CVE-2022-3431
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Una vulnerabilidad potencial en un driver utilizado durante el proceso de fabricación de algunos dispositivos de consumo Lenovo Notebook que no se desactivó por error, puede permitir que un atacante con privilegios elevados modifique la configuración de arranque seguro modificando una variable de la NVRAM.
*Credits:
Lenovo thanks Martin Smolár from ESET for reporting these issues.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-07 CVE Reserved
- 2023-10-09 CVE Published
- 2023-10-10 EPSS Updated
- 2024-09-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-94952 | 2023-10-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Ideapad Creator 5-16ach6 Firmware Search vendor "Lenovo" for product "Ideapad Creator 5-16ach6 Firmware" | < gscn34ww Search vendor "Lenovo" for product "Ideapad Creator 5-16ach6 Firmware" and version " < gscn34ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Creator 5-16ach6 Search vendor "Lenovo" for product "Ideapad Creator 5-16ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ideapad 5 Pro-16ihu6 Firmware Search vendor "Lenovo" for product "Ideapad 5 Pro-16ihu6 Firmware" | < grcn22ww Search vendor "Lenovo" for product "Ideapad 5 Pro-16ihu6 Firmware" and version " < grcn22ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 5 Pro-16ihu6 Search vendor "Lenovo" for product "Ideapad 5 Pro-16ihu6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ideapad 5 Pro-16ach6 Firmware Search vendor "Lenovo" for product "Ideapad 5 Pro-16ach6 Firmware" | < gscn34ww Search vendor "Lenovo" for product "Ideapad 5 Pro-16ach6 Firmware" and version " < gscn34ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 5 Pro-16ach6 Search vendor "Lenovo" for product "Ideapad 5 Pro-16ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Slim 7-13itl05 Firmware Search vendor "Lenovo" for product "Yoga Slim 7-13itl05 Firmware" | < f7cn39ww Search vendor "Lenovo" for product "Yoga Slim 7-13itl05 Firmware" and version " < f7cn39ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Slim 7-13itl05 Search vendor "Lenovo" for product "Yoga Slim 7-13itl05" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Slim 7-13acn05 Firmware Search vendor "Lenovo" for product "Yoga Slim 7-13acn05 Firmware" | < ghcn28ww Search vendor "Lenovo" for product "Yoga Slim 7-13acn05 Firmware" and version " < ghcn28ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Slim 7-13acn05 Search vendor "Lenovo" for product "Yoga Slim 7-13acn05" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Slim 7 Pro 16arh7 Firmware Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16arh7 Firmware" | < klcn15ww Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16arh7 Firmware" and version " < klcn15ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Slim 7 Pro 16arh7 Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16arh7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Slim 7 Pro 16ach6 Firmware Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16ach6 Firmware" | < hucn16ww Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16ach6 Firmware" and version " < hucn16ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Slim 7 Pro 16ach6 Search vendor "Lenovo" for product "Yoga Slim 7 Pro 16ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Slim 7 Carbon 13itl5 Firmware Search vendor "Lenovo" for product "Yoga Slim 7 Carbon 13itl5 Firmware" | < f7cn39ww Search vendor "Lenovo" for product "Yoga Slim 7 Carbon 13itl5 Firmware" and version " < f7cn39ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Slim 7 Carbon 13itl5 Search vendor "Lenovo" for product "Yoga Slim 7 Carbon 13itl5" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Duet 7-13itl6-lte Firmware Search vendor "Lenovo" for product "Yoga Duet 7-13itl6-lte Firmware" | < gpcn24ww Search vendor "Lenovo" for product "Yoga Duet 7-13itl6-lte Firmware" and version " < gpcn24ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Duet 7-13itl6-lte Search vendor "Lenovo" for product "Yoga Duet 7-13itl6-lte" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Duet 7-13itl6 Firmware Search vendor "Lenovo" for product "Yoga Duet 7-13itl6 Firmware" | < gpcn24ww Search vendor "Lenovo" for product "Yoga Duet 7-13itl6 Firmware" and version " < gpcn24ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Duet 7-13itl6 Search vendor "Lenovo" for product "Yoga Duet 7-13itl6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Yoga Duet 7-13iml05 Firmware Search vendor "Lenovo" for product "Yoga Duet 7-13iml05 Firmware" | < ercn30ww Search vendor "Lenovo" for product "Yoga Duet 7-13iml05 Firmware" and version " < ercn30ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Yoga Duet 7-13iml05 Search vendor "Lenovo" for product "Yoga Duet 7-13iml05" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook Plus G3 Iap Firmware Search vendor "Lenovo" for product "Thinkbook Plus G3 Iap Firmware" | < k6cn29ww Search