CVE-2022-3745 MEDIUM

CVE-2022-3745

Vendor Lenovo

Product Notebook

Weakness CWE-200 · Info exposure

Published August 23, 2023

Last update October 1, 2024

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.

Key dates

02Disclosure timeline

August 23, 2023 CVE published

October 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3745 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2022-31221 CVE-2023-4917 Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure CVE-2026-22203 wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering CVE-2024-11290 Member Access <= 1.1.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure