Sign-up

ID

VAR-202306-0278


CVE

CVE-2022-48188


TITLE

Lenovo Desktops and ThinkStation Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-264

DESCRIPTION

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code

Trust: 0.99

sources: NVD: CVE-2022-48188 // VULMON: CVE-2022-48188

AFFECTED PRODUCTS

vendor:lenovomodel:thinkcentre m720qscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:thinkstation p520scope:ltversion:s03kt58a

Trust: 1.0

vendor:lenovomodel:thinkcentre m75s gen 2scope:ltversion:m3bkt30a

Trust: 1.0

vendor:lenovomodel:thinkcentre m75t gen 2scope:ltversion:m3akt4ca

Trust: 1.0

vendor:lenovomodel:v530s-07icbscope:ltversion:m22kt49a

Trust: 1.0

vendor:lenovomodel:ideacentre aio 3 21itl7scope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:ideacentre aio 3-27itl6scope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:thinkcentre m920tscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:thinkcentre m720escope:ltversion:m1zkt40a

Trust: 1.0

vendor:lenovomodel:thinkcentre m920xscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:ideacentre 510s-07ickscope:ltversion:m1zkt40a

Trust: 1.0

vendor:lenovomodel:v30a-24itlscope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:thinkcentre m720sscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:ideacentre 510s-07ickscope:ltversion:m30kt28a

Trust: 1.0

vendor:lenovomodel:thinkstation p330 tinyscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:thinkcentre m725sscope:ltversion:m25kt63a

Trust: 1.0

vendor:lenovomodel:ideacentre 510s-07icbscope:ltversion:m22kt49a

Trust: 1.0

vendor:lenovomodel:ideacentre aio 3-22itl6scope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:ideacentre aio 3-24itl6scope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:thinkcentre m920sscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:ideacentre 510s-07icbscope:ltversion:m22kt48a

Trust: 1.0

vendor:lenovomodel:v30a-22itlscope:ltversion:o5akt33

Trust: 1.0

vendor:lenovomodel:thinkcentre m75t gen 2scope:ltversion:m46kt30a

Trust: 1.0

vendor:lenovomodel:thinkstation p360 ultrascope:ltversion:s0fkt27a

Trust: 1.0

vendor:lenovomodel:thinkstation p520cscope:ltversion:s03kt58a

Trust: 1.0

vendor:lenovomodel:thinkcentre m720tscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:v530s-07icrscope:ltversion:m1zkt40a

Trust: 1.0

vendor:lenovomodel:thinkcentre m920zscope:ltversion:m1mkt55a

Trust: 1.0

vendor:lenovomodel:thinkcentre m920qscope:ltversion:m1ukt70a

Trust: 1.0

vendor:lenovomodel:ideacentre 720-18aprscope:ltversion:m25kt63a

Trust: 1.0

vendor:lenovomodel:thinkcentre m75s gen 2scope:ltversion:m46kt30a

Trust: 1.0

sources: NVD: CVE-2022-48188

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-48188
value: HIGH

Trust: 1.0

psirt@lenovo.com: CVE-2022-48188
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202306-264
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com:
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2022-48188 // NVD: CVE-2022-48188 // CNNVD: CNNVD-202306-264

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2022-48188

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202306-264

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202306-264

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-48188

PATCH
title:Lenovo Desktops  and ThinkStation Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241548
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202306-264

EXTERNAL IDS
db:LENOVOid:LEN-124495
Trust: 1.7
db:NVDid:CVE-2022-48188
Trust: 1.7
db:CNNVDid:CNNVD-202306-264
Trust: 0.6
db:VULMONid:CVE-2022-48188
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-48188 // 
            
            
            
            NVD: CVE-2022-48188 // 
            
            
            
            CNNVD: CNNVD-202306-264

REFERENCES
url:https://support.lenovo.com/us/en/product_security/len-124495
Trust: 1.7
url:https://cxsecurity.com/cveshow/cve-2022-48188/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-48188 // 
            
            
            
            NVD: CVE-2022-48188 // 
            
            
            
            CNNVD: CNNVD-202306-264

SOURCES
db:VULMONid:CVE-2022-48188
db:NVDid:CVE-2022-48188
db:CNNVDid:CNNVD-202306-264

LAST UPDATE DATE
2023-12-18T13:26:33.596000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2022-48188date:2023-06-06T00:00:00
db:NVDid:CVE-2022-48188date:2023-06-13T21:19:19.467
db:CNNVDid:CNNVD-202306-264date:2023-06-14T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2022-48188date:2023-06-05T00:00:00
db:NVDid:CVE-2022-48188date:2023-06-05T22:15:11.563
db:CNNVDid:CNNVD-202306-264date:2023-06-05T00:00:00