vendor "Lenovo" for product "Thinkbook Plus G3 Iap Firmware" and version " < k6cn29ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook Plus G3 Iap Search vendor "Lenovo" for product "Thinkbook Plus G3 Iap" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook Plus G2 Itg Firmware Search vendor "Lenovo" for product "Thinkbook Plus G2 Itg Firmware" | < gycn31ww Search vendor "Lenovo" for product "Thinkbook Plus G2 Itg Firmware" and version " < gycn31ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook Plus G2 Itg Search vendor "Lenovo" for product "Thinkbook Plus G2 Itg" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 16p Nx Arh Firmware Search vendor "Lenovo" for product "Thinkbook 16p Nx Arh Firmware" | < kjcn27ww Search vendor "Lenovo" for product "Thinkbook 16p Nx Arh Firmware" and version " < kjcn27ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 16p Nx Arh Search vendor "Lenovo" for product "Thinkbook 16p Nx Arh" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 16 G4\+ Iap Firmware Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Iap Firmware" | < hycn40ww Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Iap Firmware" and version " < hycn40ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 16 G4\+ Iap Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Iap" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 16 G4\+ Ara Firmware Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Ara Firmware" | < j6cn40ww Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Ara Firmware" and version " < j6cn40ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 16 G4\+ Ara Search vendor "Lenovo" for product "Thinkbook 16 G4\+ Ara" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 14 G4\+ Iap Firmware Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Iap Firmware" | < hycn40ww Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Iap Firmware" and version " < hycn40ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 14 G4\+ Iap Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Iap" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 14 G4\+ Ara Firmware Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Ara Firmware" | < j6cn40ww Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Ara Firmware" and version " < j6cn40ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 14 G4\+ Ara Search vendor "Lenovo" for product "Thinkbook 14 G4\+ Ara" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkbook 13x Itg Firmware Search vendor "Lenovo" for product "Thinkbook 13x Itg Firmware" | < hlcn30ww Search vendor "Lenovo" for product "Thinkbook 13x Itg Firmware" and version " < hlcn30ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkbook 13x Itg Search vendor "Lenovo" for product "Thinkbook 13x Itg" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ideapad Slim 7 Pro 16ach6 Firmware Search vendor "Lenovo" for product "Ideapad Slim 7 Pro 16ach6 Firmware" | < hucn16ww Search vendor "Lenovo" for product "Ideapad Slim 7 Pro 16ach6 Firmware" and version " < hucn16ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Slim 7 Pro 16ach6 Search vendor "Lenovo" for product "Ideapad Slim 7 Pro 16ach6" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | S540-15iml Firmware Search vendor "Lenovo" for product "S540-15iml Firmware" | < cncn22ww Search vendor "Lenovo" for product "S540-15iml Firmware" and version " < cncn22ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | S540-15iml Search vendor "Lenovo" for product "S540-15iml" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Slim 7 16arh7 Firmware Search vendor "Lenovo" for product "Slim 7 16arh7 Firmware" | < klcn15ww Search vendor "Lenovo" for product "Slim 7 16arh7 Firmware" and version " < klcn15ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Slim 7 16arh7 Search vendor "Lenovo" for product "Slim 7 16arh7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ideapad Duet 3 10igl5 Firmware Search vendor "Lenovo" for product "Ideapad Duet 3 10igl5 Firmware" | < eqcn37ww Search vendor "Lenovo" for product "Ideapad Duet 3 10igl5 Firmware" and version " < eqcn37ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad Duet 3 10igl5 Search vendor "Lenovo" for product "Ideapad Duet 3 10igl5" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Ideapad 5 Pro 16arh7 Firmware Search vendor "Lenovo" for product "Ideapad 5 Pro 16arh7 Firmware" | < j4cn33ww Search vendor "Lenovo" for product "Ideapad 5 Pro 16arh7 Firmware" and version " < j4cn33ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Ideapad 5 Pro 16arh7 Search vendor "Lenovo" for product "Ideapad 5 Pro 16arh7" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | D330-10igl Firmware Search vendor "Lenovo" for product "D330-10igl Firmware" | < g0cn11ww Search vendor "Lenovo" for product "D330-10igl Firmware" and version " < g0cn11ww" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | D330-10igl Search vendor "Lenovo" for product "D330-10igl" | - | - |
Safe
|