Skip to main content

310S 14Isk Firmware CVE-2018-9069

MEDIUM
Race Condition (CWE-362)
2018-10-02 psirt@lenovo.com
Race Condition Information Disclosure Lenovo 310S 14Isk Firmware 320 15Ikbra Firmware 320 15Ikbrn Firmware 320 15Ikbrn Touch Firmware 320 17Ikbrn 320S 14Ikb 320S 15Ikb Firmware 320S 15Isk Firmware 510S 14Isk Firmware 520 15Ikbrn Firmware 520S 14Ikb Firmware 710S Plus 13Ikb 16G Firmware 710S Plus 3Ikb Firmware Xiaoxinair13Ikbpro Firmware 710S Plus Touch 13Ikb Firmware 720S 13Ikb Firmware B320 14Ikb Firmware E42 80 Firmware E52 80 Firmware Flex 4 1470 Firmware Flex 5 1470 Firmware Flex 5 1570 Firmware Ideapad 2In1 14 Firmware Lenovo Ideapad 320 14Ikb I A Firmware Lenovo Ideapad 320 14Ikb I N Firmware Lenovo Ideapad 320 15Abr Firmware Lenovo Ideapad 320 15Ikb I N Firmware Lenovo Ideapad 320S 14Ikbr Firmware Lenovo Ideapad 320S 15Ikbr Firmware Lenovo Ideapad 520S 14Ikbr Firmware Lenovo Ideapad 720S 14Ikb Firmware Lenovo Ideapad Flex 5 1470 Firmware Lenovo Ideapad Flex 5 1570 Firmware Lenovo Ideapad Y520 15Ikbn Firmware Lenovo Tianyi 310 14Ikb Firmware Lenovo Tianyi 310 15Ikb Firmware Lenovo Y520 15Ikba Firmware Lenovo Y520 15Ikbm Firmware Lenovo Yoga 520 14Ikb Firmware Lenovo Yoga 520 15Ikb Firmware Miix 720 12Ikb Nano110 14Ikb Firmware Nano110 15Ikb Firmware Rescuer R720 15Ikbm Firmware Rescuer Y520 15Ikbm Firmware V310 14Ikb Firmware V310 14Isk Firmware V310 15Ikb Firmware V310 15Isk Firmware V330 14Ikb Firmware V330 14Isk Firmware V510 14Ikb Firmware V510 15Ikb Firmware Yoga 310 11Iap Firmware Yoga 510 14Isk Firmware Yoga 720 13Ikb Firmware Yoga 720 13Ikbr Firmware Yoga 720 15Ikb Firmware Lenovo V720 14 Firmware 7000 U42 Firmware 7000 15 U42 Firmware R720 15Ikba Firmware Y520 15Ikba Firmware R720 15Ikbn Firmware Y520 15Ikbn Firmware Y720 15Ikb Firmware Lenovo Y720 15Ikb Firmware E43 80 Kbl Firmware
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 02, 2018 - 13:29 nvd
MEDIUM 5.9

DescriptionNVD

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

AnalysisAI

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-362. In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS. Affected products include: Hp 310S-14Isk Firmware, Hp 320-15Ikbra Firmware, Hp 320-15Ikbrn Firmware, Hp 320-15Ikbrn Touch Firmware, Hp 320-17Ikbrn.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2018-9069 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy