CVE & CISA-KEV Catalog

CVE-2022-3430

MEDIUM
6.7
CVSS v3
NVD

Description

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

How to fix

Remediation Available
d330-10igl firmwareNVD
Affected:< g0cn11wwFixed in:g0cn11wwCVE-2022-3430derived from NVD
ideapad 5 pro 16arh7 firmwareNVD
Affected:< j5cn27wwFixed in:j5cn27wwCVE-2022-3430derived from NVD
ideapad 5 pro 16iah7 firmwareNVD
Affected:< j4cn33wwFixed in:j4cn33wwCVE-2022-3430derived from NVD
ideapad duet 3 10igl5 firmwareNVD
Affected:< eqcn37wwFixed in:eqcn37wwCVE-2022-3430derived from NVD
ideapad slim 7-14iil05 firmwareNVD
Affected:< dhcn35wwFixed in:dhcn35wwCVE-2022-3430derived from NVD
ideapad slim 7-14itl05 firmwareNVD
Affected:< fbcn29wwFixed in:fbcn29wwCVE-2022-3430derived from NVD
ideapad slim 7-15iil05 firmwareNVD
Affected:< dhcn35wwFixed in:dhcn35wwCVE-2022-3430derived from NVD
slim 7-14are05 firmwareNVD
Affected:< dmcn43wwFixed in:dmcn43wwCVE-2022-3430derived from NVD
slim 7-15imh05 firmwareNVD
Affected:< dncn32wwFixed in:dncn32wwCVE-2022-3430derived from NVD
slim 7-15itl05 firmwareNVD
Affected:< fbcn29wwFixed in:fbcn29wwCVE-2022-3430derived from NVD
slim 7 16arh7 firmwareNVD
Affected:< klcn15wwFixed in:klcn15wwCVE-2022-3430derived from NVD
thinkbook 13x itg firmwareNVD
Affected:< hlcn30wwFixed in:hlcn30wwCVE-2022-3430derived from NVD
thinkbook 14 g2 are firmwareNVD
Affected:< facn33wwFixed in:facn33wwCVE-2022-3430derived from NVD
thinkbook 14 g2 itl firmwareNVD
Affected:< f8cn52wwFixed in:f8cn52wwCVE-2022-3430derived from NVD
thinkbook 14 g3 acl firmwareNVD
Affected:< gqcn35ww_hfcn30wwFixed in:gqcn35ww_hfcn30wwCVE-2022-3430derived from NVD
thinkbook 14 g3 itl firmwareNVD
Affected:< hrcn13wwFixed in:hrcn13wwCVE-2022-3430derived from NVD
thinkbook 14 g4\+ ara firmwareNVD
Affected:< j6cn40wwFixed in:j6cn40wwCVE-2022-3430derived from NVD
thinkbook 14 g4\+ iap firmwareNVD
Affected:< hycn40wwFixed in:hycn40wwCVE-2022-3430derived from NVD
thinkbook 14p g3 arh firmwareNVD
Affected:< k4cn31wwFixed in:k4cn31wwCVE-2022-3430derived from NVD
thinkbook 14s yoga itl firmwareNVD
Affected:< fncn40wwFixed in:fncn40wwCVE-2022-3430derived from NVD
thinkbook 15 g2 are firmwareNVD
Affected:< facn33wwFixed in:facn33wwCVE-2022-3430derived from NVD
thinkbook 15 g2 itl firmwareNVD
Affected:< f8cn52wwFixed in:f8cn52wwCVE-2022-3430derived from NVD
thinkbook 15 g3 acl firmwareNVD
Affected:< gqcn35ww_hfcn30wwFixed in:gqcn35ww_hfcn30wwCVE-2022-3430derived from NVD
thinkbook 15 g3 itl firmwareNVD
Affected:< hrcn13wwFixed in:hrcn13wwCVE-2022-3430derived from NVD
thinkbook 15 gd aba firmwareNVD
Affected:< jpcn20wwFixed in:jpcn20wwCVE-2022-3430derived from NVD
thinkbook 15p g2 ith firmwareNVD
Affected:< hjcn31wwFixed in:hjcn31wwCVE-2022-3430derived from NVD
thinkbook 15p imp firmwareNVD
Affected:< f6cn25wwFixed in:f6cn25wwCVE-2022-3430derived from NVD
thinkbook 16 g4\+ ara firmwareNVD
Affected:< j6cn40wwFixed in:j6cn40wwCVE-2022-3430derived from NVD
thinkbook 16 g4\+ iap firmwareNVD
Affected:< hycn40wwFixed in:hycn40wwCVE-2022-3430derived from NVD
thinkbook 16p g3 arh firmwareNVD
Affected:< kccn31wwFixed in:kccn31wwCVE-2022-3430derived from NVD
thinkbook 16p nx arh firmwareNVD
Affected:< kjcn27wwFixed in:kjcn27wwCVE-2022-3430derived from NVD
thinkbook plus g2 itg firmwareNVD
Affected:< gycn31wwFixed in:gycn31wwCVE-2022-3430derived from NVD
thinkbook plus g3 iap firmwareNVD
Affected:< k6cn29wwFixed in:k6cn29wwCVE-2022-3430derived from NVD
yoga creator 7-15imh05 firmwareNVD
Affected:< dncn32wwFixed in:dncn32wwCVE-2022-3430derived from NVD
yoga duet 7-13iml05 firmwareNVD
Affected:< ercn30wwFixed in:ercn30wwCVE-2022-3430derived from NVD
yoga duet 7-13itl6-lte firmwareNVD
Affected:< gpcn24wwFixed in:gpcn24wwCVE-2022-3430derived from NVD
yoga duet 7-13itl6 firmwareNVD
Affected:< gpcn24wwFixed in:gpcn24wwCVE-2022-3430derived from NVD
yoga slim 7-14are05 firmwareNVD
Affected:< dmcn43wwFixed in:dmcn43wwCVE-2022-3430derived from NVD
yoga slim 7-14iil05 firmwareNVD
Affected:< dmcn35wwFixed in:dmcn35wwCVE-2022-3430derived from NVD
yoga slim 7-14itl05 firmwareNVD
Affected:< fbcn29wwFixed in:fbcn29wwCVE-2022-3430derived from NVD
yoga slim 7-15iil05 firmwareNVD
Affected:< dhcn35wwFixed in:dhcn35wwCVE-2022-3430derived from NVD
yoga slim 7-15imh05 firmwareNVD
Affected:< dncn32wwFixed in:dncn32wwCVE-2022-3430derived from NVD
yoga slim 7-15itl05 firmwareNVD
Affected:< fbcn29wwFixed in:fbcn29wwCVE-2022-3430derived from NVD
yoga slim 7 pro 16arh7 firmwareNVD
Affected:< klcn15wwFixed in:klcn15wwCVE-2022-3430derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.26%probability of exploitation in 30 days
17thpercentile

Low risk: more likely to be exploited than 17% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-276 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2013-0632Critical9.894%KEV-
CVE-2017-11610High8.888%-Fix
CVE-2023-29919Critical9.160%--
CVE-2019-17124Critical9.823%--
CVE-2020-12608High7.822%-Fix
CVE-2021-3437Critical9.816%-Fix
Embed a live status badge for CVE-2022-3430
CVE-2022-3430 severity badge

Markdown

[![CVE-2022-3430](https://tridentstack.com/cve/badge/CVE-2022-3430.svg)](https://tridentstack.com/cve/CVE-2022-3430)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-3430"><img src="https://tridentstack.com/cve/badge/CVE-2022-3430.svg" alt="CVE-2022-3430"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.