CVE-2018-9062 - Vulnerability Details

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00147.

Key SSVC decision points have not yet been added.

Vendors	Products
Lenovo	20hm 20hn 20hq 20hr 20jb 20jc 20jd 20je 20jf 20jg 20k3 20k4 20k5 20k6 20ke 20kf 20kg 20kh 20kj 20kk 20ld 20le 20lf 20lg E42-80 E42-80 Firmware E42-80 Isk E42-80 Isk Firmware E52-80 E52-80 Firmware E52-80 Isk E52-80 Isk Firmware Miix 720-12ikb Miix 720-12ikb Firmware Thinkpad E480 Thinkpad E480 Firmware Thinkpad E580 Thinkpad E580 Firmware Thinkpad L380 Thinkpad L380 Firmware Thinkpad L480 Thinkpad L480 Firmware Thinkpad L580 Thinkpad L580 Firmware Thinkpad P51 Thinkpad P51 Firmware Thinkpad P51s Thinkpad P51s Firmware Thinkpad P52 Thinkpad P52 Firmware Thinkpad P52s Thinkpad P52s Firmware Thinkpad P71 Thinkpad P71 Firmware Thinkpad P72 Thinkpad P72 Firmware Thinkpad S1 Thinkpad S1 Firmware Thinkpad T25 Thinkpad T25 Firmware Thinkpad T470 Thinkpad T470 Firmware Thinkpad T470p Thinkpad T470p Firmware Thinkpad T470s Thinkpad T470s Firmware Thinkpad T480 Thinkpad T480 Firmware Thinkpad T480s Thinkpad T480s Firmware Thinkpad T570 Thinkpad T570 Firmware Thinkpad T580 Thinkpad T580 Firmware Thinkpad X1 Carbon Firmware Thinkpad X1 Tablet Firmware Thinkpad X1 Yoga Firmware Thinkpad X270 Firmware Thinkpad X280 Firmware Thinkpad X380 Yoga Thinkpad X380 Yoga Firmware Thinkpad Yoga 11e Thinkpad Yoga 11e Firmware Thinkpad Yoga 370 Thinkpad Yoga 370 Firmware V310-14ikb V310-14ikb Firmware V310-14isk V310-14isk Firmware V310-15ikb V310-15ikb Firmware V310-15isk V310-15isk Firmware V510-14ikb V510-14ikb Firmware V510-15ikb V510-15ikb Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lenovo:e42-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:e42-80:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:lenovo:e42-80_isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:e42-80_isk:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:lenovo:e52-80_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:e52-80:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:lenovo:e52-80_isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:e52-80_isk:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:lenovo:miix_720-12ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:lenovo:v310-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v310-14ikb:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:lenovo:v310-14isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v310-14isk:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:lenovo:v310-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v310-15ikb:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:lenovo:v310-15isk_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v310-15isk:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:lenovo:v510-14ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v510-14ikb:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:lenovo:v510-15ikb_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v510-15ikb:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l380_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:lenovo:thinkpad_e480_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:lenovo:thinkpad_e580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l480_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:lenovo:thinkpad_l580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p51_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p51:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p51s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p52_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p52:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p52s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p71_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p71:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:lenovo:thinkpad_p72_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_p72:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t25_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t25:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t470_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t470p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t470s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t480_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t480:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t480s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t480s:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t570_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:lenovo:thinkpad_t580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x380_yoga_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_11e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_11e:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:lenovo:thinkpad_yoga_370_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:lenovo:thinkpad_s1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_s1:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20hq:-:::::::*
	cpe:2.3:h:lenovo:20hr:-:::::::*

Configuration 36 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20k3:-:::::::*
	cpe:2.3:h:lenovo:20k4:-:::::::*

Configuration 37 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20kg:-:::::::*
	cpe:2.3:h:lenovo:20kh:-:::::::*

Configuration 38 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20jb:-:::::::*
	cpe:2.3:h:lenovo:20jc:-:::::::*

Configuration 39 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_tablet_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20kj:-:::::::*
	cpe:2.3:h:lenovo:20kk:-:::::::*

Configuration 40 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20jd:-:::::::*
	cpe:2.3:h:lenovo:20je:-:::::::*
	cpe:2.3:h:lenovo:20jf:-:::::::*
	cpe:2.3:h:lenovo:20jg:-:::::::*

Configuration 41 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x1_yoga_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20ld:-:::::::*
	cpe:2.3:h:lenovo:20le:-:::::::*
	cpe:2.3:h:lenovo:20lf:-:::::::*
	cpe:2.3:h:lenovo:20lg:-:::::::*

Configuration 42 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x270_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20hm:-:::::::*
	cpe:2.3:h:lenovo:20hn:-:::::::*
	cpe:2.3:h:lenovo:20k5:-:::::::*
	cpe:2.3:h:lenovo:20k6:-:::::::*

Configuration 43 [-]

AND

cpe:2.3:o:lenovo:thinkpad_x280_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:20ke:-:::::::*
	cpe:2.3:h:lenovo:20kf:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2018-20665	In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/105387
https://support.lenovo.com/us/en/solutions/LEN-20527

History

No history.

MITRE

Status: PUBLISHED

Assigner: lenovo

Published: 2018-07-19T19:00:00

Updated: 2024-08-05T07:10:47.415Z

Reserved: 2018-03-27T00:00:00

Link: CVE-2018-9062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-07-19T19:29:00.607

Modified: 2024-11-21T04:14:53.653

Link: CVE-2018-9062

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object