#VU73734 Security features bypass in Lenovo products - CVE-2022-4575
Published: March 15, 2023
Vulnerability identifier: #VU73734
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-4575
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
ThinkPad X260
ThinkPad 25 20K7
ThinkPad L560
ThinkPad P50
ThinkPad P50s
ThinkPad P70
ThinkPad T470 20HD
ThinkPad T470 20HE
ThinkPad T470 20JM
ThinkPad T470 20JN
ThinkPad T470s 20HF
ThinkPad T470s 20HG
ThinkPad T470s 20JS
ThinkPad T470s 20JT
ThinkPad T560
ThinkPad X1 Carbon 4th Gen 20FB
ThinkPad X1 Carbon 4th Gen 20FC
ThinkPad X1 Yoga 1st Gen 20FQ
ThinkPad X1 Yoga 1st Gen 20FR
ThinkPad X270 20HN
ThinkPad X270 20HM
ThinkPad X270 20K6
ThinkPad X270 20K5
ThinkPad Yoga 260
ThinkPad X260
ThinkPad 25 20K7
ThinkPad L560
ThinkPad P50
ThinkPad P50s
ThinkPad P70
ThinkPad T470 20HD
ThinkPad T470 20HE
ThinkPad T470 20JM
ThinkPad T470 20JN
ThinkPad T470s 20HF
ThinkPad T470s 20HG
ThinkPad T470s 20JS
ThinkPad T470s 20JT
ThinkPad T560
ThinkPad X1 Carbon 4th Gen 20FB
ThinkPad X1 Carbon 4th Gen 20FC
ThinkPad X1 Yoga 1st Gen 20FQ
ThinkPad X1 Yoga 1st Gen 20FR
ThinkPad X270 20HN
ThinkPad X270 20HM
ThinkPad X270 20K6
ThinkPad X270 20K5
ThinkPad Yoga 260
Software vendor:
Lenovo
Lenovo
Description
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to improper write protection of UEFI variables. An attacker with physical access to device can bypass the Secure Boot mechanism and compromise the affected system.Remediation
Install updates from vendor's website.