Vulnerability CVE-2019-6156


Published: 2019-04-10

Description:
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected.

Type:

CWE-254

(Security Features)

Vendor: Lenovo
Product: Thinkcentre m720t firmware 
Version: m1ukt33a;
Product: Aio520-24ikl firmware 
Product: Thinkcentre e74s firmware 
Product: Thinkcentre m9550z firmware 
Product: Yangtian mf/wf h81 pci firmware 
Product: 510-15ikl firmware 
Product: Thinkcenter m800z firmware 
Product: Thinkcentre m83z (aio) firmware 
Product: Yangtian mc h110 firmware 
Product: Qt a7400 firmware 
Product: Thinkcentre m810z firmware 
Product: Thinkstation s30 refresh firmware 
Product: Qitian b4550 firmware 
Product: Thinkcentre m7300z firmware 
Product: Thinkstation p710 firmware 
Product: Lenovo 63 firmware 
Product: Thinkcentre m700z firmware 
Product: Thinkstation p500 firmware 
Product: Ideacentre 510s-08ish firmware 
Product: Thinkcentre m4500t firmware 
Product: Thinkcentre x1 aio firmware 
Product: Aio520-27ikl firmware 
Product: Thinkcentre e75s firmware 
Product: Yangtian tc/wc h110 pci firmware 
Product: 530s-07icb firmware 
Product: Thinkcentre e73 (twr) firmware 
Product: Thinkcentre m910z firmware 
Product: Yangtian mc h81 firmware 
Product: Qt m410 firmware 
Product: Thinkcentre m820z firmware 
Product: V520t-15ikl firmware 
Product: Qitian m4550 firmware 
Product: Thinkcentre m73 (twr) firmware 
Product: Thinkstation p900 firmware 
Product: M4500 id firmware 
Product: Thinkcentre m710s firmware 
Product: Thinkstation p520 firmware 
Product: Legion y520t z370 firmware 
Product: Thinkcentre m4600t firmware 
Product: Thinkstation d30 refresh firmware 
Product: H50-30g desktop firmware 
Product: Thinkcentre m4500k firmware 
Product: Yangtian ytm6900e-00 firmware 
Product: Aio520-22iku firmware 
Product: Thinkcentre e74 firmware 
Product: Thinkcentre m9500z firmware 
Product: Yangtian mf/wf h110 pci firmware 
Product: Thinkcenter m700z firmware 
Product: Thinkcentre m8350z firmware 
Product: Yangtian afh81 firmware 
Product: Qitian m4650 firmware 
Product: Thinkcentre m800z firmware 
Product: Thinkstation p920 firmware 
Product: Qitian 4500 firmware 
Product: Thinkstation p700 firmware 
Product: Legion y920 tower firmware 
Product: Thinkcentre m700t firmware 
Product: Thinkstation p410 firmware 
Product: Ideacentre 300s-11ish firmware 
Product: Thinkcentre m4500s firmware 
Product: Aio520-24iku firmware 
Product: Thinkcentre e74z firmware 
Product: Thinkcentre s510 firmware 
Product: Yangtian ms/ws h81 firmware 
Product: 510s-08ikl firmware 
Product: Thinkcentre e73 (sff) firmware 
Product: Thinkcentre m900z firmware 
Product: Yangtian mc h110 pci firmware 
Product: Qt b415 firmware 
Product: Thinkcentre m818z firmware 
Product: V520s-08ikl firmware 
Product: Qitian b4650 firmware 
Product: Thinkcentre m73 (sff) firmware 
Product: Thinkstation p720 firmware 
Product: M4500 firmware 
Product: Thinkcentre m710e firmware 
Product: Thinkstation p510 firmware 
Product: Ideacentre 620s-03ikl firmware 
Product: Thinkcentre m4600s firmware 
Product: Thinkstation c30 refresh firmware 
Product: Aio y910-27ish firmware 
Product: Thinkcentre e75t firmware 
Product: Yangtian tc/wcc h81 pci firmware 
Product: Aio520-22ikl firmware 
Product: Thinkcentre e73s firmware 
Product: Thinkcentre m920z firmware 
Product: Yangtian me/we h110 firmware 
Product: Qt m415 firmware 
Product: Thinkcentre m8300z firmware 
Product: Yangtian afh110 firmware 
Product: Qitian m4600 firmware 
Product: Thinkcentre m73 tiny firmware 
Product: Thinkstation p910 firmware 
Product: M4550 id firmware 
Product: Thinkcentre m710t firmware 
Product: Thinkstation p520c firmware 
Product: Legion y720 tower firmware 
Product: Thinkcentre m700s firmware 
Product: Thinkstation p310 firmware 
Product: Ideacentre 300-20ish firmware 

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://support.lenovo.com/solutions/LEN-26332

Related CVE
CVE-2019-6158
An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA version...
CVE-2019-6157
In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support.
CVE-2018-16098
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVE-2018-9085
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services...
CVE-2018-9082
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access ...
CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add ...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attac...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript ha...

Copyright 2019, cxsecurity.com

 

Back to Top