CVE-2018-9069 Details

CVE-2018-9069

Published: 2018-10-02
Last Modified: 2020-02-18
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

Analysis
Common Vulnerability Score System v2.0
Severity High
Base Score 7/10
Exploit Score 6.8/10
Access Vector Network
Access Complexity Medium
Authentication Single
Impact Score 7.8/10
Confidentiality Impact None
Availability Impact Complete
Integrity Impact Partial
Vector String AV:N/AC:M/Au:S/C:N/I:P/A:C
Common Vulnerability Score System v3.1
Severity Medium
Base Score 5.9/10
Exploit Score 0.7/10
Access Vector Network
Access Complexity High
Privileges Required High
Impact Score 5.2/10
Confidentiality Impact None
Availability Impact High
Integrity Impact High
Scope Unchanged
User Interaction None
Vector String CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:hp:310s-14isk_firmware:*:*:*:*:*:*:*:* Yes - 1.15
cpe:2.3:h:hp:310s-14isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:320-15ikbra_firmware:*:*:*:*:*:*:*:* Yes - 6jcn24ww
cpe:2.3:h:hp:320-15ikbra:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:320-15ikbrn_firmware:*:*:*:*:*:*:*:* Yes - 6jcn24ww
cpe:2.3:h:hp:320-15ikbrn:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:320-15ikbrn_touch_firmware:*:*:*:*:*:*:*:* Yes - 6jcn24ww
cpe:2.3:h:hp:320-15ikbrn_touch:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:320-17ikbrn:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:320-17ikbrn:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:320s-14ikb:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:320s-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:320s-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:320s-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:320s-15isk_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:320s-15isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:510s-14isk_firmware:*:*:*:*:*:*:*:* Yes - 1.15
cpe:2.3:h:hp:510s-14isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:520-15ikbrn_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:520-15ikbrn:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:520s-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:520s-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:710s_plus-13ikb_16g_firmware:*:*:*:*:*:*:*:* Yes - 2.55
cpe:2.3:h:hp:710s_plus-13ikb_16g:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:710s_plus-3ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.55
cpe:2.3:h:hp:710s_plus-3ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:xiaoxinair13ikbpro_firmware:*:*:*:*:*:*:*:* Yes - 2.55
cpe:2.3:h:hp:xiaoxinair13ikbpro:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:710s_plus_touch-13ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.55
cpe:2.3:h:hp:710s_plus_touch-13ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:720s-13ikb_firmware:*:*:*:*:*:*:*:* Yes - 5scn38ww
cpe:2.3:h:hp:720s-13ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:b320-14ikb_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:b320-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:e42-80_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:e42-80:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:e52-80_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:e52-80:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:flex_4-1470_firmware:*:*:*:*:*:*:*:* Yes - 1.15
cpe:2.3:h:hp:flex_4-1470:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:flex_5-1470_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:flex_5-1470:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:flex_5-1570_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:flex_5-1570:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:ideapad_2in1_14_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:ideapad_2in1_14:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+a\)_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+a\):-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+n\):-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320-15abr_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320-15abr:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320-15ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320-15ikb\(i\+n\):-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320s-14ikbr_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320s-14ikbr:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_320s-15ikbr_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_320s-15ikbr:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_520s-14ikbr_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_520s-14ikbr:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_720s-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_720s-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_flex_5-1470_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_flex_5-1470:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_flex_5-1570_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_flex_5-1570:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_ideapad_y520-15ikbn_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_ideapad_y520-15ikbn:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_tianyi_310-14ikb_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_tianyi_310-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_tianyi_310-15ikb_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:lenovo_tianyi_310-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_y520-15ikba_firmware:*:*:*:*:*:*:*:* Yes - 5jcn25ww
