6.7

CVE-2022-3744

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoIdeapad 1 14iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 1 14iau7 Version-
LenovoIdeapad 1 14igl7 Firmware Version < kkcn15ww
   LenovoIdeapad 1 14igl7 Version-
LenovoIdeapad 1 15iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 1 15iau7 Version-
LenovoIdeapad 1 15igl7 Firmware Version < kkcn15ww
   LenovoIdeapad 1 15igl7 Version-
LenovoIdeapad 1-14ijl7 Firmware Version < htcn31ww
   LenovoIdeapad 1-14ijl7 Version-
LenovoIdeapad 1-15ijl7 Firmware Version < htcn31ww
   LenovoIdeapad 1-15ijl7 Version-
LenovoIdeapad 3 14iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 14iau7 Version-
LenovoIdeapad 3 15iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 15iau7 Version-
LenovoIdeapad 3 17iau7 Firmware Version < jkcn34ww
   LenovoIdeapad 3 17iau7 Version-
LenovoIdeapad 3-15igl05 Firmware Version < dvcn28ww
   LenovoIdeapad 3-15igl05 Version-
LenovoIdeapad 3-17iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-17iil05 Version-
LenovoIdeapad 3-17itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-17itl6 Version-
LenovoIdeapad 5 15ial7 Firmware Version < jbcn27ww
   LenovoIdeapad 5 15ial7 Version-
LenovoIdeapad 5-15itl05 Firmware Version < fhcn70ww
   LenovoIdeapad 5-15itl05 Version-
LenovoL3-15iml05 Firmware Version < ejcn30ww
   LenovoL3-15iml05 Version-
LenovoL3-15itl6 Firmware Version < gfcn29ww
   LenovoL3-15itl6 Version-
LenovoLegion 5 15iah7 Firmware Version < j2cn49ww
   LenovoLegion 5 15iah7 Version-
LenovoLegion 5 15iah7h Firmware Version < j2cn49ww
   LenovoLegion 5 15iah7h Version-
LenovoLegion 5 Pro 16iah7 Firmware Version < j2cn49ww
   LenovoLegion 5 Pro 16iah7 Version-
LenovoLegion 5 Pro 16iah7h Firmware Version < j2cn49ww
   LenovoLegion 5 Pro 16iah7h Version-
LenovoLegion 5 Pro-16ith6 Firmware Version < h1cn52ww
   LenovoLegion 5 Pro-16ith6 Version-
LenovoLegion 5 Pro-16ith6h Firmware Version < h1cn52ww
   LenovoLegion 5 Pro-16ith6h Version-
LenovoLegion 5-15imh05 Firmware Version < efcn58ww
   LenovoLegion 5-15imh05 Version-
LenovoLegion 5-15imh05h Firmware Version < efcn58ww
   LenovoLegion 5-15imh05h Version-
LenovoLegion 5-15imh6 Firmware Version < g8cn22ww
   LenovoLegion 5-15imh6 Version-
LenovoLegion 5-15ith6 Firmware Version < h1cn52ww
   LenovoLegion 5-15ith6 Version-
LenovoLegion 5-15ith6h Firmware Version < h1cn52ww
   LenovoLegion 5-15ith6h Version-
LenovoLegion 5-17imh05 Firmware Version < efcn58ww
   LenovoLegion 5-17imh05 Version-
LenovoLegion 5-17imh05h Firmware Version < efcn58ww
   LenovoLegion 5-17imh05h Version-
LenovoLegion 5-17ith6 Firmware Version < h1cn52ww
   LenovoLegion 5-17ith6 Version-
LenovoLegion 5-17ith6h Firmware Version < h1cn52ww
   LenovoLegion 5-17ith6h Version-
LenovoLegion 5p-15imh05 Firmware Version < efcn58ww
   LenovoLegion 5p-15imh05 Version-
LenovoLegion 5p-15imh05h Firmware Version < efcn58ww
   LenovoLegion 5p-15imh05h Version-
LenovoLegion 7 16iax7 Firmware Version < k1cn40ww
   LenovoLegion 7 16iax7 Version-
LenovoLegion 7-16ithg6 Firmware Version < h1cn52ww
   LenovoLegion 7-16ithg6 Version-
LenovoS14 G2 Itl Firmware Version < ggcn51ww
   LenovoS14 G2 Itl Version-
LenovoS14 G3 Iap Firmware Version < jkcn34ww
   LenovoS14 G3 Iap Version-
LenovoSlim 7 14iap7 Firmware Version < jhcn28ww
   LenovoSlim 7 14iap7 Version-
LenovoSlim 7 Carbon 13iap7 Firmware Version < k2cn34ww
   LenovoSlim 7 Carbon 13iap7 Version-
LenovoSlim 7 Prox 14iah7 Firmware Version < hmcn41ww
   LenovoSlim 7 Prox 14iah7 Version-
LenovoSlim 9 14iap7 Firmware Version < j3cn49ww
   LenovoSlim 9 14iap7 Version-
LenovoThinkbook 15p Imh Firmware Version < f6cn26ww
   LenovoThinkbook 15p Imh Version-
