CVE & CISA-KEV Catalog

CVE-2022-3743

MEDIUM
4.4
CVSS v3
NVD

Description

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.

How to fix

Remediation Available
ideapad 1-14ijl7 firmwareNVD
Affected:< htcn31wwFixed in:htcn31wwCVE-2022-3743derived from NVD
ideapad 1-15ijl7 firmwareNVD
Affected:< htcn31wwFixed in:htcn31wwCVE-2022-3743derived from NVD
ideapad 1 14iau7 firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
ideapad 1 14igl7 firmwareNVD
Affected:< kkcn15wwFixed in:kkcn15wwCVE-2022-3743derived from NVD
ideapad 1 15iau7 firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
ideapad 1 15igl7 firmwareNVD
Affected:< kkcn15wwFixed in:kkcn15wwCVE-2022-3743derived from NVD
ideapad 3-14igl05 firmwareNVD
Affected:< dvcn28wwFixed in:dvcn28wwCVE-2022-3743derived from NVD
ideapad 3-14iil05 firmwareNVD
Affected:< emcn56wwFixed in:emcn56wwCVE-2022-3743derived from NVD
ideapad 3-14iml05 firmwareNVD
Affected:< dxcn44wwFixed in:dxcn44wwCVE-2022-3743derived from NVD
ideapad 3-14itl05 firmwareNVD
Affected:< gccn32wwFixed in:gccn32wwCVE-2022-3743derived from NVD
ideapad 3-14itl6 firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
ideapad 3-15igl05 firmwareNVD
Affected:< dvcn28wwFixed in:dvcn28wwCVE-2022-3743derived from NVD
ideapad 3-15iil05 firmwareNVD
Affected:< emcn56wwFixed in:emcn56wwCVE-2022-3743derived from NVD
ideapad 3-15iml05 firmwareNVD
Affected:< dxcn44wwFixed in:dxcn44wwCVE-2022-3743derived from NVD
ideapad 3-15itl05 firmwareNVD
Affected:< gccn32wwFixed in:gccn32wwCVE-2022-3743derived from NVD
ideapad 3-15itl6 firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
ideapad 3-17iil05 firmwareNVD
Affected:< emcn56wwFixed in:emcn56wwCVE-2022-3743derived from NVD
ideapad 3-17iml05 firmwareNVD
Affected:< dxcn44wwFixed in:dxcn44wwCVE-2022-3743derived from NVD
ideapad 3-17itl6 firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
ideapad 3 14iau7 firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
ideapad 3 15iau7 firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
ideapad 3 17iau7 firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
ideapad 5-15iil05 firmwareNVD
Affected:< dpcn58wwFixed in:dpcn58wwCVE-2022-3743derived from NVD
ideapad 5-15itl05 firmwareNVD
Affected:< fhcn70wwFixed in:fhcn70wwCVE-2022-3743derived from NVD
ideapad 5 15ial7 firmwareNVD
Affected:< jbcn27wwFixed in:jbcn27wwCVE-2022-3743derived from NVD
ideapad creator 5-15imh05 firmwareNVD
Affected:< egcn40wwFixed in:egcn40wwCVE-2022-3743derived from NVD
ideapad gaming 3-15imh05 firmwareNVD
Affected:< egcn40wwFixed in:egcn40wwCVE-2022-3743derived from NVD
l3-15iml05 firmwareNVD
Affected:< ejcn30wwFixed in:ejcn30wwCVE-2022-3743derived from NVD
l3-15itl6 firmwareNVD
Affected:< gfcn29wwFixed in:gfcn29wwCVE-2022-3743derived from NVD
legion 5-15imh05 firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 5-15imh05h firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 5-15imh6 firmwareNVD
Affected:< g8cn22wwFixed in:g8cn22wwCVE-2022-3743derived from NVD
legion 5-15ith6 firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5-15ith6h firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5-17imh05 firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 5-17imh05h firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 5-17ith6 firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5-17ith6h firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5 15iah7 firmwareNVD
Affected:< j2cn49wwFixed in:j2cn49wwCVE-2022-3743derived from NVD
legion 5 15iah7h firmwareNVD
Affected:< j2cn49wwFixed in:j2cn49wwCVE-2022-3743derived from NVD
legion 5 pro-16ith6 firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5 pro-16ith6h firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 5 pro 16iah7 firmwareNVD
Affected:< j2cn49wwFixed in:j2cn49wwCVE-2022-3743derived from NVD
legion 5 pro 16iah7h firmwareNVD
Affected:< j2cn49wwFixed in:j2cn49wwCVE-2022-3743derived from NVD
legion 5p-15imh05 firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 5p-15imh05h firmwareNVD
Affected:< efcn58wwFixed in:efcn58wwCVE-2022-3743derived from NVD
legion 7-16ithg6 firmwareNVD
Affected:< h1cn52wwFixed in:h1cn52wwCVE-2022-3743derived from NVD
legion 7 16iax7 firmwareNVD
Affected:< k1cn40wwFixed in:k1cn40wwCVE-2022-3743derived from NVD
s14 g2 itl firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
s14 g3 iap firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
s540-13itl firmwareNVD
Affected:< fzcn26wwFixed in:fzcn26wwCVE-2022-3743derived from NVD
slim 7 14iap7 firmwareNVD
Affected:< jhcn28wwFixed in:jhcn28wwCVE-2022-3743derived from NVD
slim 7 carbon 13iap7 firmwareNVD
Affected:< k2cn34wwFixed in:k2cn34wwCVE-2022-3743derived from NVD
slim 7 pro-14ihu5 firmwareNVD
Affected:< fjcn74wwFixed in:fjcn74wwCVE-2022-3743derived from NVD
slim 7 prox 14iah7 firmwareNVD
Affected:< hmcn41wwFixed in:hmcn41wwCVE-2022-3743derived from NVD
slim 9-14itl05 firmwareNVD
Affected:< escn56wwFixed in:escn56wwCVE-2022-3743derived from NVD
slim 9 14iap7 firmwareNVD
Affected:< j3cn49wwFixed in:j3cn49wwCVE-2022-3743derived from NVD
thinkbook 15p g2 ith firmwareNVD
Affected:< hjcn32wwFixed in:hjcn32wwCVE-2022-3743derived from NVD
thinkbook 15p imh firmwareNVD
Affected:< f6cn26wwFixed in:f6cn26wwCVE-2022-3743derived from NVD
v14-igl firmwareNVD
Affected:< dvcn28wwFixed in:dvcn28wwCVE-2022-3743derived from NVD
v14 g1-iml firmwareNVD
Affected:< dxcn44wwFixed in:dxcn44wwCVE-2022-3743derived from NVD
v14 g2-itl firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
v14 g2 ijl firmwareNVD
Affected:< htcn31wwFixed in:htcn31wwCVE-2022-3743derived from NVD
v14 g3 iap firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
v15-igl firmwareNVD
Affected:< dvcn28wwFixed in:dvcn28wwCVE-2022-3743derived from NVD
v15 g1-iml firmwareNVD
Affected:< dxcn44wwFixed in:dxcn44wwCVE-2022-3743derived from NVD
v15 g2-itl firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
v15 g2 ijl firmwareNVD
Affected:< htcn31wwFixed in:htcn31wwCVE-2022-3743derived from NVD
v15 g3 iap firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
v17-iil firmwareNVD
Affected:< emcn56wwFixed in:emcn56wwCVE-2022-3743derived from NVD
v17 g2-itl firmwareNVD
Affected:< ggcn51wwFixed in:ggcn51wwCVE-2022-3743derived from NVD
v17 g3 iap firmwareNVD
Affected:< jkcn34wwFixed in:jkcn34wwCVE-2022-3743derived from NVD
yoga 7-14itl5 firmwareNVD
Affected:< f5cn59wwFixed in:f5cn59wwCVE-2022-3743derived from NVD
yoga 7-15itl5 firmwareNVD
Affected:< f5cn59wwFixed in:f5cn59wwCVE-2022-3743derived from NVD
yoga 7 14ial7 firmwareNVD
Affected:< j1cn35wwFixed in:j1cn35wwCVE-2022-3743derived from NVD
yoga 7 16iah7 firmwareNVD
Affected:< j1cn35wwFixed in:j1cn35wwCVE-2022-3743derived from NVD
yoga 7 16iap7 firmwareNVD
Affected:< j1cn35wwFixed in:j1cn35wwCVE-2022-3743derived from NVD
yoga 9 14iap7 firmwareNVD
Affected:< hncn42wwFixed in:hncn42wwCVE-2022-3743derived from NVD
yoga slim 7 carbon 13iap7 firmwareNVD
Affected:< k2cn34wwFixed in:k2cn34wwCVE-2022-3743derived from NVD
yoga slim 7 pro-14ihu5 firmwareNVD
Affected:< fjcn74wwFixed in:fjcn74wwCVE-2022-3743derived from NVD
yoga slim 7 pro-14ihu5 o firmwareNVD
Affected:< fjcn74wwFixed in:fjcn74wwCVE-2022-3743derived from NVD
yoga slim 7 pro-14itl5 firmwareNVD
Affected:< fjcn74wwFixed in:fjcn74wwCVE-2022-3743derived from NVD
yoga slim 7 pro 14iah7 firmwareNVD
Affected:< krcn14wwFixed in:krcn14wwCVE-2022-3743derived from NVD
yoga slim 7 pro 14iap7 firmwareNVD
Affected:< jhcn28wwFixed in:jhcn28wwCVE-2022-3743derived from NVD
yoga slim 7 prox 14iah7 firmwareNVD
Affected:< hmcn41wwFixed in:hmcn41wwCVE-2022-3743derived from NVD
yoga slim 9-14itl05 firmwareNVD
Affected:< escn56wwFixed in:escn56wwCVE-2022-3743derived from NVD
yoga slim 9 14iap7 firmwareNVD
Affected:< j3cn49wwFixed in:j3cn49wwCVE-2022-3743derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploit Intelligence

0.18%probability of exploitation in 30 days
7thpercentile

Low risk: more likely to be exploited than 7% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2022-3743
CVE-2022-3743 severity badge

Markdown

[![CVE-2022-3743](https://tridentstack.com/cve/badge/CVE-2022-3743.svg)](https://tridentstack.com/cve/CVE-2022-3743)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-3743"><img src="https://tridentstack.com/cve/badge/CVE-2022-3743.svg" alt="CVE-2022-3743"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.