Lucene search

LenovoCVE-2022-4575

HistoryOct 30, 2023 - 3:15 p.m.

CVE-2022-4575

2023-10-3015:15:40

CWE-276

lenovo

web.nvd.nist.gov

vulnerability

bios

thinkpad

secure boot

cve-2022-4575

uefi

access control

nvd

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

Affected configurations

Nvd

Node

lenovothinkpad_25_firmwareRange<1.73

AND

lenovothinkpad_25Match-

Node

lenovothinkpad_l560_firmwareRange<1.62

AND

lenovothinkpad_l560Match-

Node

lenovothinkpad_p50_firmwareRange<1.71

AND

lenovothinkpad_p50Match-

Node

lenovothinkpad_p50s_firmwareRange<1.45

AND

lenovothinkpad_p50sMatch-

Node

lenovothinkpad_p70_firmwareRange<2.45

AND

lenovothinkpad_p70Match-

Node

lenovothinkpad_t470_firmwareRange<1.73

AND

lenovothinkpad_t470Match-

Node

lenovothinkpad_t470s_firmwareRange<1.49

AND

lenovothinkpad_t470sMatch-

Node

lenovothinkpad_t560_firmwareRange<1.45

AND

lenovothinkpad_t560Match-

Node

lenovothinkpad_x1_carbon_4th_gen_firmwareRange<1.56

AND

lenovothinkpad_x1_carbon_4th_genMatch-

Node

lenovothinkpad_x1_yoga_1st_gen_firmwareRange<1.56

AND

lenovothinkpad_x1_yoga_1st_genMatch-

Node

lenovothinkpad_x260_firmwareRange<1.50

AND

lenovothinkpad_x260Match-

Node

lenovothinkpad_x270_firmwareRange<1.47

AND

lenovothinkpad_x270Match-

Node

lenovothinkpad_yoga_260_firmwareRange<1.88

AND

lenovothinkpad_yoga_260Match-

VendorProductVersionCPE
lenovothinkpad_25_firmware*cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:*
lenovothinkpad_25-cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:*
lenovothinkpad_l560_firmware*cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*
lenovothinkpad_l560-cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*
lenovothinkpad_p50_firmware*cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:*
lenovothinkpad_p50-cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*
lenovothinkpad_p50s_firmware*cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*
lenovothinkpad_p50s-cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*
lenovothinkpad_p70_firmware*cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:*
lenovothinkpad_p70-cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lenovo	thinkpad_25_firmware	*	cpe:2.3:o:lenovo:thinkpad_25_firmware::::::::
lenovo	thinkpad_25	-	cpe:2.3:h:lenovo:thinkpad_25:-:::::::*
lenovo	thinkpad_l560_firmware	*	cpe:2.3:o:lenovo:thinkpad_l560_firmware::::::::
lenovo	thinkpad_l560	-	cpe:2.3:h:lenovo:thinkpad_l560:-:::::::*
lenovo	thinkpad_p50_firmware	*	cpe:2.3:o:lenovo:thinkpad_p50_firmware::::::::
lenovo	thinkpad_p50	-	cpe:2.3:h:lenovo:thinkpad_p50:-:::::::*
lenovo	thinkpad_p50s_firmware	*	cpe:2.3:o:lenovo:thinkpad_p50s_firmware::::::::
lenovo	thinkpad_p50s	-	cpe:2.3:h:lenovo:thinkpad_p50s:-:::::::*
lenovo	thinkpad_p70_firmware	*	cpe:2.3:o:lenovo:thinkpad_p70_firmware::::::::
lenovo	thinkpad_p70	-	cpe:2.3:h:lenovo:thinkpad_p70:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ThinkPad BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-106014

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVE-2022-4575