CVE-2022-3430 — Incorrect Default Permissions in Lenovo D330-10igl Firmware

CWE-276 — Incorrect Default Permissions3 documents3 sources

Severity

6.7MEDIUMNVD

EPSS

0.2%

top 63.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo D330-10igl Firmware Lenovo Ideapad 5 PRO 16arh7 Firmware Lenovo Ideapad 5 PRO 16iah7 Firmware +42 more

Timeline

PublishedJan 23

Description

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages45 packages

▶NVDlenovo/d330-10igl_firmware< g0cn11ww

▶NVDlenovo/slim_7_16arh7_firmware< klcn15ww

▶NVDlenovo/slim_7-14are05_firmware< dmcn43ww

▶NVDlenovo/slim_7-15imh05_firmware< dncn32ww

▶NVDlenovo/slim_7-15itl05_firmware< fbcn29ww

🔴Vulnerability Details

GHSA

GHSA-vj5w-88wc-3p42: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify se↗2023-01-23

▶

CVEList

CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify se↗2023-01-23

▶