← back
CVE-2022-4575

CVE-2022-4575

CVSS 6.7 MEDIUMEPSS 0.2%CWE-276
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Lenovo · ThinkPad BIOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-106014