Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ideapad_duet_3_10igl5_firmware by lenovo

    CVE-2023-5075 (GCVE-0-2023-5075)

    Vulnerability from nvd – Published: 2023-11-08 22:01 – Updated: 2024-09-03 20:09
    VLAI
    Summary
    A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo IdeaPad Duet 3-10IGL5 Affected: BIOS versions prior to EQCN39WW
    Create a notification for this product.
    lenovo ideapad_duet_3_10igl5 Affected: bios_versions_prior_to_eqcn39ww
        cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_duet_3_10igl5",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "bios_versions_prior_to_eqcn39ww"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:06:35.190708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:09:35.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IdeaPad Duet 3-10IGL5",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS versions prior to EQCN39WW"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T22:01:34.869Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate system firmware to the version (or newer) indicated for your model in the advisory:  https://support.lenovo.com/us/en/product_security/LEN-141775 \n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-5075",
        "datePublished": "2023-11-08T22:01:34.869Z",
        "dateReserved": "2023-09-19T20:38:26.386Z",
        "dateUpdated": "2024-09-03T20:09:35.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3431 (GCVE-0-2022-3431)

    Vulnerability from nvd – Published: 2023-10-09 18:18 – Updated: 2024-09-19 14:36
    VLAI
    Summary
    A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    lenovo notebook Affected: 0 , < * (custom)
        cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "notebook",
                "vendor": "lenovo",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:34:46.057328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:36:08.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
                }
              ],
              "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-09T18:18:54.016Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3431",
        "datePublished": "2023-10-09T18:18:54.016Z",
        "dateReserved": "2022-10-07T19:59:25.920Z",
        "dateUpdated": "2024-09-19T14:36:08.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3430 (GCVE-0-2022-3430)

    Vulnerability from nvd – Published: 2023-01-23 16:11 – Updated: 2025-04-02 15:01
    VLAI
    Summary
    A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:01:24.152340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:01:31.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
                }
              ],
              "value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-23T16:11:41.102Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3430",
        "datePublished": "2023-01-23T16:11:41.102Z",
        "dateReserved": "2022-10-07T19:58:27.731Z",
        "dateUpdated": "2025-04-02T15:01:31.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5075 (GCVE-0-2023-5075)

    Vulnerability from cvelistv5 – Published: 2023-11-08 22:01 – Updated: 2024-09-03 20:09
    VLAI
    Summary
    A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo IdeaPad Duet 3-10IGL5 Affected: BIOS versions prior to EQCN39WW
    Create a notification for this product.
    lenovo ideapad_duet_3_10igl5 Affected: bios_versions_prior_to_eqcn39ww
        cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:44:53.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ideapad_duet_3_10igl5",
                "vendor": "lenovo",
                "versions": [
                  {
                    "status": "affected",
                    "version": "bios_versions_prior_to_eqcn39ww"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5075",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-03T20:06:35.190708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-03T20:09:35.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "IdeaPad Duet 3-10IGL5",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "BIOS versions prior to EQCN39WW"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lenovo thanks Zichuan Li (@Ri7erLi) from Indiana University Bloomington for reporting this vulnerability."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code."
                }
              ],
              "value": "A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-08T22:01:34.869Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-141775"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nUpdate system firmware to the version (or newer) indicated for your model in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-141775\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-141775\u003c/a\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\nUpdate system firmware to the version (or newer) indicated for your model in the advisory:  https://support.lenovo.com/us/en/product_security/LEN-141775 \n\n\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2023-5075",
        "datePublished": "2023-11-08T22:01:34.869Z",
        "dateReserved": "2023-09-19T20:38:26.386Z",
        "dateUpdated": "2024-09-03T20:09:35.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3431 (GCVE-0-2022-3431)

    Vulnerability from cvelistv5 – Published: 2023-10-09 18:18 – Updated: 2024-09-19 14:36
    VLAI
    Summary
    A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    lenovo notebook Affected: 0 , < * (custom)
        cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.619Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "notebook",
                "vendor": "lenovo",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T14:34:46.057328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T14:36:08.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
                }
              ],
              "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-09T18:18:54.016Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3431",
        "datePublished": "2023-10-09T18:18:54.016Z",
        "dateReserved": "2022-10-07T19:59:25.920Z",
        "dateUpdated": "2024-09-19T14:36:08.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-3430 (GCVE-0-2022-3430)

    Vulnerability from cvelistv5 – Published: 2023-01-23 16:11 – Updated: 2025-04-02 15:01
    VLAI
    Summary
    A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-276 - Incorrect Default Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Lenovo BIOS Affected: various
    Create a notification for this product.
    Credits
    Lenovo thanks Martin Smolár from ESET for reporting these issues.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T01:07:06.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-3430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-02T15:01:24.152340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-02T15:01:31.058Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BIOS",
              "vendor": "Lenovo",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
                }
              ],
              "value": "A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "CWE-276 Incorrect Default Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-23T16:11:41.102Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
                }
              ],
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2022-3430",
        "datePublished": "2023-01-23T16:11:41.102Z",
        "dateReserved": "2022-10-07T19:58:27.731Z",
        "dateUpdated": "2025-04-02T15:01:31.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }