Vulnerability CVE-2018-9069


Published: 2018-10-02

Description:
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Type:

CWE-362

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7/10
7.8/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Complete
Affected software
HP -> Nano110-15ikb firmware 
HP -> Y520-15ikbn firmware 
HP -> 710s plus-3ikb firmware 
HP -> Lenovo ideapad 320s-14ikbr firmware 
HP -> R720-15ikba firmware 
HP -> Y720-15ikb firmware 
HP -> 320-17ikbrn 
HP -> 710s plus touch-13ikb firmware 
HP -> Lenovo ideapad 320s-15ikbr firmware 
HP -> R720-15ikbn firmware 
HP -> Yoga 310-11iap firmware 
HP -> 320s-14ikb 
HP -> 720s-13ikb firmware 
HP -> Lenovo ideapad 520s-14ikbr firmware 
HP -> Rescuer r720-15ikbm firmware 
HP -> Yoga 510-14isk firmware 
HP -> Miix 720-12ikb 
HP -> 720s-14ikbr firmware 
HP -> Lenovo ideapad 720s-14ikb firmware 
HP -> Rescuer y520-15ikbm firmware 
HP -> Yoga 520-14ikb firmware 
HP -> 310s-14isk firmware 
HP -> B320-14ikb firmware 
HP -> Lenovo ideapad flex 5-1470 firmware 
HP -> V310-14ikb firmware 
HP -> Yoga 720-13ikb firmware 
HP -> 320-15ikbra firmware 
HP -> E42-80 firmware 
HP -> Lenovo ideapad flex 5-1570 firmware 
HP -> V310-14isk firmware 
HP -> Yoga 720-13ikbr firmware 
HP -> 320-15ikbrn firmware 
HP -> E43-80 kbl firmware 
HP -> Lenovo ideapad y520-15ikbn firmware 
HP -> V310-15ikb firmware 
HP -> Yoga 720-15ikb firmware 
HP -> 320-15ikbrn touch firmware 
HP -> E52-80 firmware 
HP -> Lenovo tianyi 310-14ikb firmware 
HP -> V310-15isk firmware 
HP -> Zhaoyang k42-80 firmware 
HP -> 320s-15ikb firmware 
HP -> Flex 4-1470 firmware 
HP -> Lenovo tianyi 310-15ikb firmware 
HP -> V330-14ikb firmware 
HP -> 320s-15isk firmware 
HP -> Flex 5-1470 firmware 
HP -> Lenovo v720-14 firmware 
HP -> V330-14isk firmware 
HP -> 510s-14isk firmware 
HP -> Flex 5-1570 firmware 
HP -> Lenovo y520-15ikba firmware 
HP -> V510-14ikb firmware 
HP -> 520-15ikbrn firmware 
HP -> Ideapad 2in1 14 firmware 
HP -> Lenovo y520-15ikbm firmware 
HP -> V510-15ikb firmware 
HP -> 520s-14ikb firmware 
HP -> Lenovo ideapad 320-14ikb(i+a) firmware 
HP -> Lenovo y720-15ikb firmware 
HP -> Xiaoxinair13ikbpro firmware 
HP -> 7000-15 u42 firmware 
HP -> Lenovo ideapad 320-14ikb(i+n) firmware 
HP -> Lenovo yoga 520-14ikb firmware 
HP -> Xx chao5000-ikbra firmware 
HP -> 7000 u42 firmware 
HP -> Lenovo ideapad 320-15abr firmware 
HP -> Lenovo yoga 520-15ikb firmware 
HP -> Nano110-14ikb firmware 
HP -> Y520-15ikba firmware 
HP -> 710s plus-13ikb 16g firmware 
HP -> Lenovo ideapad 320-15ikb(i+n) firmware 

 References:
https://support.lenovo.com/us/en/solutions/LEN-20184

Copyright 2021, cxsecurity.com

 

Back to Top