← back
CVE-2022-1107

CVE-2022-1107

CVSS 6.7 MEDIUMEPSS 0.3%CWE-20
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Lenovo · ThinkPad BIOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-84943