6.7

CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Data is provided by the National Vulnerability Database (NVD)
LenovoThinkpad 25 Firmware Version < 1.73
   LenovoThinkpad 25 Version-
LenovoThinkpad L560 Firmware Version < 1.62
   LenovoThinkpad L560 Version-
LenovoThinkpad P50 Firmware Version < 1.71
   LenovoThinkpad P50 Version-
LenovoThinkpad P50s Firmware Version < 1.45
   LenovoThinkpad P50s Version-
LenovoThinkpad P70 Firmware Version < 2.45
   LenovoThinkpad P70 Version-
LenovoThinkpad T470 Firmware Version < 1.73
   LenovoThinkpad T470 Version-
LenovoThinkpad T470s Firmware Version < 1.49
   LenovoThinkpad T470s Version-
LenovoThinkpad T560 Firmware Version < 1.45
   LenovoThinkpad T560 Version-
LenovoThinkpad X260 Firmware Version < 1.50
   LenovoThinkpad X260 Version-
LenovoThinkpad X270 Firmware Version < 1.47
   LenovoThinkpad X270 Version-
LenovoThinkpad Yoga 260 Firmware Version < 1.88
   LenovoThinkpad Yoga 260 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.001
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.