Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-9062
HistoryJul 19, 2018 - 7:29 p.m.

CVE-2018-9062

2018-07-1919:29:00
CWE-74
[email protected]
web.nvd.nist.gov
28
lenovo
thinkpad
bios
code injection
security vulnerability
cve-2018-9062

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.8%

JSON

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Affected configurations

NVD
Node
lenovoe42-80Match-
AND
lenovoe42-80_firmwareRange<2wcn40ww
Node
lenovoe42-80_iskMatch-
AND
lenovoe42-80_isk_firmwareRange<0zcn48ww
Node
lenovoe52-80Match-
AND
lenovoe52-80_firmwareRange<2wcn40ww
Node
lenovoe52-80_iskMatch-
AND
lenovoe52-80_isk_firmwareRange<0zcn48ww
Node
lenovomiix_720-12ikbMatch-
AND
lenovomiix_720-12ikb_firmwareRange<3scn68ww
Node
lenovov310-14ikbMatch-
AND
lenovov310-14ikb_firmwareRange<2wcn40ww
Node
lenovov310-14iskMatch-
AND
lenovov310-14isk_firmwareRange<0zcn48ww
Node
lenovov310-15ikbMatch-
AND
lenovov310-15ikb_firmwareRange<2wcn40ww
Node
lenovov310-15isk_firmwareRange<0zcn48ww
AND
lenovov310-15iskMatch-
Node
lenovov510-14ikb_firmwareRange<2wcn40ww
AND
lenovov510-14ikbMatch-
Node
lenovov510-15ikb_firmwareRange<2wcn40ww
AND
lenovov510-15ikbMatch-
Node
lenovothinkpad_l380_firmwareRange<r0ret28w
AND
lenovothinkpad_l380Match-
Node
lenovothinkpad_e480_firmwareRange<r0pet47w
AND
lenovothinkpad_e480Match-
Node
lenovothinkpad_e580_firmwareRange<r0pet47w
AND
lenovothinkpad_e580Match-
Node
lenovothinkpad_l480_firmwareRange<r0qet47w
AND
lenovothinkpad_l480Match-
Node
lenovothinkpad_l580_firmwareRange<r0qet47w
AND
lenovothinkpad_l580Match-
Node
lenovothinkpad_p51_firmwareRange<n1uet71w
AND
lenovothinkpad_p51Match-
Node
lenovothinkpad_p51s_firmwareRange<n1vet45w
AND
lenovothinkpad_p51sMatch-
Node
lenovothinkpad_p52_firmwareRange<n2cet28w
AND
lenovothinkpad_p52Match-
Node
lenovothinkpad_p52s_firmwareRange<n27et27w
AND
lenovothinkpad_p52sMatch-
Node
lenovothinkpad_p71_firmwareRange<n1tet50w
AND
lenovothinkpad_p71Match-
Node
lenovothinkpad_p72_firmwareRange<n2cet28w
AND
lenovothinkpad_p72Match-
Node
lenovothinkpad_t25_firmwareRange<n1qet77w
AND
lenovothinkpad_t25Match-
Node
lenovothinkpad_t470_firmwareRange<n1qet77w
AND
lenovothinkpad_t470Match-
Node
lenovothinkpad_t470p_firmwareRange<r0fet44w
AND
lenovothinkpad_t470pMatch-
Node
lenovothinkpad_t470s_firmwareRange<n1wet49w
AND
lenovothinkpad_t470sMatch-
Node
lenovothinkpad_t480_firmwareRange<n24et41w
AND
lenovothinkpad_t480Match-
Node
lenovothinkpad_t480s_firmwareRange<n22et48w
AND
lenovothinkpad_t480sMatch-
Node
lenovothinkpad_t570_firmwareRange<n1vet45w
AND
lenovothinkpad_t570Match-
Node
lenovothinkpad_t580_firmwareRange<n27et27w
AND
lenovothinkpad_t580Match-
Node
lenovothinkpad_x380_yoga_firmwareRange<r0set29w
AND
lenovothinkpad_x380_yogaMatch-
Node
lenovothinkpad_yoga_11e_firmwareRange<r0vet23w
AND
lenovothinkpad_yoga_11eMatch-
Node
lenovothinkpad_yoga_370_firmwareRange<r0het48w
AND
lenovothinkpad_yoga_370Match-
Node
lenovothinkpad_s1_firmwareRange<r0het48w
AND
lenovothinkpad_s1Match-
Node
lenovothinkpad_x1_carbon_firmwareRange<n1met49w
AND
lenovo20hqMatch-
OR
lenovo20hrMatch-
Node
lenovothinkpad_x1_carbon_firmwareRange<n23et52w
AND
lenovo20k3Match-
OR
lenovo20k4Match-
Node
lenovothinkpad_x1_carbon_firmwareRange<n1met49w
AND
lenovo20kgMatch-
OR
lenovo20khMatch-
Node
lenovothinkpad_x1_tablet_firmwareRange<n1oet45w
AND
lenovo20jbMatch-
OR
lenovo20jcMatch-
Node
lenovothinkpad_x1_tablet_firmwareRange<n1zet69w
AND
lenovo20kjMatch-
OR
lenovo20kkMatch-
Node
lenovothinkpad_x1_yoga_firmwareRange<n1net42w
AND
lenovo20jdMatch-
OR
lenovo20jeMatch-
OR
lenovo20jfMatch-
OR
lenovo20jgMatch-
Node
lenovothinkpad_x1_yoga_firmwareRange<n25et38w
AND
lenovo20ldMatch-
OR
lenovo20leMatch-
OR
lenovo20lfMatch-
OR
lenovo20lgMatch-
Node
lenovothinkpad_x270_firmwareRange<r0iet53w
AND
lenovo20hmMatch-
OR
lenovo20hnMatch-
OR
lenovo20k5Match-
OR
lenovo20k6Match-
Node
lenovothinkpad_x280_firmwareRange<n20et33w
AND
lenovo20keMatch-
OR
lenovo20kfMatch-

CNA Affected

[
  {
    "product": "some Lenovo ThinkPads",
    "vendor": "Lenovo Group Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
lenovo 2
cvelist
cvelist
CVE-2018-9062 BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
2018-07-19 19:00:00
prion
prion
Code injection
2018-07-19 19:29:00
nvd
nvd
CVE-2018-9062
2018-07-19 19:29:00
lenovo
lenovo
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support NL
2018-09-20 20:36:00
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US
2018-09-20 17:36:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

31.8%

JSON
Related for CVE-2018-9062
cvelist1prion1nvd1lenovo2