E42 80 Firmware
CVE-2018-9062
MEDIUM
Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
AnalysisAI
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-74. In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. Affected products include: Lenovo E42-80 Firmware, Lenovo E42-80 Isk Firmware, Lenovo E52-80 Firmware, Lenovo E52-80 Isk Firmware, Lenovo Miix 720-12Ikb Firmware.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in E42 80 Firmware
View allThe BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p,
A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStatio
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkSt
A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficie
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in ru
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adeq
Share
External POC / Exploit Code
Leaving vuln.today