CVE-2018-9062

EPSS 0.15%
Published 19.07.2018 19:29:00
Last modified 21.11.2024 04:14:53
Source psirt@lenovo.com
Teams watchlist Login
Open Login

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ E42-80 Firmware Version < 2wcn40ww

Lenovo ≫ E42-80 Version-

Lenovo ≫ E42-80 Isk Firmware Version < 0zcn48ww

Lenovo ≫ E42-80 Isk Version-

Lenovo ≫ E52-80 Firmware Version < 2wcn40ww

Lenovo ≫ E52-80 Version-

Lenovo ≫ E52-80 Isk Firmware Version < 0zcn48ww

Lenovo ≫ E52-80 Isk Version-

Lenovo ≫ Miix 720-12ikb Firmware Version < 3scn68ww

Lenovo ≫ Miix 720-12ikb Version-

Lenovo ≫ V310-14ikb Firmware Version < 2wcn40ww

Lenovo ≫ V310-14ikb Version-

Lenovo ≫ V310-14isk Firmware Version < 0zcn48ww

Lenovo ≫ V310-14isk Version-

Lenovo ≫ V310-15ikb Firmware Version < 2wcn40ww

Lenovo ≫ V310-15ikb Version-

Lenovo ≫ V310-15isk Firmware Version < 0zcn48ww

Lenovo ≫ V310-15isk Version-

Lenovo ≫ V510-14ikb Firmware Version < 2wcn40ww

Lenovo ≫ V510-14ikb Version-

Lenovo ≫ V510-15ikb Firmware Version < 2wcn40ww

Lenovo ≫ V510-15ikb Version-

Lenovo ≫ Thinkpad L380 Firmware Version < r0ret28w

Lenovo ≫ Thinkpad L380 Version-

Lenovo ≫ Thinkpad E480 Firmware Version < r0pet47w

Lenovo ≫ Thinkpad E480 Version-

Lenovo ≫ Thinkpad E580 Firmware Version < r0pet47w

Lenovo ≫ Thinkpad E580 Version-

Lenovo ≫ Thinkpad L480 Firmware Version < r0qet47w

Lenovo ≫ Thinkpad L480 Version-

Lenovo ≫ Thinkpad L580 Firmware Version < r0qet47w

Lenovo ≫ Thinkpad L580 Version-

Lenovo ≫ Thinkpad P51 Firmware Version < n1uet71w

Lenovo ≫ Thinkpad P51 Version-

Lenovo ≫ Thinkpad P51s Firmware Version < n1vet45w

Lenovo ≫ Thinkpad P51s Version-

Lenovo ≫ Thinkpad P52 Firmware Version < n2cet28w

Lenovo ≫ Thinkpad P52 Version-

Lenovo ≫ Thinkpad P52s Firmware Version < n27et27w

Lenovo ≫ Thinkpad P52s Version-

Lenovo ≫ Thinkpad P71 Firmware Version < n1tet50w

Lenovo ≫ Thinkpad P71 Version-

Lenovo ≫ Thinkpad P72 Firmware Version < n2cet28w

Lenovo ≫ Thinkpad P72 Version-

Lenovo ≫ Thinkpad T25 Firmware Version < n1qet77w

Lenovo ≫ Thinkpad T25 Version-

Lenovo ≫ Thinkpad T470 Firmware Version < n1qet77w

Lenovo ≫ Thinkpad T470 Version-

Lenovo ≫ Thinkpad T470p Firmware Version < r0fet44w

Lenovo ≫ Thinkpad T470p Version-

Lenovo ≫ Thinkpad T470s Firmware Version < n1wet49w

Lenovo ≫ Thinkpad T470s Version-

Lenovo ≫ Thinkpad T480 Firmware Version < n24et41w

Lenovo ≫ Thinkpad T480 Version-

Lenovo ≫ Thinkpad T480s Firmware Version < n22et48w

Lenovo ≫ Thinkpad T480s Version-

Lenovo ≫ Thinkpad T570 Firmware Version < n1vet45w

Lenovo ≫ Thinkpad T570 Version-

Lenovo ≫ Thinkpad T580 Firmware Version < n27et27w

Lenovo ≫ Thinkpad T580 Version-

Lenovo ≫ Thinkpad X380 Yoga Firmware Version < r0set29w

Lenovo ≫ Thinkpad X380 Yoga Version-

Lenovo ≫ Thinkpad Yoga 11e Firmware Version < r0vet23w

Lenovo ≫ Thinkpad Yoga 11e Version-

Lenovo ≫ Thinkpad Yoga 370 Firmware Version < r0het48w

Lenovo ≫ Thinkpad Yoga 370 Version-

Lenovo ≫ Thinkpad S1 Firmware Version < r0het48w

Lenovo ≫ Thinkpad S1 Version-

Lenovo ≫ Thinkpad X1 Carbon Firmware Version < n1met49w

Lenovo ≫ 20hq Version-
Lenovo ≫ 20hr Version-

Lenovo ≫ Thinkpad X1 Carbon Firmware Version < n23et52w

Lenovo ≫ 20k3 Version-
Lenovo ≫ 20k4 Version-

Lenovo ≫ Thinkpad X1 Carbon Firmware Version < n1met49w

Lenovo ≫ 20kg Version-
Lenovo ≫ 20kh Version-

Lenovo ≫ Thinkpad X1 Tablet Firmware Version < n1oet45w

Lenovo ≫ 20jb Version-
Lenovo ≫ 20jc Version-

Lenovo ≫ Thinkpad X1 Tablet Firmware Version < n1zet69w

Lenovo ≫ 20kj Version-
Lenovo ≫ 20kk Version-

Lenovo ≫ Thinkpad X1 Yoga Firmware Version < n1net42w

   Lenovo ≫ 20jd Version-
   Lenovo ≫ 20je Version-
   Lenovo ≫ 20jf Version-
   Lenovo ≫ 20jg Version-

Lenovo ≫ Thinkpad X1 Yoga Firmware Version < n25et38w

   Lenovo ≫ 20ld Version-
   Lenovo ≫ 20le Version-
   Lenovo ≫ 20lf Version-
   Lenovo ≫ 20lg Version-

Lenovo ≫ Thinkpad X270 Firmware Version < r0iet53w

   Lenovo ≫ 20hm Version-
   Lenovo ≫ 20hn Version-
   Lenovo ≫ 20k5 Version-
   Lenovo ≫ 20k6 Version-

Lenovo ≫ Thinkpad X280 Firmware Version < n20et33w

Lenovo ≫ 20ke Version-
Lenovo ≫ 20kf Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.15%	0.317

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

http://www.securityfocus.com/bid/105387

Third Party Advisory

VDB Entry

https://support.lenovo.com/us/en/solutions/LEN-20527

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-9062

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-9062

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-9062

EUVD