Sign-up

ID

VAR-201807-1678


CVE

CVE-2018-9062


TITLE

plural  Lenovo  Product Injection Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-016727

DESCRIPTION

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. E42-80 firmware, e42-80 isk firmware, e52-80 firmware etc. Lenovo The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Bootgaurd is prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

Trust: 1.89

sources: NVD: CVE-2018-9062 // JVNDB: JVNDB-2018-016727 // BID: 105387

AFFECTED PRODUCTS

vendor:lenovomodel:thinkpad l580scope:ltversion:r0qet47w

Trust: 1.0

vendor:lenovomodel:thinkpad x380 yogascope:ltversion:r0set29w

Trust: 1.0

vendor:lenovomodel:thinkpad p71scope:ltversion:n1tet50w

Trust: 1.0

vendor:lenovomodel:thinkpad t580scope:ltversion:n27et27w

Trust: 1.0

vendor:lenovomodel:thinkpad x1 yogascope:ltversion:n1net42w

Trust: 1.0

vendor:lenovomodel:e52-80scope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:thinkpad x1 tabletscope:ltversion:n1oet45w

Trust: 1.0

vendor:lenovomodel:thinkpad x280scope:ltversion:n20et33w

Trust: 1.0

vendor:lenovomodel:thinkpad s1scope:ltversion:r0het48w

Trust: 1.0

vendor:lenovomodel:thinkpad t470pscope:ltversion:r0fet44w

Trust: 1.0

vendor:lenovomodel:thinkpad p51sscope:ltversion:n1vet45w

Trust: 1.0

vendor:lenovomodel:miix 720-12ikbscope:ltversion:3scn68ww

Trust: 1.0

vendor:lenovomodel:thinkpad yoga 370scope:ltversion:r0het48w

Trust: 1.0

vendor:lenovomodel:thinkpad x1 carbonscope:ltversion:n1met49w

Trust: 1.0

vendor:lenovomodel:thinkpad x270scope:ltversion:r0iet53w

Trust: 1.0

vendor:lenovomodel:thinkpad t470scope:ltversion:n1qet77w

Trust: 1.0

vendor:lenovomodel:v310-14iskscope:ltversion:0zcn48ww

Trust: 1.0

vendor:lenovomodel:thinkpad x1 tabletscope:ltversion:n1zet69w

Trust: 1.0

vendor:lenovomodel:v310-15iskscope:ltversion:0zcn48ww

Trust: 1.0

vendor:lenovomodel:thinkpad l480scope:ltversion:r0qet47w

Trust: 1.0

vendor:lenovomodel:thinkpad e480scope:ltversion:r0pet47w

Trust: 1.0

vendor:lenovomodel:v510-14ikbscope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:thinkpad x1 yogascope:ltversion:n25et38w

Trust: 1.0

vendor:lenovomodel:v310-15ikbscope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:v310-14ikbscope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:thinkpad p52sscope:ltversion:n27et27w

Trust: 1.0

vendor:lenovomodel:thinkpad e580scope:ltversion:r0pet47w

Trust: 1.0

vendor:lenovomodel:thinkpad p72scope:ltversion:n2cet28w

Trust: 1.0

vendor:lenovomodel:e42-80 iskscope:ltversion:0zcn48ww

Trust: 1.0

vendor:lenovomodel:v510-15ikbscope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:e52-80 iskscope:ltversion:0zcn48ww

Trust: 1.0

vendor:lenovomodel:thinkpad yoga 11escope:ltversion:r0vet23w

Trust: 1.0

vendor:lenovomodel:thinkpad t25scope:ltversion:n1qet77w

Trust: 1.0

vendor:lenovomodel:thinkpad t570scope:ltversion:n1vet45w

Trust: 1.0

vendor:lenovomodel:thinkpad t470sscope:ltversion:n1wet49w

Trust: 1.0

vendor:lenovomodel:thinkpad p52scope:ltversion:n2cet28w

Trust: 1.0

vendor:lenovomodel:thinkpad t480scope:ltversion:n24et41w

Trust: 1.0

vendor:lenovomodel:thinkpad x1 carbonscope:ltversion:n23et52w

Trust: 1.0

vendor:lenovomodel:e42-80scope:ltversion:2wcn40ww

Trust: 1.0

vendor:lenovomodel:thinkpad t480sscope:ltversion:n22et48w

Trust: 1.0

vendor:lenovomodel:thinkpad l380scope:ltversion:r0ret28w

Trust: 1.0

vendor:lenovomodel:thinkpad p51scope:ltversion:n1uet71w

Trust: 1.0

vendor:lenovomodel:v310-14iskscope: - version: -

Trust: 0.8

vendor:lenovomodel:v310-15iskscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad p51sscope: - version: -

