← back
CVE-2022-3430

CVE-2022-3430

CVSS 6.7 MEDIUMEPSS 0.3%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Jan 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Lenovo · BIOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-94952