cpe:2.3:h:hp:lenovo_y520-15ikba:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_y520-15ikbm_firmware:*:*:*:*:*:*:*:* Yes - 5jcn25ww
cpe:2.3:h:hp:lenovo_y520-15ikbm:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_yoga_520-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:lenovo_yoga_520-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_yoga_520-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 6jcn26ww
cpe:2.3:h:hp:lenovo_yoga_520-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:h:hp:miix_720-12ikb:*:*:*:*:*:*:*:* Yes - 3scn66ww
cpe:2.3:h:hp:miix_720-12ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:nano110-14ikb_firmware:-:*:*:*:*:*:*:* Yes - -
cpe:2.3:h:hp:nano110-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:nano110-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 5xcn24ww
cpe:2.3:h:hp:nano110-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:rescuer_r720-15ikbm_firmware:*:*:*:*:*:*:*:* Yes - 5xcn24ww
cpe:2.3:h:hp:rescuer_r720-15ikbm:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:rescuer_y520-15ikbm_firmware:*:*:*:*:*:*:*:* Yes - 5xcn24ww
cpe:2.3:h:hp:rescuer_y520-15ikbm:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v310-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:v310-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v310-14isk_firmware:*:*:*:*:*:*:*:* Yes - 4.07
cpe:2.3:h:hp:v310-14isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v310-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:v310-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v310-15isk_firmware:*:*:*:*:*:*:*:* Yes - 0zcn47ww
cpe:2.3:h:hp:v310-15isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:v330-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 4.07
cpe:2.3:h:hp:v330-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:v330-14isk_firmware:*:*:*:*:*:*:*:* Yes - 4.07
cpe:2.3:h:hp:v330-14isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v510-14ikb_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:v510-14ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:lenovo:v510-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 2wcn38ww
cpe:2.3:h:hp:v510-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:yoga_310-11iap_firmware:*:*:*:*:*:*:*:* Yes - 6.7
cpe:2.3:h:hp:yoga_310-11iap:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:yoga_510-14isk_firmware:*:*:*:*:*:*:*:* Yes - 1.15
cpe:2.3:h:hp:yoga_510-14isk:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:yoga_720-13ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.05
cpe:2.3:h:hp:yoga_720-13ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:yoga_720-13ikbr_firmware:*:*:*:*:*:*:*:* Yes - 2.07
cpe:2.3:h:hp:yoga_720-13ikbr:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:yoga_720-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 2.05
cpe:2.3:h:hp:yoga_720-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_v720-14_firmware:*:*:*:*:*:*:*:* Yes - 2.12
cpe:2.3:h:hp:lenovo_v720-14:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:7000_u42_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:7000_u42:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:7000-15_u42_firmware:*:*:*:*:*:*:*:* Yes - 2.09
cpe:2.3:h:hp:7000-15_u42:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:r720-15ikba_firmware:*:*:*:*:*:*:*:* Yes - 5jcn25ww
cpe:2.3:h:hp:r720-15ikba:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:y520-15ikba_firmware:*:*:*:*:*:*:*:* Yes - 5jcn25ww
cpe:2.3:h:hp:y520-15ikba:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:r720-15ikbn_firmware:*:*:*:*:*:*:*:* Yes - 4gcn38ww
cpe:2.3:h:hp:r720-15ikbn:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:y520-15ikbn_firmware:*:*:*:*:*:*:*:* Yes - 4gcn38ww
cpe:2.3:h:hp:y520-15ikbn:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:y720-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 4gcn38ww
cpe:2.3:h:hp:y720-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:lenovo_y720-15ikb_firmware:*:*:*:*:*:*:*:* Yes - 4gcn38ww
cpe:2.3:h:hp:lenovo_y720-15ikb:-:*:*:*:*:*:*:* No - -
cpe:2.3:o:hp:e43-80_kbl_firmware:*:*:*:*:*:*:*:* Yes - 4.07
cpe:2.3:h:hp:e43-80_kbl:-:*:*:*:*:*:*:* No - -
References

https://support.lenovo.com/us/en/solutions/LEN-20184

CVE ID
CVE-2018-9069
Published
2018-10-02
Modified
2020-02-18
CVSSv2.0
High
CVSSv3.1
Medium
PCI Compliance
Fail
US-CERT Alert
No
CWE
CWE-362

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.