Lucene search

[email protected]CVE-2018-9069

HistoryOct 02, 2018 - 2:00 p.m.

CVE-2018-9069

2018-10-0214:00:00

CWE-362

[email protected]

web.nvd.nist.gov

lenovo

ideapad

consumer notebook

bios

race condition

security vulnerability

administrator access

nvd

cve-2018-9069

7 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:P/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Affected configurations

NVD

Node

hp310s-14isk_firmwareRange<1.15

AND

hp310s-14iskMatch-

Node

hp320-15ikbra_firmwareRange<6jcn24ww

AND

hp320-15ikbraMatch-

Node

hp320-15ikbrn_firmwareRange<6jcn24ww

AND

hp320-15ikbrnMatch-

Node

hp320-15ikbrn_touch_firmwareRange<6jcn24ww

AND

hp320-15ikbrn_touchMatch-

Node

hp320-17ikbrnRange<2.09

AND

hp320-17ikbrnMatch-

Node

hp320s-14ikbRange<2.09

AND

hp320s-14ikbMatch-

Node

hp320s-15ikb_firmwareRange<2.09

AND

hp320s-15ikbMatch-

Node

hp320s-15isk_firmwareRange<2wcn38ww

AND

hp320s-15iskMatch-

Node

hp510s-14isk_firmwareRange<1.15

AND

hp510s-14iskMatch-

Node

hp520-15ikbrn_firmwareRange<6jcn26ww

AND

hp520-15ikbrnMatch-

Node

hp520s-14ikb_firmwareRange<2.09

AND

hp520s-14ikbMatch-

Node

hp710s_plus-13ikb_16g_firmwareRange<2.55

AND

hp710s_plus-13ikb_16gMatch-

Node

hp710s_plus-3ikb_firmwareRange<2.55

AND

hp710s_plus-3ikbMatch-

Node

hpxiaoxinair13ikbpro_firmwareRange<2.55

AND

hpxiaoxinair13ikbproMatch-

Node

hp710s_plus_touch-13ikb_firmwareRange<2.55

AND

hp710s_plus_touch-13ikbMatch-

Node

hp720s-13ikb_firmwareRange<5scn38ww

AND

hp720s-13ikbMatch-

Node

hpb320-14ikb_firmwareMatch-

AND

hpb320-14ikbMatch-

Node

lenovoe42-80_firmwareRange<2wcn38ww

AND

hpe42-80Match-

Node

lenovoe52-80_firmwareRange<2wcn38ww

AND

hpe52-80Match-

Node

hpflex_4-1470_firmwareRange<1.15

AND

hpflex_4-1470Match-

Node

hpflex_5-1470_firmwareRange<2.09

AND

hpflex_5-1470Match-

Node

hpflex_5-1570_firmwareRange<2.09

AND

hpflex_5-1570Match-

Node

hpideapad_2in1_14_firmwareMatch-

AND

hpideapad_2in1_14Match-

Node

hplenovo_ideapad_320-14ikb\(i\+a\)_firmwareMatch-

AND

hplenovo_ideapad_320-14ikb\(i\+a\)Match-

Node

hplenovo_ideapad_320-14ikb\(i\+n\)_firmwareMatch-

AND

hplenovo_ideapad_320-14ikb\(i\+n\)Match-

Node

hplenovo_ideapad_320-15abr_firmwareMatch-

AND

hplenovo_ideapad_320-15abrMatch-

Node

hplenovo_ideapad_320-15ikb\(i\+n\)_firmwareMatch-

AND

hplenovo_ideapad_320-15ikb\(i\+n\)Match-

Node

hplenovo_ideapad_320s-14ikbr_firmwareMatch-

AND

hplenovo_ideapad_320s-14ikbrMatch-

Node

hplenovo_ideapad_320s-15ikbr_firmwareMatch-

AND

hplenovo_ideapad_320s-15ikbrMatch-

Node

hplenovo_ideapad_520s-14ikbr_firmwareMatch-

AND

hplenovo_ideapad_520s-14ikbrMatch-

Node

hplenovo_ideapad_720s-14ikb_firmwareRange<6jcn26ww

AND

hplenovo_ideapad_720s-14ikbMatch-

Node

hplenovo_ideapad_flex_5-1470_firmwareRange<6jcn26ww

AND

hplenovo_ideapad_flex_5-1470Match-

Node

hplenovo_ideapad_flex_5-1570_firmwareRange<6jcn26ww

AND

hplenovo_ideapad_flex_5-1570Match-

Node

hplenovo_ideapad_y520-15ikbn_firmwareMatch-

AND

hplenovo_ideapad_y520-15ikbnMatch-

Node

hplenovo_tianyi_310-14ikb_firmwareMatch-

