What is CVE-2022-4575?

CVE-2022-4575 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Incorrect Default Permissions. CVSS score: 6.7/10. Published 2023-10-30.

How severe is CVE-2022-4575?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Lenovo Thinkpad Bios

CVE-2022-4575

A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.

EPSS: 0.000 (0.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad Bios — versions various

Weakness classification (CWE)

CWE-276 — Incorrect Default Permissions

References

support.lenovo.com/us/en/product_security/LEN-106014

Frequently asked questions

What is CVE-2022-4575?: CVE-2022-4575 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Incorrect Default Permissions. CVSS score: 6.7/10. Published 2023-10-30.
How severe is CVE-2022-4575?: Medium severity. CVSS v3 base score is 6.7 out of 10.