CVE-2022-48183
Published: 09 October 2023
Summary
CVE-2022-48183 is a medium-severity Improper Physical Access Control (CWE-1263) vulnerability in Lenovo Thinkpad T14S Gen 3 Firmware. Its CVSS base score is 6.1 (Medium).
Operationally, ranked at the 31.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-50894
Vulnerability details
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Field maintenance requires physical or on-site access, and restricting it mitigates improper physical access control.
Restricting access to media directly implements controls to prevent improper physical access to storage media.
Physically controlling and securely storing media directly implements proper physical access controls for system media.
Prohibiting portable storage devices without identifiable owners is a direct physical access control measure limiting untraceable media interaction with systems.
Placement for authorized access and protection against unauthorized activation specifically address improper physical access control.
Automatic emergency lighting ensures visibility on exits and evacuation routes during power outages, reducing an attacker's ability to exploit improper physical access controls by using darkness to navigate or access restricted areas.
Directly implements authorization and control of physical items entering and exiting the facility to prevent improper physical access.
Requiring documentation of allowed sites plus implementation and assessment of controls at alternate work sites directly prevents improper physical access to systems and data.