CVE-2022-3430

Published on: Not Yet Published

Last Modified on: 01/23/2023 05:17:00 PM UTC

CVE-2022-3430

Certain versions of BIOS from Lenovo contain the following vulnerability:

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVE-2022-3430 has been assigned by [email protected] to track the vulnerability
Affected Vendor/Software: Lenovo - BIOS version = various

CVE References

Description	Tags ^ⓘ	Link
Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US	support.lenovo.com text/html	MISC support.lenovo.com/us/en/product_security/LEN-94952

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

There are currently no QIDs associated with this CVE

Known Affected Software

Vendor	Product	Version
Lenovo	BIOS	= various

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@ESETresearch	Reported vulnerabilities – #CVE-2022-3430, #CVE-2022-3431, and #CVE-2022-3432 – affect various Lenovo Yoga, IdeaPad… twitter.com/i/web/status/1…	2022-11-09 09:47:01
@ESETresearch	The first of the vulnerabilities, #CVE-2022-3430, is found in the DXE driver WmiSetupUnderOsDxe which checks for th… twitter.com/i/web/status/1…	2022-11-09 09:47:04
@autumn_good_35	『Potential Impact: Disable Secure Boot Severity: High』 CVE-2022-3430, CVE-2022-3431, CVE-2022-3432 Lenovo Notebook… twitter.com/i/web/status/1…	2022-11-09 11:08:38
@elhackernet	Lenovo corrige fallos que se pueden usar para deshabilitar UEFI Secure Boot ▪️CVE-2022-3430, CVE-2022-3431, CVE-20… twitter.com/i/web/status/1…	2022-11-10 17:45:26
@ipssignatures	The vuln CVE-2022-3430 has a tweet created 0 days ago and retweeted 12 times. twitter.com/elhackernet/st… #pow1rtrtwwcve	2022-11-10 20:06:01
@VELO_ch	Lenovo製ノートPCのUEFIに脆弱性が発見される、セキュリティ企業がアップデートを強く推奨 - GIGAZINE gigazine.net/news/20221111-… 脆弱性のCVE番号は「CVE-2022-3430」「CVE-… twitter.com/i/web/status/1…	2022-11-11 03:04:39
@ryanaraine	Researchers at @binarly_io dig into Lenovo’s LEN-94952 bulletin and find that two vulnerabilities (CVE-2022-3430 an… twitter.com/i/web/status/1…	2022-12-08 20:10:20
@CVEtrends	Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-42703: 389.6K (audience size) CVE-2022-3430: 142.6K CVE-2022-… twitter.com/i/web/status/1…	2022-12-09 14:00:03
@CVEtrends	Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-3430: 261.5K (audience size) CVE-2022-3431: 261.5K CVE-2022-2… twitter.com/i/web/status/1…	2022-12-15 14:00:03
@CVEreport	CVE-2022-3430 : A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allo… twitter.com/i/web/status/1…	2023-01-23 17:05:51
/r/netcve	CVE-2022-3430	2023-01-23 17:39:07