CVE-2022-3430 — MEDIUM (6.7)

Q: What is CVE-2022-3430?

CVE-2022-3430 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Q: How severe is CVE-2022-3430?

CVE-2022-3430 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-3430?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo D330-10Igl Firmware, Lenovo D330-10Igl, Lenovo Ideapad 5 Pro 16Iah7 Firmware, Lenovo Ideapad 5 Pro 16Iah7, Lenovo Ideapad 5 Pro 16Arh7 Firmware.

Vulnerability Description

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	D330-10Igl Firmware	< g0cn11ww
Lenovo	D330-10Igl	-
Lenovo	Ideapad 5 Pro 16Iah7 Firmware	< j4cn33ww
Lenovo	Ideapad 5 Pro 16Iah7	-
Lenovo	Ideapad 5 Pro 16Arh7 Firmware	< j5cn27ww
Lenovo	Ideapad 5 Pro 16Arh7	-
Lenovo	Ideapad Duet 3 10Igl5 Firmware	< eqcn37ww
Lenovo	Ideapad Duet 3 10Igl5	-
Lenovo	Slim 7 16Arh7 Firmware	< klcn15ww
Lenovo	Slim 7 16Arh7	-
Lenovo	Thinkbook 15P Imp Firmware	< f6cn25ww
Lenovo	Thinkbook 15P Imp	-
Lenovo	Slim 7-14Are05 Firmware	< dmcn43ww
Lenovo	Slim 7-14Are05	-
Lenovo	Ideapad Slim 7-14Iil05 Firmware	< dhcn35ww
Lenovo	Ideapad Slim 7-14Iil05	-
Lenovo	Ideapad Slim 7-14Itl05 Firmware	< fbcn29ww
Lenovo	Ideapad Slim 7-14Itl05	-
Lenovo	Ideapad Slim 7-15Iil05 Firmware	< dhcn35ww
Lenovo	Ideapad Slim 7-15Iil05	-

Related Weaknesses (CWE)

CWE-276

References

https://support.lenovo.com/us/en/product_security/LEN-94952Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94952Vendor Advisory

FAQ

What is CVE-2022-3430?

CVE-2022-3430 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

How severe is CVE-2022-3430?

CVE-2022-3430 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-3430?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo D330-10Igl Firmware, Lenovo D330-10Igl, Lenovo Ideapad 5 Pro 16Iah7 Firmware, Lenovo Ideapad 5 Pro 16Iah7, Lenovo Ideapad 5 Pro 16Arh7 Firmware.