CVE-2018-9062

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Published: Jul 19, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-9062
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
lenovo / e42-80_firmware	-	2wcn40ww
lenovo / e42-80_isk_firmware	-	0zcn48ww
lenovo / e52-80_firmware	-	2wcn40ww
lenovo / e52-80_isk_firmware	-	0zcn48ww
lenovo / miix_720-12ikb_firmware	-	3scn68ww
lenovo / v310-14ikb_firmware	-	2wcn40ww
lenovo / v310-14isk_firmware	-	0zcn48ww
lenovo / v310-15ikb_firmware	-	2wcn40ww
lenovo / v310-15isk_firmware	-	0zcn48ww
lenovo / v510-14ikb_firmware	-	2wcn40ww
lenovo / v510-15ikb_firmware	-	2wcn40ww
lenovo / thinkpad_l380_firmware	-	r0ret28w
lenovo / thinkpad_e480_firmware	-	r0pet47w
lenovo / thinkpad_e580_firmware	-	r0pet47w
lenovo / thinkpad_l480_firmware	-	r0qet47w
lenovo / thinkpad_l580_firmware	-	r0qet47w
lenovo / thinkpad_p51_firmware	-	n1uet71w
lenovo / thinkpad_p51s_firmware	-	n1vet45w
lenovo / thinkpad_p52_firmware	-	n2cet28w
lenovo / thinkpad_p52s_firmware	-	n27et27w
lenovo / thinkpad_p71_firmware	-	n1tet50w
lenovo / thinkpad_p72_firmware	-	n2cet28w
lenovo / thinkpad_t25_firmware	-	n1qet77w
lenovo / thinkpad_t470_firmware	-	n1qet77w
lenovo / thinkpad_t470p_firmware	-	r0fet44w
lenovo / thinkpad_t470s_firmware	-	n1wet49w
lenovo / thinkpad_t480_firmware	-	n24et41w
lenovo / thinkpad_t480s_firmware	-	n22et48w
lenovo / thinkpad_t570_firmware	-	n1vet45w
lenovo / thinkpad_t580_firmware	-	n27et27w
lenovo / thinkpad_x380_yoga_firmware	-	r0set29w
lenovo / thinkpad_yoga_11e_firmware	-	r0vet23w
lenovo / thinkpad_yoga_370_firmware	-	r0het48w
lenovo / thinkpad_s1_firmware	-	r0het48w
lenovo / thinkpad_x1_carbon_firmware	-	n1met49w
lenovo / thinkpad_x1_carbon_firmware	-	n23et52w
lenovo / thinkpad_x1_tablet_firmware	-	n1oet45w
lenovo / thinkpad_x1_tablet_firmware	-	n1zet69w
lenovo / thinkpad_x1_yoga_firmware	-	n1net42w
lenovo / thinkpad_x1_yoga_firmware	-	n25et38w
lenovo / thinkpad_x270_firmware	-	r0iet53w
lenovo / thinkpad_x280_firmware	-	n20et33w

Vulnerability Database

CVE-2018-9062

Deep Security Visibility Without the Complexity