CVE-2018-9062

CWE-743 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 64.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo E42-80 Firmware Lenovo E42-80 ISK Firmware Lenovo E52-80 Firmware +37 more

Timeline

PublishedJul 19

Latest updateMay 13

Description

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages40 packages

▶NVDlenovo/thinkpad_s1_firmware< r0het48w

▶NVDlenovo/thinkpad_p51_firmware< n1uet71w

▶NVDlenovo/thinkpad_p52_firmware< n2cet28w

▶NVDlenovo/thinkpad_p71_firmware< n1tet50w

▶NVDlenovo/thinkpad_p72_firmware< n2cet28w

Patches

Patch: support.lenovo.com ↗Patch: support.lenovo.com ↗

🔴Vulnerability Details

GHSA

GHSA-4w9p-jrr8-ffxf: In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code↗2022-05-13

▶

CVEList

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack↗2018-07-19

▶