Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-9062

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Published

2018-07-19T19:29:00.607

Last Modified

2024-11-21T04:14:53.653

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-74

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	e42-80_firmware	< 2wcn40ww	Yes
Hardware	lenovo	e42-80	-	No
Operating System	lenovo	e42-80_isk_firmware	< 0zcn48ww	Yes
Hardware	lenovo	e42-80_isk	-	No
Operating System	lenovo	e52-80_firmware	< 2wcn40ww	Yes
Hardware	lenovo	e52-80	-	No
Operating System	lenovo	e52-80_isk_firmware	< 0zcn48ww	Yes
Hardware	lenovo	e52-80_isk	-	No
Operating System	lenovo	miix_720-12ikb_firmware	< 3scn68ww	Yes
Hardware	lenovo	miix_720-12ikb	-	No
Operating System	lenovo	v310-14ikb_firmware	< 2wcn40ww	Yes
Hardware	lenovo	v310-14ikb	-	No
Operating System	lenovo	v310-14isk_firmware	< 0zcn48ww	Yes
Hardware	lenovo	v310-14isk	-	No
Operating System	lenovo	v310-15ikb_firmware	< 2wcn40ww	Yes
Hardware	lenovo	v310-15ikb	-	No
Operating System	lenovo	v310-15isk_firmware	< 0zcn48ww	Yes
Hardware	lenovo	v310-15isk	-	No
Operating System	lenovo	v510-14ikb_firmware	< 2wcn40ww	Yes
Hardware	lenovo	v510-14ikb	-	No
Operating System	lenovo	v510-15ikb_firmware	< 2wcn40ww	Yes
Hardware	lenovo	v510-15ikb	-	No
Operating System	lenovo	thinkpad_l380_firmware	< r0ret28w	Yes
Hardware	lenovo	thinkpad_l380	-	No
Operating System	lenovo	thinkpad_e480_firmware	< r0pet47w	Yes
Hardware	lenovo	thinkpad_e480	-	No
Operating System	lenovo	thinkpad_e580_firmware	< r0pet47w	Yes
Hardware	lenovo	thinkpad_e580	-	No
Operating System	lenovo	thinkpad_l480_firmware	< r0qet47w	Yes
Hardware	lenovo	thinkpad_l480	-	No
Operating System	lenovo	thinkpad_l580_firmware	< r0qet47w	Yes
Hardware	lenovo	thinkpad_l580	-	No
Operating System	lenovo	thinkpad_p51_firmware	< n1uet71w	Yes
Hardware	lenovo	thinkpad_p51	-	No
Operating System	lenovo	thinkpad_p51s_firmware	< n1vet45w	Yes
Hardware	lenovo	thinkpad_p51s	-	No
Operating System	lenovo	thinkpad_p52_firmware	< n2cet28w	Yes
Hardware	lenovo	thinkpad_p52	-	No
Operating System	lenovo	thinkpad_p52s_firmware	< n27et27w	Yes
Hardware	lenovo	thinkpad_p52s	-	No
Operating System	lenovo	thinkpad_p71_firmware	< n1tet50w	Yes
Hardware	lenovo	thinkpad_p71	-	No
Operating System	lenovo	thinkpad_p72_firmware	< n2cet28w	Yes
Hardware	lenovo	thinkpad_p72	-	No
Operating System	lenovo	thinkpad_t25_firmware	< n1qet77w	Yes
Hardware	lenovo	thinkpad_t25	-	No
Operating System	lenovo	thinkpad_t470_firmware	< n1qet77w	Yes
Hardware	lenovo	thinkpad_t470	-	No
Operating System	lenovo	thinkpad_t470p_firmware	< r0fet44w	Yes
Hardware	lenovo	thinkpad_t470p	-	No
Operating System	lenovo	thinkpad_t470s_firmware	< n1wet49w	Yes
Hardware	lenovo	thinkpad_t470s	-	No
Operating System	lenovo	thinkpad_t480_firmware	< n24et41w	Yes
Hardware	lenovo	thinkpad_t480	-	No
Operating System	lenovo	thinkpad_t480s_firmware	< n22et48w	Yes
Hardware	lenovo	thinkpad_t480s	-	No
Operating System	lenovo	thinkpad_t570_firmware	< n1vet45w	Yes
Hardware	lenovo	thinkpad_t570	-	No
Operating System	lenovo	thinkpad_t580_firmware	< n27et27w	Yes
Hardware	lenovo	thinkpad_t580	-	No
Operating System	lenovo	thinkpad_x380_yoga_firmware	< r0set29w	Yes
Hardware	lenovo	thinkpad_x380_yoga	-	No
Operating System	lenovo	thinkpad_yoga_11e_firmware	< r0vet23w	Yes
Hardware	lenovo	thinkpad_yoga_11e	-	No
Operating System	lenovo	thinkpad_yoga_370_firmware	< r0het48w	Yes
Hardware	lenovo	thinkpad_yoga_370	-	No
Operating System	lenovo	thinkpad_s1_firmware	< r0het48w	Yes
Hardware	lenovo	thinkpad_s1	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< n1met49w	Yes
Hardware	lenovo	20hq	-	No
Hardware	lenovo	20hr	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< n23et52w	Yes
Hardware	lenovo	20k3	-	No
Hardware	lenovo	20k4	-	No
Operating System	lenovo	thinkpad_x1_carbon_firmware	< n1met49w	Yes
Hardware	lenovo	20kg	-	No
Hardware	lenovo	20kh	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< n1oet45w	Yes
Hardware	lenovo	20jb	-	No
Hardware	lenovo	20jc	-	No
Operating System	lenovo	thinkpad_x1_tablet_firmware	< n1zet69w	Yes
Hardware	lenovo	20kj	-	No
Hardware	lenovo	20kk	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< n1net42w	Yes
Hardware	lenovo	20jd	-	No
Hardware	lenovo	20je	-	No
Hardware	lenovo	20jf	-	No
Hardware	lenovo	20jg	-	No
Operating System	lenovo	thinkpad_x1_yoga_firmware	< n25et38w	Yes
Hardware	lenovo	20ld	-	No
Hardware	lenovo	20le	-	No
Hardware	lenovo	20lf	-	No
Hardware	lenovo	20lg	-	No
Operating System	lenovo	thinkpad_x270_firmware	< r0iet53w	Yes
Hardware	lenovo	20hm	-	No
Hardware	lenovo	20hn	-	No
Hardware	lenovo	20k5	-	No
Hardware	lenovo	20k6	-	No
Operating System	lenovo	thinkpad_x280_firmware	< n20et33w	Yes
Hardware	lenovo	20ke	-	No
Hardware	lenovo	20kf	-	No

References

http://www.securityfocus.com/bid/105387 Third Party Advisory, VDB Entry ([email protected])
https://support.lenovo.com/us/en/solutions/LEN-20527 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/105387 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/solutions/LEN-20527 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)