CVE-2018-9062

Home/CVE/In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrar

CVE

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrar

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

MEDIUM · CVSS 6.8 EPSS 0.00147

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

▤

Affected Products & Versions

lenovo e42-80 firmware< 2wcn40ww
lenovo e42-80 isk firmware< 0zcn48ww
lenovo e52-80 firmware< 2wcn40ww
lenovo e52-80 isk firmware< 0zcn48ww
lenovo miix 720-12ikb firmware< 3scn68ww
lenovo v310-14ikb firmware< 2wcn40ww
lenovo v310-14isk firmware< 0zcn48ww
lenovo v310-15ikb firmware< 2wcn40ww
Show all 42 affected productslenovo v310-15isk firmware< 0zcn48ww
lenovo v510-14ikb firmware< 2wcn40ww
lenovo v510-15ikb firmware< 2wcn40ww
lenovo thinkpad l380 firmware< r0ret28w
lenovo thinkpad e480 firmware< r0pet47w
lenovo thinkpad e580 firmware< r0pet47w
lenovo thinkpad l480 firmware< r0qet47w
lenovo thinkpad l580 firmware< r0qet47w
lenovo thinkpad p51 firmware< n1uet71w
lenovo thinkpad p51s firmware< n1vet45w
lenovo thinkpad p52 firmware< n2cet28w
lenovo thinkpad p52s firmware< n27et27w
lenovo thinkpad p71 firmware< n1tet50w
lenovo thinkpad p72 firmware< n2cet28w
lenovo thinkpad t25 firmware< n1qet77w
lenovo thinkpad t470 firmware< n1qet77w
lenovo thinkpad t470p firmware< r0fet44w
lenovo thinkpad t470s firmware< n1wet49w
lenovo thinkpad t480 firmware< n24et41w
lenovo thinkpad t480s firmware< n22et48w
lenovo thinkpad t570 firmware< n1vet45w
lenovo thinkpad t580 firmware< n27et27w
lenovo thinkpad x380 yoga firmware< r0set29w
lenovo thinkpad yoga 11e firmware< r0vet23w
lenovo thinkpad yoga 370 firmware< r0het48w
lenovo thinkpad s1 firmware< r0het48w
lenovo thinkpad x1 carbon firmware< n1met49w
lenovo thinkpad x1 carbon firmware< n23et52w
lenovo thinkpad x1 tablet firmware< n1oet45w
lenovo thinkpad x1 tablet firmware< n1zet69w
lenovo thinkpad x1 yoga firmware< n1net42w
lenovo thinkpad x1 yoga firmware< n25et38w
lenovo thinkpad x270 firmware< r0iet53w
lenovo thinkpad x280 firmware< n20et33w

▣

Scoring & Timeline

6.8

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD19 Jul 2018 · 07:29 PM

CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://www.securityfocus.com/bid/105387Third Party AdvisoryVDB Entry

https://support.lenovo.com/us/en/solutions/LEN-20527PatchVendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin