CVE-2022-3431
Vulnerability from cvelistv5
Published
2023-10-09 18:18
Modified
2024-09-19 14:36
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References
psirt@lenovo.comhttps://support.lenovo.com/us/en/product_security/LEN-94952Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/LEN-94952Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:07:06.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "notebook",
            "vendor": "lenovo",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-3431",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T14:34:46.057328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T14:36:08.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIOS",
          "vendor": "Lenovo",
          "versions": [
            {
              "status": "affected",
              "version": "various"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Lenovo thanks Martin Smol\u00e1r from ESET for reporting these issues."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
            }
          ],
          "value": "A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-09T18:18:54.016Z",
        "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "shortName": "lenovo"
      },
      "references": [
        {
          "url": "https://support.lenovo.com/us/en/product_security/LEN-94952"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e"
            }
          ],
          "value": "Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
    "assignerShortName": "lenovo",
    "cveId": "CVE-2022-3431",
    "datePublished": "2023-10-09T18:18:54.016Z",
    "dateReserved": "2022-10-07T19:59:25.920Z",
    "dateUpdated": "2024-09-19T14:36:08.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_creator_5-16ach6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"gscn34ww\", \"matchCriteriaId\": \"7428DDA8-7629-4AF8-8DAA-7A49FF9D6DA1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_creator_5-16ach6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90031C15-00A0-40F8-A98B-DDFA3F79D247\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_5_pro-16ihu6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"grcn22ww\", \"matchCriteriaId\": \"3FFB4225-D28D-4C3B-BB03-349B966CCFCF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_5_pro-16ihu6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC34C489-CC06-41DF-91C8-2919B9770E78\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_5_pro-16ach6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"gscn34ww\", \"matchCriteriaId\": \"BD22DD91-73C6-4982-9424-6C3AA1D52EA6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_5_pro-16ach6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F160EE76-3FF4-42EB-94DE-4FEFCCEE54C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_slim_7-13itl05_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f7cn39ww\", \"matchCriteriaId\": \"09F8B96E-197D-4E6C-B766-EFB312705CA0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_slim_7-13itl05:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B6E471A-EB31-46FE-944E-F48397F57E13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_slim_7-13acn05_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ghcn28ww\", \"matchCriteriaId\": \"1EBDE114-7FCF-4C49-A8F6-E20B25736454\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_slim_7-13acn05:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FAF0D1D-070A-401E-B5B3-F3BCDD1860F7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_slim_7_pro_16arh7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"klcn15ww\", \"matchCriteriaId\": \"650BA4E3-7255-4AE1-B192-58C45166039F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_slim_7_pro_16arh7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"620ACBF6-93BA-47B8-8AA6-974D81473171\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_slim_7_pro_16ach6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"hucn16ww\", \"matchCriteriaId\": \"851B51FB-DEFB-4E55-8114-BA49BEF8DFDC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_slim_7_pro_16ach6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0BEB08B-768F-4BFC-819B-B8A1DD01431F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13itl5_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"f7cn39ww\", \"matchCriteriaId\": \"63C58648-9441-450E-BFFF-874781D29BC5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_slim_7_carbon_13itl5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"978E1E13-8918-41D0-985C-53904CE0EC16\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_duet_7-13itl6-lte_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"gpcn24ww\", \"matchCriteriaId\": \"72679907-6E23-4BE7-809B-824B2E16D0EA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_duet_7-13itl6-lte:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72782D1B-DFFB-4F78-AA4F-C10AEF277D2F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_duet_7-13itl6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"gpcn24ww\", \"matchCriteriaId\": \"853F9F82-3DF5-4D6B-A3BD-410AFD9BD7F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_duet_7-13itl6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02CB1D39-F031-4AF9-88FE-E0E8E0A38768\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:yoga_duet_7-13iml05_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"ercn30ww\", \"matchCriteriaId\": \"E799EC61-46FC-46B1-B27C-67D472AEC947\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:yoga_duet_7-13iml05:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FCE2EC8-8384-4DE1-9B45-AECB510D0B1E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_plus_g3_iap_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"k6cn29ww\", \"matchCriteriaId\": \"1EA39607-1264-4595-8BF2-A03FEE46A677\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_plus_g3_iap:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8480B3A8-6F19-4C01-A5E8-B141DA845E4D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_plus_g2_itg_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"gycn31ww\", \"matchCriteriaId\": \"CD9DA7E8-963A-4845-A1A5-33FCD953F7AB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_plus_g2_itg:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D725D6F-60A7-4BEE-A19F-AF6CEEE46FE1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_16p_nx_arh_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"kjcn27ww\", \"matchCriteriaId\": \"6219BA17-B4B5-476A-A583-0A1A7C724E69\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_16p_nx_arh:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F21184FF-7B12-4422-A819-C0836777283B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_16_g4\\\\+_iap_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"hycn40ww\", \"matchCriteriaId\": \"F4405421-414E-4BAC-8E9F-E99B398BF0CD\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_16_g4\\\\+_iap:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56EA6832-49E6-4FFB-B49B-5ED528C8DC26\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_16_g4\\\\+_ara_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"j6cn40ww\", \"matchCriteriaId\": \"30656321-CDEC-4078-BD88-AF6074D42F48\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_16_g4\\\\+_ara:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4062B850-7517-41A1-BA85-CEA38520B324\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_14_g4\\\\+_iap_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"hycn40ww\", \"matchCriteriaId\": \"D008FDCD-FD4E-4DE7-8AF7-8982E2360E68\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_14_g4\\\\+_iap:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EE24BE8-EFD8-417E-9059-3844E1526F32\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_14_g4\\\\+_ara_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"j6cn40ww\", \"matchCriteriaId\": \"8AA85A21-27F0-4867-91D4-377EFD9A91CE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_14_g4\\\\+_ara:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B69C2C6D-E963-48F9-A91D-FC850A5C05DE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:thinkbook_13x_itg_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"hlcn30ww\", \"matchCriteriaId\": \"2CA24E6D-72F4-44A0-B7E2-378CC6260549\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:thinkbook_13x_itg:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09B30D44-B6FB-4824-BC6A-24307D8F7439\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_slim_7_pro_16ach6_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"hucn16ww\", \"matchCriteriaId\": \"57C398C8-388E-4622-B211-CB51120D8933\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_slim_7_pro_16ach6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9378A311-DA4E-4452-8C0A-337F2375F948\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:s540-15iml_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"cncn22ww\", \"matchCriteriaId\": \"7654476D-65DA-495F-91F2-A59A6C840F51\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:s540-15iml:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78A9FC30-244F-441E-950E-2FDBFC520133\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:slim_7_16arh7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"klcn15ww\", \"matchCriteriaId\": \"CC68F2A8-9976-4157-9926-1F398584C0EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:slim_7_16arh7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEF0DB00-37E3-48C9-8229-59422C95C937\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_duet_3_10igl5_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"eqcn37ww\", \"matchCriteriaId\": \"12037F5F-401A-4E68-92A8-922A5CA9BD63\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6ED2CCF-A6BB-45C8-B729-31241AA7254A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:ideapad_5_pro_16arh7_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"j4cn33ww\", \"matchCriteriaId\": \"7F9E07F2-CCDE-4B45-9B04-7691D1869C1C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:ideapad_5_pro_16arh7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33034E99-8CA2-4736-91F6-8E42181E9AF0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:lenovo:d330-10igl_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"g0cn11ww\", \"matchCriteriaId\": \"93B3E734-67AE-498C-9808-70D5F07161EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:lenovo:d330-10igl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FBE774E-04D0-46DE-8F9C-D4B9380BD1BC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad potencial en un driver utilizado durante el proceso de fabricaci\\u00f3n de algunos dispositivos de consumo Lenovo Notebook que no se desactiv\\u00f3 por error, puede permitir que un atacante con privilegios elevados modifique la configuraci\\u00f3n de arranque seguro modificando una variable de la NVRAM.\"}]",
      "id": "CVE-2022-3431",
      "lastModified": "2024-11-21T07:19:30.057",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-10-09T19:15:09.987",
      "references": "[{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-94952\", \"source\": \"psirt@lenovo.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-94952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@lenovo.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"psirt@lenovo.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-276\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-3431\",\"sourceIdentifier\":\"psirt@lenovo.com\",\"published\":\"2023-10-09T19:15:09.987\",\"lastModified\":\"2024-11-21T07:19:30.057\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad potencial en un driver utilizado durante el proceso de fabricaci\u00f3n de algunos dispositivos de consumo Lenovo Notebook que no se desactiv\u00f3 por error, puede permitir que un atacante con privilegios elevados modifique la configuraci\u00f3n de arranque seguro modificando una variable de la NVRAM.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@lenovo.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-276\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_creator_5-16ach6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"gscn34ww\",\"matchCriteriaId\":\"7428DDA8-7629-4AF8-8DAA-7A49FF9D6DA1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_creator_5-16ach6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90031C15-00A0-40F8-A98B-DDFA3F79D247\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_5_pro-16ihu6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"grcn22ww\",\"matchCriteriaId\":\"3FFB4225-D28D-4C3B-BB03-349B966CCFCF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_5_pro-16ihu6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC34C489-CC06-41DF-91C8-2919B9770E78\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_5_pro-16ach6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"gscn34ww\",\"matchCriteriaId\":\"BD22DD91-73C6-4982-9424-6C3AA1D52EA6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_5_pro-16ach6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F160EE76-3FF4-42EB-94DE-4FEFCCEE54C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_slim_7-13itl05_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f7cn39ww\",\"matchCriteriaId\":\"09F8B96E-197D-4E6C-B766-EFB312705CA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_slim_7-13itl05:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B6E471A-EB31-46FE-944E-F48397F57E13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_slim_7-13acn05_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ghcn28ww\",\"matchCriteriaId\":\"1EBDE114-7FCF-4C49-A8F6-E20B25736454\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_slim_7-13acn05:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FAF0D1D-070A-401E-B5B3-F3BCDD1860F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_slim_7_pro_16arh7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"klcn15ww\",\"matchCriteriaId\":\"650BA4E3-7255-4AE1-B192-58C45166039F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_slim_7_pro_16arh7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"620ACBF6-93BA-47B8-8AA6-974D81473171\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_slim_7_pro_16ach6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"hucn16ww\",\"matchCriteriaId\":\"851B51FB-DEFB-4E55-8114-BA49BEF8DFDC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_slim_7_pro_16ach6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0BEB08B-768F-4BFC-819B-B8A1DD01431F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_slim_7_carbon_13itl5_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"f7cn39ww\",\"matchCriteriaId\":\"63C58648-9441-450E-BFFF-874781D29BC5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_slim_7_carbon_13itl5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"978E1E13-8918-41D0-985C-53904CE0EC16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_duet_7-13itl6-lte_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"gpcn24ww\",\"matchCriteriaId\":\"72679907-6E23-4BE7-809B-824B2E16D0EA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_duet_7-13itl6-lte:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72782D1B-DFFB-4F78-AA4F-C10AEF277D2F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_duet_7-13itl6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"gpcn24ww\",\"matchCriteriaId\":\"853F9F82-3DF5-4D6B-A3BD-410AFD9BD7F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_duet_7-13itl6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02CB1D39-F031-4AF9-88FE-E0E8E0A38768\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:yoga_duet_7-13iml05_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"ercn30ww\",\"matchCriteriaId\":\"E799EC61-46FC-46B1-B27C-67D472AEC947\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:yoga_duet_7-13iml05:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FCE2EC8-8384-4DE1-9B45-AECB510D0B1E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_plus_g3_iap_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"k6cn29ww\",\"matchCriteriaId\":\"1EA39607-1264-4595-8BF2-A03FEE46A677\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_plus_g3_iap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8480B3A8-6F19-4C01-A5E8-B141DA845E4D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_plus_g2_itg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"gycn31ww\",\"matchCriteriaId\":\"CD9DA7E8-963A-4845-A1A5-33FCD953F7AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_plus_g2_itg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D725D6F-60A7-4BEE-A19F-AF6CEEE46FE1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_16p_nx_arh_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"kjcn27ww\",\"matchCriteriaId\":\"6219BA17-B4B5-476A-A583-0A1A7C724E69\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_16p_nx_arh:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F21184FF-7B12-4422-A819-C0836777283B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_16_g4\\\\+_iap_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"hycn40ww\",\"matchCriteriaId\":\"F4405421-414E-4BAC-8E9F-E99B398BF0CD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_16_g4\\\\+_iap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56EA6832-49E6-4FFB-B49B-5ED528C8DC26\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_16_g4\\\\+_ara_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"j6cn40ww\",\"matchCriteriaId\":\"30656321-CDEC-4078-BD88-AF6074D42F48\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_16_g4\\\\+_ara:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4062B850-7517-41A1-BA85-CEA38520B324\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_14_g4\\\\+_iap_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"hycn40ww\",\"matchCriteriaId\":\"D008FDCD-FD4E-4DE7-8AF7-8982E2360E68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_14_g4\\\\+_iap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EE24BE8-EFD8-417E-9059-3844E1526F32\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_14_g4\\\\+_ara_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"j6cn40ww\",\"matchCriteriaId\":\"8AA85A21-27F0-4867-91D4-377EFD9A91CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_14_g4\\\\+_ara:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B69C2C6D-E963-48F9-A91D-FC850A5C05DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:thinkbook_13x_itg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"hlcn30ww\",\"matchCriteriaId\":\"2CA24E6D-72F4-44A0-B7E2-378CC6260549\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:thinkbook_13x_itg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09B30D44-B6FB-4824-BC6A-24307D8F7439\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_slim_7_pro_16ach6_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"hucn16ww\",\"matchCriteriaId\":\"57C398C8-388E-4622-B211-CB51120D8933\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_slim_7_pro_16ach6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9378A311-DA4E-4452-8C0A-337F2375F948\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:s540-15iml_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"cncn22ww\",\"matchCriteriaId\":\"7654476D-65DA-495F-91F2-A59A6C840F51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:s540-15iml:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78A9FC30-244F-441E-950E-2FDBFC520133\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:slim_7_16arh7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"klcn15ww\",\"matchCriteriaId\":\"CC68F2A8-9976-4157-9926-1F398584C0EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:slim_7_16arh7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF0DB00-37E3-48C9-8229-59422C95C937\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_duet_3_10igl5_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"eqcn37ww\",\"matchCriteriaId\":\"12037F5F-401A-4E68-92A8-922A5CA9BD63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_duet_3_10igl5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6ED2CCF-A6BB-45C8-B729-31241AA7254A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:ideapad_5_pro_16arh7_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"j4cn33ww\",\"matchCriteriaId\":\"7F9E07F2-CCDE-4B45-9B04-7691D1869C1C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:ideapad_5_pro_16arh7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33034E99-8CA2-4736-91F6-8E42181E9AF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:lenovo:d330-10igl_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"g0cn11ww\",\"matchCriteriaId\":\"93B3E734-67AE-498C-9808-70D5F07161EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:lenovo:d330-10igl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FBE774E-04D0-46DE-8F9C-D4B9380BD1BC\"}]}]}],\"references\":[{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-94952\",\"source\":\"psirt@lenovo.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.lenovo.com/us/en/product_security/LEN-94952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-94952\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:07:06.619Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-3431\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-19T14:34:46.057328Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:lenovo:notebook:-:*:*:*:*:*:*:*\"], \"vendor\": \"lenovo\", \"product\": \"notebook\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-19T14:35:59.391Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Lenovo thanks Martin Smol\\u00e1r from ESET for reporting these issues.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Lenovo\", \"product\": \"BIOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"various\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://support.lenovo.com/us/en/product_security/LEN-94952\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-276\", \"description\": \"CWE-276 Incorrect Default Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"shortName\": \"lenovo\", \"dateUpdated\": \"2023-10-09T18:18:54.016Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-3431\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-19T14:36:08.273Z\", \"dateReserved\": \"2022-10-07T19:59:25.920Z\", \"assignerOrgId\": \"da227ddf-6e25-4b41-b023-0f976dcaca4b\", \"datePublished\": \"2023-10-09T18:18:54.016Z\", \"assignerShortName\": \"lenovo\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.