Vulnerability Details CVE-2022-4575
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v3 Score 6.7
References
Products affected by CVE-2022-4575
-
cpe:2.3:h:lenovo:thinkpad_25:-
-
cpe:2.3:h:lenovo:thinkpad_l560:-
-
cpe:2.3:h:lenovo:thinkpad_p50:-
-
cpe:2.3:h:lenovo:thinkpad_p50s:-
-
cpe:2.3:h:lenovo:thinkpad_p70:-
-
cpe:2.3:h:lenovo:thinkpad_t470:-
-
cpe:2.3:h:lenovo:thinkpad_t470s:-
-
cpe:2.3:h:lenovo:thinkpad_t560:-
-
cpe:2.3:h:lenovo:thinkpad_x1_carbon_4th_gen:-
-
cpe:2.3:h:lenovo:thinkpad_x1_yoga_1st_gen:-
-
cpe:2.3:h:lenovo:thinkpad_x260:-
-
cpe:2.3:h:lenovo:thinkpad_x270:-
-
cpe:2.3:h:lenovo:thinkpad_yoga_260:-
-
cpe:2.3:o:lenovo:thinkpad_25_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_l560_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_p50_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_p50s_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_p70_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_t470_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_t470s_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_t560_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_x1_carbon_4th_gen_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_x1_yoga_1st_gen_firmware:*
-
cpe:2.3:o:lenovo:thinkpad_x260_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_x270_firmware:-
-
cpe:2.3:o:lenovo:thinkpad_yoga_260_firmware:-