LenovoV14 G2 Ijl Firmware Version < htcn31ww
   LenovoV14 G2 Ijl Version-
LenovoV14 G3 Iap Firmware Version < jkcn34ww
   LenovoV14 G3 Iap Version-
LenovoV15 G2 Ijl Firmware Version < htcn31ww
   LenovoV15 G2 Ijl Version-
LenovoV15 G3 Iap Firmware Version < jkcn34ww
   LenovoV15 G3 Iap Version-
LenovoV17 G3 Iap Firmware Version < jkcn34ww
   LenovoV17 G3 Iap Version-
LenovoS540-13itl Firmware Version < fzcn26ww
   LenovoS540-13itl Version-
LenovoSlim 7 Pro-14ihu5 Firmware Version < fjcn74ww
   LenovoSlim 7 Pro-14ihu5 Version-
LenovoSlim 9-14itl05 Firmware Version < escn56ww
   LenovoSlim 9-14itl05 Version-
LenovoThinkbook 15p G2 Ith Firmware Version < hjcn32ww
   LenovoThinkbook 15p G2 Ith Version-
LenovoV14 G1-iml Firmware Version < dxcn44ww
   LenovoV14 G1-iml Version-
LenovoV14 G2-itl Firmware Version < ggcn51ww
   LenovoV14 G2-itl Version-
LenovoV14-igl Firmware Version < dvcn28ww
   LenovoV14-igl Version-
LenovoV15 G1-iml Firmware Version < dxcn44ww
   LenovoV15 G1-iml Version-
LenovoV15 G2-itl Firmware Version < ggcn51ww
   LenovoV15 G2-itl Version-
LenovoV15-igl Firmware Version < dvcn28ww
   LenovoV15-igl Version-
LenovoV17 G2-itl Firmware Version < ggcn51ww
   LenovoV17 G2-itl Version-
LenovoV17-iil Firmware Version < emcn56ww
   LenovoV17-iil Version-
LenovoYoga 7 14ial7 Firmware Version < j1cn35ww
   LenovoYoga 7 14ial7 Version-
LenovoYoga 7 16iah7 Firmware Version < j1cn35ww
   LenovoYoga 7 16iah7 Version-
LenovoYoga 7 16iap7 Firmware Version < j1cn35ww
   LenovoYoga 7 16iap7 Version-
LenovoYoga 7-14itl5 Firmware Version < f5cn59ww
   LenovoYoga 7-14itl5 Version-
LenovoYoga 7-15itl5 Firmware Version < f5cn59ww
   LenovoYoga 7-15itl5 Version-
LenovoYoga 9 14iap7 Firmware Version < hncn42ww
   LenovoYoga 9 14iap7 Version-
LenovoYoga Slim 7 Pro 14iah7 Firmware Version < krcn14ww
   LenovoYoga Slim 7 Pro 14iah7 Version-
LenovoYoga Slim 7 Pro 14iap7 Firmware Version < jhcn28ww
   LenovoYoga Slim 7 Pro 14iap7 Version-
LenovoYoga Slim 7 Pro-14ihu5 Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14ihu5 Version-
LenovoYoga Slim 7 Pro-14ihu5 O Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14ihu5 O Version-
LenovoYoga Slim 7 Pro-14itl5 Firmware Version < fjcn74ww
   LenovoYoga Slim 7 Pro-14itl5 Version-
LenovoYoga Slim 7 Prox 14iah7 Firmware Version < hmcn41ww
   LenovoYoga Slim 7 Prox 14iah7 Version-
LenovoYoga Slim 9 14iap7 Firmware Version < j3cn49ww
   LenovoYoga Slim 9 14iap7 Version-
LenovoYoga Slim 9-14itl05 Firmware Version < escn56ww
   LenovoYoga Slim 9-14itl05 Version-
LenovoIdeapad 3-14igl05 Firmware Version < dvcn28ww
   LenovoIdeapad 3-14igl05 Version-
LenovoIdeapad 3-14iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-14iil05 Version-
LenovoIdeapad 3-14iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-14iml05 Version-
LenovoIdeapad 3-14itl05 Firmware Version < gccn32ww
   LenovoIdeapad 3-14itl05 Version-
LenovoIdeapad 3-14itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-14itl6 Version-
LenovoIdeapad 3-15iil05 Firmware Version < emcn56ww
   LenovoIdeapad 3-15iil05 Version-
LenovoIdeapad 3-15iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-15iml05 Version-
LenovoIdeapad 3-15itl05 Firmware Version < gccn32ww
   LenovoIdeapad 3-15itl05 Version-
LenovoIdeapad 3-15itl6 Firmware Version < ggcn51ww
   LenovoIdeapad 3-15itl6 Version-
LenovoIdeapad 3-17iml05 Firmware Version < dxcn44ww
   LenovoIdeapad 3-17iml05 Version-
LenovoIdeapad 5-15iil05 Firmware Version < dpcn58ww
   LenovoIdeapad 5-15iil05 Version-
LenovoIdeapad Gaming 3-15imh05 Firmware Version < egcn40ww
   LenovoIdeapad Gaming 3-15imh05 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.04
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.