CVE-2022-4575

Published Oct 30, 2023
Last updated a year ago
CVSS medium 6.7
Overview

Description: A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
Source: psirt@lenovo.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM
Weaknesses

psirt@lenovo.com: CWE-276
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_25_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69482281-C769-4A54-82F9-DDE21352E863",
            "versionEndExcluding": "1.73"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1EE4830F-2C86-4DF0-8E37-D2894B4518FF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_l560_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4362D746-DD0C-470F-B5A9-467F1D7452E1",
            "versionEndExcluding": "1.62"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_l560:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FDA2BC8-0ABC-41EA-80BF-00B36564F0A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_p50_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "604DD8CD-0171-4E37-96A0-57BD476B3236",
            "versionEndExcluding": "1.71"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_p50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A146DB0-4E3D-491B-8D30-EBF0F3BC17B2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_p50s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60B73D7B-F3B4-4538-9948-C6CD77B285C0",
            "versionEndExcluding": "1.45"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_p50s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F583B121-A68C-463B-9D72-06061F74D007"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_p70_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB0F8FB2-BE50-4BCD-B6DE-ECFEA827131E",
            "versionEndExcluding": "2.45"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_p70:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A1669BD8-C96F-4302-8E80-53D90EA719CA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E67930D-A5AB-4A3B-856B-24C1318E4ACF",
            "versionEndExcluding": "1.73"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6515A024-F5A8-494F-BCB6-0DD2D1CA4EA7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E151912-165B-4319-9F6B-E1C556E3854A",
            "versionEndExcluding": "1.49"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A93959B3-4DE0-4AD3-8242-BF0BB45FABF4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_t560_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C5103D6-9E75-4DC4-8313-E2B661250835",
            "versionEndExcluding": "1.45"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_t560:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "84478711-E030-42CD-9B8A-0C54C8DB8128"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "118EC48B-FA03-4988-AD83-E38464B342D4",
            "versionEndExcluding": "1.56"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "490D663D-DAE1-483D-A150-5528A057C142"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E586511-8E9D-45AF-904A-115732553505",
            "versionEndExcluding": "1.56"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B1D38511-2973-452B-9DCC-A45945ACFF28"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_x260_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0314AA8D-65E0-400F-914E-BF458B5F864B",
            "versionEndExcluding": "1.50"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_x260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "08393A13-D68E-4042-B223-EF80E581EEBC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DCB9081-2919-4B4F-89DF-06EBF1B9CB09",
            "versionEndExcluding": "1.47"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "94532BBF-D9CF-4164-BACA-AFEA8C35806C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6391D505-92DF-4511-8A43-5117F6D42D69",
            "versionEndExcluding": "1.88"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lenovo:thinkpad_yoga_260:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "051E3938-B988-40E3-B8FB-725886A1EA6E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
