Podatność CVE-2018-9069

Podatność CVE-2018-9069

Publikacja: 2018-10-02

Opis:

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Typ:

CWE-362

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:C)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
7/10	7.8/10	6.8/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Średnia	Jednorazowa
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Brak	Częściowy	Pełny

Affected software
HP -> 710s plus-3ikb firmware
HP -> Lenovo ideapad 320s-14ikbr firmware
HP -> Nano110-15ikb firmware
HP -> Y520-15ikbn firmware
HP -> 320-17ikbrn
HP -> 710s plus touch-13ikb firmware
HP -> Lenovo ideapad 320s-15ikbr firmware
HP -> R720-15ikba firmware
HP -> Y720-15ikb firmware
HP -> 320s-14ikb
HP -> 720s-13ikb firmware
HP -> Lenovo ideapad 520s-14ikbr firmware
HP -> R720-15ikbn firmware
HP -> Yoga 310-11iap firmware
HP -> Miix 720-12ikb
HP -> 720s-14ikbr firmware
HP -> Lenovo ideapad 720s-14ikb firmware
HP -> Rescuer r720-15ikbm firmware
HP -> Yoga 510-14isk firmware
HP -> 310s-14isk firmware
HP -> B320-14ikb firmware
HP -> Lenovo ideapad flex 5-1470 firmware
HP -> Rescuer y520-15ikbm firmware
HP -> Yoga 520-14ikb firmware
HP -> 320-15ikbra firmware
HP -> E42-80 firmware
HP -> Lenovo ideapad flex 5-1570 firmware
HP -> V310-14ikb firmware
HP -> Yoga 720-13ikb firmware
HP -> 320-15ikbrn firmware
HP -> E43-80 kbl firmware
HP -> Lenovo ideapad y520-15ikbn firmware
HP -> V310-14isk firmware
HP -> Yoga 720-13ikbr firmware
HP -> 320-15ikbrn touch firmware
HP -> E52-80 firmware
HP -> Lenovo tianyi 310-14ikb firmware
HP -> V310-15ikb firmware
HP -> Yoga 720-15ikb firmware
HP -> 320s-15ikb firmware
HP -> Flex 4-1470 firmware
HP -> Lenovo tianyi 310-15ikb firmware
HP -> V310-15isk firmware
HP -> Zhaoyang k42-80 firmware
HP -> 320s-15isk firmware
HP -> Flex 5-1470 firmware
HP -> Lenovo v720-14 firmware
HP -> V330-14ikb firmware
HP -> 510s-14isk firmware
HP -> Flex 5-1570 firmware
HP -> Lenovo y520-15ikba firmware
HP -> V330-14isk firmware
HP -> 520-15ikbrn firmware
HP -> Ideapad 2in1 14 firmware
HP -> Lenovo y520-15ikbm firmware
HP -> V510-14ikb firmware
HP -> 520s-14ikb firmware
HP -> Lenovo ideapad 320-14ikb(i+a) firmware
HP -> Lenovo y720-15ikb firmware
HP -> V510-15ikb firmware
HP -> 7000-15 u42 firmware
HP -> Lenovo ideapad 320-14ikb(i+n) firmware
HP -> Lenovo yoga 520-14ikb firmware
HP -> Xiaoxinair13ikbpro firmware
HP -> 7000 u42 firmware
HP -> Lenovo ideapad 320-15abr firmware
HP -> Lenovo yoga 520-15ikb firmware
HP -> Xx chao5000-ikbra firmware
HP -> 710s plus-13ikb 16g firmware
HP -> Lenovo ideapad 320-15ikb(i+n) firmware
HP -> Nano110-14ikb firmware
HP -> Y520-15ikba firmware

Referencje:

https://support.lenovo.com/us/en/solutions/LEN-20184

Podatność CVE-2018-9069

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

CWE-362

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:C)

7/10

7.8/10

6.8/10

Zdalny

Średnia

Jednorazowa

Brak

Częściowy

Pełny

Affected software

Referencje: