CVE-2018-9062

moderate-risk
Published 2018-07-19

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Do I need to act?

-
0.15% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10 Medium
PHYSICAL / LOW complexity

Affected Products (20)

E42-80 Firmware
E42-80 Isk Firmware
E52-80 Firmware
E52-80 Isk Firmware
Miix 720-12Ikb Firmware
V310-14Ikb Firmware
V310-14Isk Firmware
V310-15Ikb Firmware
V310-15Isk Firmware
V510-14Ikb Firmware
V510-15Ikb Firmware
Thinkpad L380 Firmware
Thinkpad E480 Firmware
Thinkpad E580 Firmware
Thinkpad L480 Firmware
Thinkpad L580 Firmware
Thinkpad P51 Firmware
Thinkpad P51S Firmware
Thinkpad P52 Firmware
Thinkpad P52S Firmware

Affected Vendors

Lenovo

References (4)

Third Party Advisory http://www.securityfocus.com/bid/105387
Patch https://support.lenovo.com/us/en/solutions/LEN-20527
Third Party Advisory http://www.securityfocus.com/bid/105387
Patch https://support.lenovo.com/us/en/solutions/LEN-20527
47
/ 100
moderate-risk
Severity 22/34 · High
Exploitability 1/34 · Minimal
Exposure 24/34 · High