Trust: 0.8

vendor:lenovomodel:e42-80scope: - version: -

Trust: 0.8

vendor:lenovomodel:v310-15ikbscope: - version: -

Trust: 0.8

vendor:lenovomodel:v510-14ikbscope: - version: -

Trust: 0.8

vendor:lenovomodel:miix 720-12ikbscope: - version: -

Trust: 0.8

vendor:lenovomodel:v310-14ikbscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad l580scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad l380scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad e580scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad p51scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad e480scope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad p52scope: - version: -

Trust: 0.8

vendor:lenovomodel:v510-15ikbscope: - version: -

Trust: 0.8

vendor:lenovomodel:e52-80scope: - version: -

Trust: 0.8

vendor:lenovomodel:e42-80 iskscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad l480scope: - version: -

Trust: 0.8

vendor:lenovomodel:e52-80 iskscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad p52sscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpadscope:eqversion:0

Trust: 0.3

vendor:intelmodel:8th generation core processorsscope:eqversion:0

Trust: 0.3

vendor:intelmodel:7th generation core processorsscope:eqversion:0

Trust: 0.3

vendor:intelmodel:6th generation core processorsscope:eqversion:0

Trust: 0.3

vendor:intelmodel:5th generation core processorsscope:eqversion:0

Trust: 0.3

vendor:intelmodel:4th generation core processorsscope:eqversion:0

Trust: 0.3

sources: BID: 105387 // JVNDB: JVNDB-2018-016727 // NVD: CVE-2018-9062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9062
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-9062
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-1172
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-9062
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-9062
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-9062
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-016727 // CNNVD: CNNVD-201809-1172 // NVD: CVE-2018-9062

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.0

problemtype:injection (CWE-74) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2018-016727 // NVD: CVE-2018-9062

THREAT TYPE

local

Trust: 0.3

sources: BID: 105387

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-1172

PATCH

title:Multiple Lenovo Thinkpad Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85206

Trust: 0.6

sources: CNNVD: CNNVD-201809-1172

EXTERNAL IDS

db:NVDid:CVE-2018-9062

Trust: 3.5

db:LENOVOid:LEN-20527

Trust: 2.7

db:BIDid:105387

Trust: 2.7

db:JVNDBid:JVNDB-2018-016727

Trust: 0.8

db:CNNVDid:CNNVD-201809-1172

Trust: 0.6

sources: BID: 105387 // JVNDB: JVNDB-2018-016727 // CNNVD: CNNVD-201809-1172 // NVD: CVE-2018-9062

REFERENCES

url:https://support.lenovo.com/us/en/solutions/len-20527

Trust: 2.7

url:http://www.securityfocus.com/bid/105387

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2018-9062

Trust: 0.8

url:http://www.intel.com/

Trust: 0.3

url:https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html

Trust: 0.3

sources: BID: 105387 // JVNDB: JVNDB-2018-016727 // CNNVD: CNNVD-201809-1172 // NVD: CVE-2018-9062

CREDITS

Trammell Hudson

Trust: 0.3

sources: BID: 105387

SOURCES

db:BIDid:105387
db:JVNDBid:JVNDB-2018-016727
db:CNNVDid:CNNVD-201809-1172
db:NVDid:CVE-2018-9062

LAST UPDATE DATE

2024-11-23T22:34:09.340000+00:00


SOURCES UPDATE DATE

db:BIDid:105387date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-016727date:2024-07-24T06:46:00
db:CNNVDid:CNNVD-201809-1172date:2019-10-17T00:00:00
db:NVDid:CVE-2018-9062date:2024-11-21T04:14:53.653

SOURCES RELEASE DATE

db:BIDid:105387date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-016727date:2024-07-24T00:00:00
db:CNNVDid:CNNVD-201809-1172date:2018-09-27T00:00:00
db:NVDid:CVE-2018-9062date:2018-07-19T19:29:00.607