Vulnerability CVE-2018-12169
Published: 2018-09-21

Description:
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Lenovo -> Thinkpad p71 
Lenovo -> Thinkpad yoga 370 
Lenovo -> Thinkpad p72 
Lenovo -> Thinkpad t25 
Lenovo -> Thinkpad t470 
Lenovo -> Thinkpad t470p 
Lenovo -> Thinkpad 11e 
Lenovo -> Thinkpad t470s 
Lenovo -> Thinkpad e480 
Lenovo -> Thinkpad t480 
Lenovo -> Thinkpad e580 
Lenovo -> Thinkpad t480s 
Lenovo -> Thinkpad l380 
Lenovo -> Thinkpad t570 
Lenovo -> Thinkpad l380 yoga 
Lenovo -> Thinkpad t580 
Lenovo -> Thinkpad l480 
Lenovo -> Thinkpad x1 carbon 
Lenovo -> Thinkpad l580 
Lenovo -> Thinkpad x1 tablet 
Lenovo -> Thinkpad p51 
Lenovo -> Thinkpad x1 yoga 
Lenovo -> Thinkpad p51s 
Lenovo -> Thinkpad x270 
Lenovo -> Thinkpad p52 
Lenovo -> Thinkpad x280 
Lenovo -> Thinkpad p52s 
Lenovo -> Thinkpad x380 yoga 
Intel -> Core i3 
Intel -> Core i5 
Intel -> Core i7 
Intel -> Core i9 

 References:
http://www.securityfocus.com/bid/105387
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
https://support.lenovo.com/us/en/solutions/LEN-20527
Copyright 2024, cxsecurity.com

 

Back to Top