AND

hplenovo_tianyi_310-14ikbMatch-

Node

hplenovo_tianyi_310-15ikb_firmwareMatch-

AND

hplenovo_tianyi_310-15ikbMatch-

Node

hplenovo_y520-15ikba_firmwareRange<5jcn25ww

AND

hplenovo_y520-15ikbaMatch-

Node

hplenovo_y520-15ikbm_firmwareRange<5jcn25ww

AND

hplenovo_y520-15ikbmMatch-

Node

hplenovo_yoga_520-14ikb_firmwareRange<6jcn26ww

AND

hplenovo_yoga_520-14ikbMatch-

Node

hplenovo_yoga_520-15ikb_firmwareRange<6jcn26ww

AND

hplenovo_yoga_520-15ikbMatch-

Node

hpmiix_720-12ikbRange<3scn66ww

AND

hpmiix_720-12ikbMatch-

Node

hpnano110-14ikb_firmwareMatch-

AND

hpnano110-14ikbMatch-

Node

hpnano110-15ikb_firmwareRange<5xcn24ww

AND

hpnano110-15ikbMatch-

Node

hprescuer_r720-15ikbm_firmwareRange<5xcn24ww

AND

hprescuer_r720-15ikbmMatch-

Node

hprescuer_y520-15ikbm_firmwareRange<5xcn24ww

AND

hprescuer_y520-15ikbmMatch-

Node

lenovov310-14ikb_firmwareRange<2wcn38ww

AND

hpv310-14ikbMatch-

Node

lenovov310-14isk_firmwareRange<4.07

AND

hpv310-14iskMatch-

Node

lenovov310-15ikb_firmwareRange<2wcn38ww

AND

hpv310-15ikbMatch-

Node

lenovov310-15isk_firmwareRange<0zcn47ww

AND

hpv310-15iskMatch-

Node

hpv330-14ikb_firmwareRange<4.07

AND

hpv330-14ikbMatch-

Node

hpv330-14isk_firmwareRange<4.07

AND

hpv330-14iskMatch-

Node

lenovov510-14ikb_firmwareRange<2wcn38ww

AND

hpv510-14ikbMatch-

Node

lenovov510-15ikb_firmwareRange<2wcn38ww

AND

hpv510-15ikbMatch-

Node

hpyoga_310-11iap_firmwareRange<6.7

AND

hpyoga_310-11iapMatch-

Node

hpyoga_510-14isk_firmwareRange<1.15

AND

hpyoga_510-14iskMatch-

Node

hpyoga_720-13ikb_firmwareRange<2.05

AND

hpyoga_720-13ikbMatch-

Node

hpyoga_720-13ikbr_firmwareRange<2.07

AND

hpyoga_720-13ikbrMatch-

Node

hpyoga_720-15ikb_firmwareRange<2.05

AND

hpyoga_720-15ikbMatch-

Node

hplenovo_v720-14_firmwareRange<2.12

AND

hplenovo_v720-14Match-

Node

hp7000_u42_firmwareRange<2.09

AND

hp7000_u42Match-

Node

hp7000-15_u42_firmwareRange<2.09

AND

hp7000-15_u42Match-

Node

hpr720-15ikba_firmwareRange<5jcn25ww

AND

hpr720-15ikbaMatch-

Node

hpy520-15ikba_firmwareRange<5jcn25ww

AND

hpy520-15ikbaMatch-

Node

hpr720-15ikbn_firmwareRange<4gcn38ww

AND

hpr720-15ikbnMatch-

Node

hpy520-15ikbn_firmwareRange<4gcn38ww

AND

hpy520-15ikbnMatch-

Node

hpy720-15ikb_firmwareRange<4gcn38ww

AND

hpy720-15ikbMatch-

Node

hplenovo_y720-15ikb_firmwareRange<4gcn38ww

AND

hplenovo_y720-15ikbMatch-

Node

hpe43-80_kbl_firmwareRange<4.07

AND

hpe43-80_kblMatch-

CPENameOperatorVersion
hp:310s-14isk_firmwarehp 310s-14isk firmwarelt1.15

CPE	Name	Operator	Version
hp:310s-14isk_firmware	hp 310s-14isk firmware	lt	1.15

CNA Affected

[
  {
    "product": "IdeaPad",
    "vendor": "Lenovo Group LTD",
    "versions": [
      {
        "lessThan": "various",
        "status": "affected",
        "version": "various",
        "versionType": "custom"
      }
    ]
  }
]

References

support.lenovo.com/us/en/solutions/LEN-20184

7 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:P/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.7%

JSON

Related for CVE-2018-9069

cvelist1 lenovo2 prion1 nvd1