CVE-2022-3430
MEDIUMLenovo D330-10IGL Firmware - Secure Boot Setting Modification via WMI Setup Driver
Title source: llmDescription
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-94952
Scores
CVSS v3
6.7
EPSS
0.0005
EPSS Percentile
15.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (44)
lenovo/d330-10igl_firmware
< g0cn11ww
lenovo/ideapad_5_pro_16arh7_firmware
< j5cn27ww
lenovo/ideapad_5_pro_16iah7_firmware
< j4cn33ww
lenovo/ideapad_duet_3_10igl5_firmware
< eqcn37ww
lenovo/ideapad_slim_7-14iil05_firmware
< dhcn35ww
lenovo/ideapad_slim_7-14itl05_firmware
< fbcn29ww
lenovo/ideapad_slim_7-15iil05_firmware
< dhcn35ww
lenovo/slim_7-14are05_firmware
< dmcn43ww
lenovo/slim_7-15imh05_firmware
< dncn32ww
lenovo/slim_7-15itl05_firmware
< fbcn29ww
... and 34 more
Published
Jan 23, 2023
Tracked Since
Feb 18, 2026