CVE-2022-3430
moderate-risk
Published 2023-01-23
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
D330-10Igl Firmware
Ideapad 5 Pro 16Iah7 Firmware
Ideapad 5 Pro 16Arh7 Firmware
Ideapad Duet 3 10Igl5 Firmware
Slim 7 16Arh7 Firmware
Thinkbook 15P Imp Firmware
Slim 7-14Are05 Firmware
Ideapad Slim 7-14Iil05 Firmware
Ideapad Slim 7-14Itl05 Firmware
Ideapad Slim 7-15Iil05 Firmware
Slim 7-15Imh05 Firmware
Slim 7-15Itl05 Firmware
Thinkbook 13X Itg Firmware
Thinkbook 14 G2 Are Firmware
Thinkbook 14 G2 Itl Firmware
Thinkbook 14 G3 Acl Firmware
Thinkbook 14 G3 Itl Firmware
Thinkbook 14 G4\+ Ara Firmware
Thinkbook 14 G4\+ Iap Firmware
Thinkbook 14P G3 Arh Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94952
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94952
46
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
0/34 · Minimal
Exposure
25/34 · High