CVE-2022-3746
MEDIUMLenovo IdeaPad Firmware - Improper Access Control in Embedded Controller Interface
Title source: llmDescription
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.
References (1)
Core 1
Core References
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-103710
Scores
CVSS v3
6.7
EPSS
0.0003
EPSS Percentile
8.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (50)
lenovo/ideapad_1-14ijl7_firmware
< htcn31ww
lenovo/ideapad_1-15ijl7_firmware
< htcn31ww
lenovo/ideapad_1_14iau7_firmware
< jkcn34ww
lenovo/ideapad_1_14igl7_firmware
< kkcn15ww
lenovo/ideapad_1_15iau7_firmware
< jkcn34ww
lenovo/ideapad_1_15igl7_firmware
< kkcn15ww
lenovo/ideapad_3-14igl05_firmware
< dvcn28ww
lenovo/ideapad_3-14iil05_firmware
< emcn56ww
lenovo/ideapad_3-14iml05_firmware
< dxcn44ww
lenovo/ideapad_3-14itl05_firmware
< gccn32ww
... and 40 more
Published
Aug 23, 2023
Tracked Since
Feb 18, 2026