Lucene search

[email protected]CVE-2022-3746

HistoryAug 23, 2023 - 8:15 p.m.

CVE-2022-3746

2023-08-2320:15:08

CWE-284

[email protected]

web.nvd.nist.gov

cve-2022-3746

lenovo

bios

vulnerability

local attacker

privileges

peripherals

embedded controller

nvd

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.

Affected configurations

NVD

Node

lenovoideapad_1_14iau7_firmwareRange<jkcn34ww

AND

lenovoideapad_1_14iau7Match-

Node

lenovoideapad_1_14igl7_firmwareRange<kkcn15ww

AND

lenovoideapad_1_14igl7Match-

Node

lenovoideapad_1_15iau7_firmwareRange<jkcn34ww

AND

lenovoideapad_1_15iau7Match-

Node

lenovoideapad_1_15igl7_firmwareRange<kkcn15ww

AND

lenovoideapad_1_15igl7Match-

Node

lenovoideapad_1-14ijl7_firmwareRange<htcn31ww

AND

lenovoideapad_1-14ijl7Match-

Node

lenovoideapad_1-15ijl7_firmwareRange<htcn31ww

AND

lenovoideapad_1-15ijl7Match-

Node

lenovoideapad_3_14iau7_firmwareRange<jkcn34ww

AND

lenovoideapad_3_14iau7Match-

Node

lenovoideapad_3_15iau7_firmwareRange<jkcn34ww

AND

lenovoideapad_3_15iau7Match-

Node

lenovoideapad_3_17iau7_firmwareRange<jkcn34ww

AND

lenovoideapad_3_17iau7Match-

Node

lenovoideapad_3-15igl05_firmwareRange<dvcn28ww

AND

lenovoideapad_3-15igl05Match-

Node

lenovoideapad_3-17iil05_firmwareRange<emcn56ww

AND

lenovoideapad_3-17iil05Match-

Node

lenovoideapad_3-17itl6_firmwareRange<ggcn51ww

AND

lenovoideapad_3-17itl6Match-

Node

lenovoideapad_5_15ial7_firmwareRange<jbcn27ww

AND

lenovoideapad_5_15ial7Match-

Node

lenovoideapad_5-15itl05_firmwareRange<fhcn70ww

AND

lenovoideapad_5-15itl05Match-

Node

lenovol3-15iml05_firmwareRange<ejcn30ww

AND

lenovol3-15iml05Match-

Node

lenovol3-15itl6_firmwareRange<gfcn29ww

AND

lenovol3-15itl6Match-

Node

lenovolegion_5_15iah7_firmwareRange<j2cn49ww

AND

lenovolegion_5_15iah7Match-

Node

lenovolegion_5_15iah7h_firmwareRange<j2cn49ww

AND

lenovolegion_5_15iah7hMatch-

Node

lenovolegion_5_pro_16iah7_firmwareRange<j2cn49ww

AND

lenovolegion_5_pro_16iah7Match-

Node

lenovolegion_5_pro_16iah7h_firmwareRange<j2cn49ww

AND

lenovolegion_5_pro_16iah7hMatch-

Node

lenovolegion_5_pro-16ith6_firmwareRange<h1cn52ww

AND

lenovolegion_5_pro-16ith6Match-

Node

lenovolegion_5_pro-16ith6h_firmwareRange<h1cn52ww

AND

lenovolegion_5_pro-16ith6hMatch-

Node

lenovolegion_5-15imh05_firmwareRange<efcn58ww

AND

lenovolegion_5-15imh05Match-

Node

lenovolegion_5-15imh05h_firmwareRange<efcn58ww

AND

lenovolegion_5-15imh05hMatch-

Node

lenovolegion_5-15imh6_firmwareRange<g8cn22ww

AND

lenovolegion_5-15imh6Match-

Node

lenovolegion_5-15ith6_firmwareRange<h1cn52ww

AND

lenovolegion_5-15ith6Match-

Node

lenovolegion_5-15ith6h_firmwareRange<h1cn52ww

AND

lenovolegion_5-15ith6hMatch-

Node

lenovolegion_5-17imh05_firmwareRange<efcn58ww

