{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-4575","assignerOrgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","state":"PUBLISHED","assignerShortName":"lenovo","dateReserved":"2022-12-16T21:26:17.285Z","datePublished":"2023-10-30T14:42:29.795Z","dateUpdated":"2024-08-03T01:41:45.637Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"ThinkPad BIOS","vendor":"Lenovo","versions":[{"status":"affected","version":"various"}]}],"credits":[{"lang":"en","type":"finder","value":"Lenovo thanks Krzysztof Okupski from IOActive for reporting this issue."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.</span>\n\n"}],"value":"\nA vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-276","description":"CWE-276 Incorrect Default Permissions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","shortName":"lenovo","dateUpdated":"2023-10-30T14:42:29.795Z"},"references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-106014"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.<br>"}],"value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-106014.\n"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T01:41:45.637Z"},"title":"CVE Program Container","references":[{"url":"https://support.lenovo.com/us/en/product_security/LEN-106014","tags":["x_transferred"]}]}]}}