What is the severity of CVE-2022-3430?

CVE-2022-3430 has been classified as a high severity vulnerability due to its potential to allow an attacker with elevated privileges to modify secure boot settings.

How do I fix CVE-2022-3430?

To fix CVE-2022-3430, it is recommended to update the firmware on affected Lenovo Notebook devices to a version that addresses this vulnerability.

Which Lenovo devices are affected by CVE-2022-3430?

CVE-2022-3430 affects various Lenovo consumer notebook devices including models like the d330-10IGL and Ideapad 5 Pro.

Can CVE-2022-3430 be exploited remotely?

CVE-2022-3430 typically requires local access with elevated privileges, meaning it is not designed for remote exploitation.

How serious is the impact of CVE-2022-3430 if exploited?

If exploited, CVE-2022-3430 can lead to unauthorized modifications of the secure boot configuration, potentially compromising the integrity of the firmware.

Vulnerability/
CVE-2022-3430

medium

6.7

CWE

276

23/1/2023

3/8/2024

CVE-2022-3430

First published: Mon Jan 23 2023(Updated: )

A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo d330-10igl firmware	<g0cn11ww
Lenovo d330-10igl firmware
Lenovo Ideapad 5 Pro 16IAH7 Firmware	<j4cn33ww
Lenovo Ideapad 5 Pro 16IAH7 Firmware
Lenovo Ideapad 5 Pro 16ARH7 Firmware	<j5cn27ww
Lenovo Ideapad 5 Pro 16ARH7 Firmware
Lenovo Ideapad Duet 3 10IGL5	<eqcn37ww
Lenovo Ideapad Duet 3 10IGL5 Firmware
Lenovo Slim 7 16ARH7	<klcn15ww
Lenovo Slim 7 16ARH7 Firmware
Lenovo ThinkBook 15p IMH Firmware	<f6cn25ww
Lenovo ThinkBook 15p Imp Firmware
Lenovo Slim 7-14ARE05	<dmcn43ww
Lenovo Slim 7
Lenovo Ideapad Slim 7-14iil05	<dhcn35ww
Lenovo Ideapad Slim 7-14ITL05
Lenovo Ideapad Slim 7-14ITL05	<fbcn29ww
Lenovo Ideapad Slim 7-14ITL05 Firmware
Lenovo Ideapad Slim 7-15iil05	<dhcn35ww
Lenovo Ideapad Slim 7-15iil05
Lenovo Slim 7-15IMH05	<dncn32ww
Lenovo Yoga Slim 7-15IMH05
Lenovo Slim 7-15ITL05 Firmware	<fbcn29ww
Lenovo Slim 7 15ITL05
Lenovo ThinkBook 13x ITG Firmware	<hlcn30ww
Lenovo ThinkBook 13x ITG Firmware
Lenovo ThinkBook 14 G2 ARE	<facn33ww
Lenovo Thinkbook 14 G2 ARE Firmware
Lenovo Thinkbook 14s G2 ITL Firmware	<f8cn52ww
Lenovo S14 G2 ITL
Lenovo ThinkBook 14 G3 ACL	<gqcn35ww_hfcn30ww
Lenovo ThinkBook 14 G3 ACL
Lenovo Thinkbook 14 G3 ITL Firmware	<hrcn13ww
Lenovo Thinkbook 14 G3 ITL Firmware
Lenovo ThinkBook 14 G4+ ARA Firmware	<j6cn40ww
Lenovo ThinkBook 14 G4+ ARA
Lenovo ThinkBook 14 G4+ IAP Firmware	<hycn40ww
Lenovo ThinkBook 14 G4+ IAP
Lenovo ThinkBook 14p Gen 3 ARH	<k4cn31ww
Lenovo ThinkBook 14p Gen 3 ARH
Lenovo ThinkBook 14s Yoga ITL	<fncn40ww
Lenovo Thinkbook 14s Yoga ITL Firmware
Lenovo ThinkBook 15 G2 ARE	<facn33ww
Lenovo ThinkBook 15 G2 ITL Firmware
Lenovo ThinkBook 15 G2 ITL Firmware	<f8cn52ww
Lenovo ThinkBook 15 G2 ITL Firmware
Lenovo ThinkBook 15 G3 ACL	<gqcn35ww_hfcn30ww
Lenovo ThinkBook 15 G3 ACL Firmware
Lenovo ThinkBook 15 G3 ITL	<hrcn13ww
Lenovo ThinkBook 15 G3 ITL Firmware
Lenovo ThinkBook 15 GD ABA Firmware	<jpcn20ww
Lenovo ThinkBook 15 G4 ABA
Lenovo Thinkbook 15p G2 ITH Firmware	<hjcn31ww
Lenovo Thinkbook 15p G2 ITH Firmware
Lenovo ThinkBook 16 G4+ Ara Firmware	<j6cn40ww
Lenovo ThinkBook 16 G4+ ARA
Lenovo ThinkBook 16 G4+ IAP Firmware	<hycn40ww
Lenovo ThinkBook 16 G4+ IAP
Lenovo ThinkBook 16p G3 ARH	<kccn31ww
Lenovo ThinkBook 16p G3 ARH Firmware
Lenovo ThinkBook 16p NX ARH Firmware	<kjcn27ww
Lenovo ThinkBook 16p NX ARH Firmware
Lenovo ThinkBook Plus G2 ITG Firmware	<gycn31ww
Lenovo ThinkBook Plus G2 ITG Firmware
Lenovo ThinkBook Plus G3 IAP	<k6cn29ww
Lenovo ThinkBook Plus G3 IAP Firmware
Lenovo Yoga Creator 7-15IMH05	<dncn32ww
Lenovo Yoga Creator 7-15IMH05 Firmware
Lenovo Yoga Duet 7 13IML05 Firmware	<ercn30ww
Lenovo Yoga Duet 7
Lenovo Yoga Duet 7-13ITL6	<gpcn24ww
Lenovo Yoga Duet 7-13ITL6-LTE
Lenovo Yoga Duet 7-13ITL6 LTE Firmware	<gpcn24ww
Lenovo Yoga Duet 7-13ITL6-LTE
Lenovo Slim 7 16ARH7	<klcn15ww
Lenovo Yoga Slim 7 Pro 16ARH7 Firmware
Lenovo Yoga Slim 7 14ARE05	<dmcn43ww
Lenovo Yoga Slim 7 14ARE05
Lenovo Ideapad Slim 7-14IIL05 Firmware	<dmcn35ww
Lenovo Yoga Slim 7
Lenovo Yoga Slim 7 Pro 14ITL5 Firmware	<fbcn29ww
Lenovo Yoga Slim 7-14ITL05 Firmware
Lenovo Yoga Slim 7 15IIL05 Firmware	<dhcn35ww
Lenovo Slim 7-15iil05 Firmware
Lenovo Slim 7-15IMH05	<dncn32ww
Lenovo Yoga Slim 7-15IMH05
Lenovo Slim 7-15ITL05 Firmware	<fbcn29ww
Lenovo Yoga Slim 7 15ITL05

Remedy

Update system firmware to the version (or newer) indicated for your model in the product Impact section of LEN-94952

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-94952

Frequently Asked Questions

What is the severity of CVE-2022-3430?
CVE-2022-3430 has been classified as a high severity vulnerability due to its potential to allow an attacker with elevated privileges to modify secure boot settings.
How do I fix CVE-2022-3430?
To fix CVE-2022-3430, it is recommended to update the firmware on affected Lenovo Notebook devices to a version that addresses this vulnerability.
Which Lenovo devices are affected by CVE-2022-3430?
CVE-2022-3430 affects various Lenovo consumer notebook devices including models like the d330-10IGL and Ideapad 5 Pro.
Can CVE-2022-3430 be exploited remotely?
CVE-2022-3430 typically requires local access with elevated privileges, meaning it is not designed for remote exploitation.
How serious is the impact of CVE-2022-3430 if exploited?
If exploited, CVE-2022-3430 can lead to unauthorized modifications of the secure boot configuration, potentially compromising the integrity of the firmware.