AND

lenovolegion_5-17imh05Match-

Node

lenovolegion_5-17imh05h_firmwareRange<efcn58ww

AND

lenovolegion_5-17imh05hMatch-

Node

lenovolegion_5-17ith6_firmwareRange<h1cn52ww

AND

lenovolegion_5-17ith6Match-

Node

lenovolegion_5-17ith6h_firmwareRange<h1cn52ww

AND

lenovolegion_5-17ith6hMatch-

Node

lenovolegion_5p-15imh05_firmwareRange<efcn58ww

AND

lenovolegion_5p-15imh05Match-

Node

lenovolegion_5p-15imh05h_firmwareRange<efcn58ww

AND

lenovolegion_5p-15imh05hMatch-

Node

lenovolegion_7_16iax7_firmwareRange<k1cn40ww

AND

lenovolegion_7_16iax7Match-

Node

lenovolegion_7-16ithg6_firmwareRange<h1cn52ww

AND

lenovolegion_7-16ithg6Match-

Node

lenovos14_g2_itl_firmwareRange<ggcn51ww

AND

lenovos14_g2_itlMatch-

Node

lenovos14_g3_iap_firmwareRange<jkcn34ww

AND

lenovos14_g3_iapMatch-

Node

lenovoslim_7_14iap7_firmwareRange<jhcn28ww

AND

lenovoslim_7_14iap7Match-

Node

lenovoslim_7_carbon_13iap7_firmwareRange<k2cn34ww

AND

lenovoslim_7_carbon_13iap7Match-

Node

lenovoslim_7_prox_14iah7_firmwareRange<hmcn41ww

AND

lenovoslim_7_prox_14iah7Match-

Node

lenovoslim_9_14iap7_firmwareRange<j3cn49ww

AND

lenovoslim_9_14iap7Match-

Node

lenovothinkbook_15p_imh_firmwareRange<f6cn26ww

AND

lenovothinkbook_15p_imhMatch-

Node

lenovov14_g2_ijl_firmwareRange<htcn31ww

AND

lenovov14_g2_ijlMatch-

Node

lenovov14_g3_iap_firmwareRange<jkcn34ww

AND

lenovov14_g3_iapMatch-

Node

lenovov15_g2_ijl_firmwareRange<htcn31ww

AND

lenovov15_g2_ijlMatch-

Node

lenovov15_g3_iap_firmwareRange<jkcn34ww

AND

lenovov15_g3_iapMatch-

Node

lenovov17_g3_iap_firmwareRange<jkcn34ww

AND

lenovov17_g3_iapMatch-

Node

lenovos540-13itl_firmwareRange<fzcn26ww

AND

lenovos540-13itlMatch-

Node

lenovoslim_7_pro-14ihu5_firmwareRange<fjcn74ww

AND

lenovoslim_7_pro-14ihu5Match-

Node

lenovoslim_9-14itl05_firmwareRange<escn56ww

AND

lenovoslim_9-14itl05Match-

Node

lenovothinkbook_15p_g2_ith_firmwareRange<hjcn32ww

AND

lenovothinkbook_15p_g2_ithMatch-

Node

lenovov14_g1-iml_firmwareRange<dxcn44ww

AND

lenovov14_g1-imlMatch-

Node

lenovov14_g2-itl_firmwareRange<ggcn51ww

AND

lenovov14_g2-itlMatch-

Node

lenovov14-igl_firmwareRange<dvcn28ww

AND

lenovov14-iglMatch-

Node

lenovov15_g1-iml_firmwareRange<dxcn44ww

AND

lenovov15_g1-imlMatch-

Node

lenovov15_g2-itl_firmwareRange<ggcn51ww

AND

lenovov15_g2-itlMatch-

Node

lenovov15-igl_firmwareRange<dvcn28ww

AND

lenovov15-iglMatch-

Node

lenovov17_g2-itl_firmwareRange<ggcn51ww

AND

lenovov17_g2-itlMatch-

Node

lenovov17-iil_firmwareRange<emcn56ww

AND

lenovov17-iilMatch-

Node

lenovoyoga_7_14ial7_firmwareRange<j1cn35ww

AND

lenovoyoga_7_14ial7Match-

Node

lenovoyoga_7_16iah7_firmwareRange<j1cn35ww

AND

lenovoyoga_7_16iah7Match-

Node

lenovoyoga_7_16iap7_firmwareRange<j1cn35ww

