{"id": "CVE-2022-4575", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "psirt@lenovo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2023-10-30T15:15:40.493", "references": [{"url": "https://support.lenovo.com/us/en/product_security/LEN-106014", "tags": ["Vendor Advisory"], "source": "psirt@lenovo.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@lenovo.com", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "\nA vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.\n\n"}, {"lang": "es", "value": "Se inform\u00f3 una vulnerabilidad debido a una protecci\u00f3n de escritura inadecuada de las variables UEFI en el BIOS de algunos modelos ThinkPad que podr\u00eda permitir a un atacante con acceso f\u00edsico o local y privilegios elevados la capacidad de evitar el Arranque Seguro."}], "lastModified": "2023-11-08T00:24:18.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69482281-C769-4A54-82F9-DDE21352E863", "versionEndExcluding": "1.73"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1EE4830F-2C86-4DF0-8E37-D2894B4518FF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4362D746-DD0C-470F-B5A9-467F1D7452E1", "versionEndExcluding": "1.62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4FDA2BC8-0ABC-41EA-80BF-00B36564F0A1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "604DD8CD-0171-4E37-96A0-57BD476B3236", "versionEndExcluding": "1.71"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2A146DB0-4E3D-491B-8D30-EBF0F3BC17B2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60B73D7B-F3B4-4538-9948-C6CD77B285C0", "versionEndExcluding": "1.45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F583B121-A68C-463B-9D72-06061F74D007"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0F8FB2-BE50-4BCD-B6DE-ECFEA827131E", "versionEndExcluding": "2.45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A1669BD8-C96F-4302-8E80-53D90EA719CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E67930D-A5AB-4A3B-856B-24C1318E4ACF", "versionEndExcluding": "1.73"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6515A024-F5A8-494F-BCB6-0DD2D1CA4EA7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E151912-165B-4319-9F6B-E1C556E3854A", "versionEndExcluding": "1.49"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A93959B3-4DE0-4AD3-8242-BF0BB45FABF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5103D6-9E75-4DC4-8313-E2B661250835", "versionEndExcluding": "1.45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "84478711-E030-42CD-9B8A-0C54C8DB8128"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "118EC48B-FA03-4988-AD83-E38464B342D4", "versionEndExcluding": "1.56"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "490D663D-DAE1-483D-A150-5528A057C142"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E586511-8E9D-45AF-904A-115732553505", "versionEndExcluding": "1.56"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1D38511-2973-452B-9DCC-A45945ACFF28"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0314AA8D-65E0-400F-914E-BF458B5F864B", "versionEndExcluding": "1.50"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "08393A13-D68E-4042-B223-EF80E581EEBC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DCB9081-2919-4B4F-89DF-06EBF1B9CB09", "versionEndExcluding": "1.47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "94532BBF-D9CF-4164-BACA-AFEA8C35806C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6391D505-92DF-4511-8A43-5117F6D42D69", "versionEndExcluding": "1.88"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "051E3938-B988-40E3-B8FB-725886A1EA6E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@lenovo.com"}
