gpcn24ww

Lenovo ≫ Yoga Duet 7-13itl6 Version-

Lenovo ≫ Yoga Duet 7-13iml05 Firmware Version < ercn30ww

Lenovo ≫ Yoga Duet 7-13iml05 Version-

Lenovo ≫ Thinkbook Plus G3 Iap Firmware Version < k6cn29ww

Lenovo ≫ Thinkbook Plus G3 Iap Version-

Lenovo ≫ Thinkbook Plus G2 Itg Firmware Version < gycn31ww

Lenovo ≫ Thinkbook Plus G2 Itg Version-

Lenovo ≫ Thinkbook 16p Nx Arh Firmware Version < kjcn27ww

Lenovo ≫ Thinkbook 16p Nx Arh Version-

Lenovo ≫ Thinkbook 16 G4+ Iap Firmware Version < hycn40ww

Lenovo ≫ Thinkbook 16 G4+ Iap Version-

Lenovo ≫ Thinkbook 16 G4+ Ara Firmware Version < j6cn40ww

Lenovo ≫ Thinkbook 16 G4+ Ara Version-

Lenovo ≫ Thinkbook 14 G4+ Iap Firmware Version < hycn40ww

Lenovo ≫ Thinkbook 14 G4+ Iap Version-

Lenovo ≫ Thinkbook 14 G4+ Ara Firmware Version < j6cn40ww

Lenovo ≫ Thinkbook 14 G4+ Ara Version-

Lenovo ≫ Thinkbook 13x Itg Firmware Version < hlcn30ww

Lenovo ≫ Thinkbook 13x Itg Version-

Lenovo ≫ Ideapad Slim 7 Pro 16ach6 Firmware Version < hucn16ww

Lenovo ≫ Ideapad Slim 7 Pro 16ach6 Version-

Lenovo ≫ S540-15iml Firmware Version < cncn22ww

Lenovo ≫ S540-15iml Version-

Lenovo ≫ Slim 7 16arh7 Firmware Version < klcn15ww

Lenovo ≫ Slim 7 16arh7 Version-

Lenovo ≫ Ideapad Duet 3 10igl5 Firmware Version < eqcn37ww

Lenovo ≫ Ideapad Duet 3 10igl5 Version-

Lenovo ≫ Ideapad 5 Pro 16arh7 Firmware Version < j4cn33ww

Lenovo ≫ Ideapad 5 Pro 16arh7 Version-

Lenovo ≫ D330-10igl Firmware Version < g0cn11ww

Lenovo ≫ D330-10igl Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.086

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://support.lenovo.com/us/en/product_security/LEN-94952

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3431

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3431

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3431

EUVD