AND

lenovoyoga_7_16iap7Match-

Node

lenovoyoga_7-14itl5_firmwareRange<f5cn59ww

AND

lenovoyoga_7-14itl5Match-

Node

lenovoyoga_7-15itl5_firmwareRange<f5cn59ww

AND

lenovoyoga_7-15itl5Match-

Node

lenovoyoga_9_14iap7_firmwareRange<hncn42ww

AND

lenovoyoga_9_14iap7Match-

Node

lenovoyoga_slim_7_carbon_13iap7_firmwareRange<k2cn34ww

AND

lenovoyoga_slim_7_carbon_13iap7Match-

Node

lenovoyoga_slim_7_pro_14iah7_firmwareRange<krcn14ww

AND

lenovoyoga_slim_7_pro_14iah7Match-

Node

lenovoyoga_slim_7_pro_14iap7_firmwareRange<jhcn28ww

AND

lenovoyoga_slim_7_pro_14iap7Match-

Node

lenovoyoga_slim_7_pro-14ihu5_firmwareRange<fjcn74ww

AND

lenovoyoga_slim_7_pro-14ihu5Match-

Node

lenovoyoga_slim_7_pro-14ihu5_o_firmwareRange<fjcn74ww

AND

lenovoyoga_slim_7_pro-14ihu5_oMatch-

Node

lenovoyoga_slim_7_pro-14itl5_firmwareRange<fjcn74ww

AND

lenovoyoga_slim_7_pro-14itl5Match-

Node

lenovoyoga_slim_7_prox_14iah7_firmwareRange<hmcn41ww

AND

lenovoyoga_slim_7_prox_14iah7Match-

Node

lenovoyoga_slim_9_14iap7_firmwareRange<j3cn49ww

AND

lenovoyoga_slim_9_14iap7Match-

Node

lenovoyoga_slim_9-14itl05_firmwareRange<escn56ww

AND

lenovoyoga_slim_9-14itl05Match-

Node

lenovoideapad_3-14igl05_firmwareRange<dvcn28ww

AND

lenovoideapad_3-14igl05Match-

Node

lenovoideapad_3-14iil05_firmwareRange<emcn56ww

AND

lenovoideapad_3-14iil05Match-

Node

lenovoideapad_3-14iml05_firmwareRange<dxcn44ww

AND

lenovoideapad_3-14iml05Match-

Node

lenovoideapad_3-14itl05_firmwareRange<gccn32ww

AND

lenovoideapad_3-14itl05Match-

Node

lenovoideapad_3-14itl6_firmwareRange<ggcn51ww

AND

lenovoideapad_3-14itl6Match-

Node

lenovoideapad_3-15iil05_firmwareRange<emcn56ww

AND

lenovoideapad_3-15iil05Match-

Node

lenovoideapad_3-15iml05_firmwareRange<dxcn44ww

AND

lenovoideapad_3-15iml05Match-

Node

lenovoideapad_3-15itl05_firmwareRange<gccn32ww

AND

lenovoideapad_3-15itl05Match-

Node

lenovoideapad_3-15itl6_firmwareRange<ggcn51ww

AND

lenovoideapad_3-15itl6Match-

Node

lenovoideapad_3-17iml05_firmwareRange<dxcn44ww

AND

lenovoideapad_3-17iml05Match-

Node

lenovoideapad_5-15iil05_firmwareRange<dpcn58ww

AND

lenovoideapad_5-15iil05Match-

Node

lenovoideapad_creator_5-15imh05_firmwareRange<egcn40ww

AND

lenovoideapad_creator_5-15imh05Match-

Node

lenovoideapad_gaming_3-15imh05_firmwareRange<egcn40ww

AND

lenovoideapad_gaming_3-15imh05Match-

CPENameOperatorVersion
lenovo:ideapad_1_14iau7_firmwarelenovo ideapad 1 14iau7 firmwareltjkcn34ww

CPE	Name	Operator	Version
lenovo:ideapad_1_14iau7_firmware	lenovo ideapad 1 14iau7 firmware	lt	jkcn34ww

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Notebook",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-103710

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-3746

cvelist1 nvd1 prion1