CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3746
https://notcve.org/view.php?id=CVE-2022-3746
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-284: Improper Access Control •
CVSS: 4.4EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3745
https://notcve.org/view.php?id=CVE-2022-3745
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3744
https://notcve.org/view.php?id=CVE-2022-3744
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.4EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3743
https://notcve.org/view.php?id=CVE-2022-3743
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.7EPSS: 0%CPEs: 174EXPL: 0CVE-2022-3742
https://notcve.org/view.php?id=CVE-2022-3742
23 Aug 2023 — A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. • https://support.lenovo.com/us/en/product_security/LEN-103710 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.7EPSS: 0%CPEs: 60EXPL: 0CVE-2023-34419
https://notcve.org/view.php?id=CVE-2023-34419
17 Aug 2023 — A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Se ha identificado un desbordamiento de búfer en el controlador SetupUtility de algunos productos portátiles de Lenovo los cuales podrían permitir a un atacante con acceso local y privilegios elevados ejecutar código arbitrario. • https://support.lenovo.com/us/en/product_security/LEN-134879 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •