Thinkpad 11E Firmware
CVE-2022-1107
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.
AnalysisAI
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. Affected products include: Lenovo Thinkpad 11E Firmware, Lenovo Thinkpad Helix Firmware, Lenovo Thinkpad L560 Firmware, Lenovo Thinkpad L570 Firmware, Lenovo Thinkpad P50S Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Thinkpad 11E Firmware
View allThe BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p,
An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. Rated med
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio
There is a vulnerability with the Dolby DAX2 API system services in which a low-privileged user can terminate arbitrary
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficie
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in ru
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today