#VU68892 Use of hard-coded credentials in Lenovo products - CVE-2022-3744
Published: November 1, 2022
Vulnerability identifier: #VU68892
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-3744
CWE-ID: CWE-798
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
IdeaPad 1 14IAU7
IdeaPad 1 14IGL7
IdeaPad 1 15IAU7
IdeaPad 1 15IGL7
IdeaPad 1-14IJL7
IdeaPad 1-15IJL7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-15IGL05
IdeaPad 3-17IIL05
IdeaPad 3-17ITL6
IdeaPad 5 15IAL7
ideapad L3-15IML05
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15IMH05
Lenovo Legion 5-15IMH05H
Lenovo Legion 5-15IMH6
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17IMH05
Lenovo Legion 5-17IMH05H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Lenovo Legion 5P-15IMH05
Lenovo Legion 5P-15IMH05H
Lenovo Legion 7-16ITHg6
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 Carbon 13IAP7
Lenovo ThinkBook 15p IMH
Lenovo V14 G2 IJL
Lenovo V14 G3 IAP
Lenovo V15 G2 IJL
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ITL
ThinkBook 15P G2 ITH
Lenovo V14 G1-IML
Lenovo V14 G2-ITL
Lenovo V14-IGL
Lenovo V15 G1-IML
Lenovo V15 G2-ITL
Lenovo V15-IGL
Lenovo V17 G2-ITL
Lenovo V17-IIL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
ideapad 3-14IGL05
ideapad 3-14IIL05
ideapad 3-14IML05
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15IIL05
ideapad 3-15IML05
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 3-17IML05
ideapad 5-15IIL05
ideapad Creator 5-15IMH05
ideapad Gaming 3-15IMH05
IdeaPad Yoga 9 14IAP7
IdeaPad 1 14IAU7
IdeaPad 1 14IGL7
IdeaPad 1 15IAU7
IdeaPad 1 15IGL7
IdeaPad 1-14IJL7
IdeaPad 1-15IJL7
IdeaPad 3 14IAU7
IdeaPad 3 15IAU7
IdeaPad 3 17IAU7
IdeaPad 3-15IGL05
IdeaPad 3-17IIL05
IdeaPad 3-17ITL6
IdeaPad 5 15IAL7
ideapad L3-15IML05
ideapad L3-15ITL6
Lenovo Legion 5 15IAH7
Lenovo Legion 5 15IAH7H
Lenovo Legion 5 Pro 16IAH7
Lenovo Legion 5 Pro 16IAH7H
Lenovo Legion 5 Pro-16ITH6
Lenovo Legion 5 Pro-16ITH6H
Lenovo Legion 5-15IMH05
Lenovo Legion 5-15IMH05H
Lenovo Legion 5-15IMH6
Lenovo Legion 5-15ITH6
Lenovo Legion 5-15ITH6H
Lenovo Legion 5-17IMH05
Lenovo Legion 5-17IMH05H
Lenovo Legion 5-17ITH6
Lenovo Legion 5-17ITH6H
Lenovo Legion 5P-15IMH05
Lenovo Legion 5P-15IMH05H
Lenovo Legion 7-16ITHg6
Lenovo S14 G2 ITL
Lenovo S14 G3 IAP
Lenovo Slim 7 14IAP7
Lenovo Slim 7 Carbon 13IAP7
Lenovo ThinkBook 15p IMH
Lenovo V14 G2 IJL
Lenovo V14 G3 IAP
Lenovo V15 G2 IJL
Lenovo V15 G3 IAP
Lenovo V17 G3 IAP
ideapad S540-13ITL
ThinkBook 15P G2 ITH
Lenovo V14 G1-IML
Lenovo V14 G2-ITL
Lenovo V14-IGL
Lenovo V15 G1-IML
Lenovo V15 G2-ITL
Lenovo V15-IGL
Lenovo V17 G2-ITL
Lenovo V17-IIL
Yoga 7 14IAL7
Yoga 7 16IAH7
IdeaPad Yoga 7 16IAP7
ideapad Yoga 7-14ITL5
ideapad Yoga 7-15ITL5
Yoga Slim 7 Carbon 13IAP7
Yoga Slim 7 Pro 14IAH7
IdeaPad Yoga Slim 7 Pro 14IAP7
ideapad 3-14IGL05
ideapad 3-14IIL05
ideapad 3-14IML05
ideapad 3-14ITL05
ideapad 3-14ITL6
ideapad 3-15IIL05
ideapad 3-15IML05
ideapad 3-15ITL05
ideapad 3-15ITL6
ideapad 3-17IML05
ideapad 5-15IIL05
ideapad Creator 5-15IMH05
ideapad Gaming 3-15IMH05
IdeaPad Yoga 9 14IAP7
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to usage of hard-coded SMI handler credentials in LCFC BIOS. An attacker with physical access to device can unlock UEFI variables and compromise the affected system.
Remediation
Install updates from vendor's website.