cvelist/2022/1xxx/CVE-2022-1107.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@lenovo.com",
        "ID": "CVE-2022-1107",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "ThinkPad BIOS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "various"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Lenovo"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-20 Improper Input Validation"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://support.lenovo.com/us/en/product_security/LEN-84943",
                "name": "https://support.lenovo.com/us/en/product_security/LEN-84943"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-84943."
        }
    ],
    "source": {
        "advisory": "LEN-84943",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`{`
			`"CVE_data_meta": {`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`"ASSIGNER": "psirt@lenovo.com",`
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`"ID": "CVE-2022-1107",`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`},`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "ThinkPad BIOS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "=",`
			`"version_value": "various"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Lenovo"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-04-29 15:01:26 +00:00			`"value": "During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code."`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "LOCAL",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 6.7,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-20 Improper Input Validation"`
			`}`
			`]`
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`}`
			`]`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-04-29 15:01:26 +00:00			`"refsource": "MISC",`
			`"url": "https://support.lenovo.com/us/en/product_security/LEN-84943",`
			`"name": "https://support.lenovo.com/us/en/product_security/LEN-84943"`
cve submissions submission of lenovo cves. 2022-04-22 16:26:35 -04:00			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section in LEN-84943."`
			`}`
			`],`
			`"source": {`
			`"advisory": "LEN-84943",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2022-03-27 04:01:22 +00:00			`}`
			`}`