CVE-2018-9069

CVSS V2 High 7 CVSS V3 Medium 5.9
Description
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
Overview
  • CVE ID
  • CVE-2018-9069
  • Assigner
  • psirt@lenovo.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-10-02T13:29:00
  • Last Modified Date
  • 2020-02-18T20:54:46
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:hp:310s-14isk_firmware:*:*:*:*:*:*:*:* 1 OR 1.15
cpe:2.3:h:hp:310s-14isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:320-15ikbra_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn24ww
cpe:2.3:h:hp:320-15ikbra:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:320-15ikbrn_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn24ww
cpe:2.3:h:hp:320-15ikbrn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:320-15ikbrn_touch_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn24ww
cpe:2.3:h:hp:320-15ikbrn_touch:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:h:hp:320-17ikbrn:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:320-17ikbrn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:h:hp:320s-14ikb:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:320s-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:320s-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:320s-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:320s-15isk_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:320s-15isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:510s-14isk_firmware:*:*:*:*:*:*:*:* 1 OR 1.15
cpe:2.3:h:hp:510s-14isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:520-15ikbrn_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:520-15ikbrn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:520s-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:520s-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:710s_plus-13ikb_16g_firmware:*:*:*:*:*:*:*:* 1 OR 2.55
cpe:2.3:h:hp:710s_plus-13ikb_16g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:710s_plus-3ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.55
cpe:2.3:h:hp:710s_plus-3ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:xiaoxinair13ikbpro_firmware:*:*:*:*:*:*:*:* 1 OR 2.55
cpe:2.3:h:hp:xiaoxinair13ikbpro:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:710s_plus_touch-13ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.55
cpe:2.3:h:hp:710s_plus_touch-13ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:720s-13ikb_firmware:*:*:*:*:*:*:*:* 1 OR 5scn38ww
cpe:2.3:h:hp:720s-13ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:b320-14ikb_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:b320-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:e42-80_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:e42-80:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:e52-80_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:e52-80:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:flex_4-1470_firmware:*:*:*:*:*:*:*:* 1 OR 1.15
cpe:2.3:h:hp:flex_4-1470:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:flex_5-1470_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:flex_5-1470:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:flex_5-1570_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:flex_5-1570:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:ideapad_2in1_14_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:ideapad_2in1_14:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+a\)_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+a\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320-14ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320-14ikb\(i\+n\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320-15abr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320-15abr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320-15ikb\(i\+n\)_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320-15ikb\(i\+n\):-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320s-14ikbr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320s-14ikbr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_320s-15ikbr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_320s-15ikbr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_520s-14ikbr_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_520s-14ikbr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_720s-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_720s-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_flex_5-1470_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_flex_5-1470:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_flex_5-1570_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:lenovo_ideapad_flex_5-1570:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_ideapad_y520-15ikbn_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_ideapad_y520-15ikbn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_tianyi_310-14ikb_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_tianyi_310-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_tianyi_310-15ikb_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:lenovo_tianyi_310-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_y520-15ikba_firmware:*:*:*:*:*:*:*:* 1 OR 5jcn25ww
cpe:2.3:h:hp:lenovo_y520-15ikba:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_y520-15ikbm_firmware:*:*:*:*:*:*:*:* 1 OR 5jcn25ww
cpe:2.3:h:hp:lenovo_y520-15ikbm:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_yoga_520-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:lenovo_yoga_520-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_yoga_520-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 6jcn26ww
cpe:2.3:h:hp:lenovo_yoga_520-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:h:hp:miix_720-12ikb:*:*:*:*:*:*:*:* 1 OR 3scn66ww
cpe:2.3:h:hp:miix_720-12ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:nano110-14ikb_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:hp:nano110-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:nano110-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 5xcn24ww
cpe:2.3:h:hp:nano110-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:rescuer_r720-15ikbm_firmware:*:*:*:*:*:*:*:* 1 OR 5xcn24ww
cpe:2.3:h:hp:rescuer_r720-15ikbm:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:rescuer_y520-15ikbm_firmware:*:*:*:*:*:*:*:* 1 OR 5xcn24ww
cpe:2.3:h:hp:rescuer_y520-15ikbm:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v310-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:v310-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v310-14isk_firmware:*:*:*:*:*:*:*:* 1 OR 4.07
cpe:2.3:h:hp:v310-14isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v310-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:v310-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v310-15isk_firmware:*:*:*:*:*:*:*:* 1 OR 0zcn47ww
cpe:2.3:h:hp:v310-15isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:v330-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 4.07
cpe:2.3:h:hp:v330-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:v330-14isk_firmware:*:*:*:*:*:*:*:* 1 OR 4.07
cpe:2.3:h:hp:v330-14isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v510-14ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:v510-14ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:lenovo:v510-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2wcn38ww
cpe:2.3:h:hp:v510-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:yoga_310-11iap_firmware:*:*:*:*:*:*:*:* 1 OR 6.7
cpe:2.3:h:hp:yoga_310-11iap:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:yoga_510-14isk_firmware:*:*:*:*:*:*:*:* 1 OR 1.15
cpe:2.3:h:hp:yoga_510-14isk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:yoga_720-13ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.05
cpe:2.3:h:hp:yoga_720-13ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:yoga_720-13ikbr_firmware:*:*:*:*:*:*:*:* 1 OR 2.07
cpe:2.3:h:hp:yoga_720-13ikbr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:yoga_720-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 2.05
cpe:2.3:h:hp:yoga_720-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_v720-14_firmware:*:*:*:*:*:*:*:* 1 OR 2.12
cpe:2.3:h:hp:lenovo_v720-14:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:7000_u42_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:7000_u42:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:7000-15_u42_firmware:*:*:*:*:*:*:*:* 1 OR 2.09
cpe:2.3:h:hp:7000-15_u42:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:r720-15ikba_firmware:*:*:*:*:*:*:*:* 1 OR 5jcn25ww
cpe:2.3:h:hp:r720-15ikba:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:y520-15ikba_firmware:*:*:*:*:*:*:*:* 1 OR 5jcn25ww
cpe:2.3:h:hp:y520-15ikba:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:r720-15ikbn_firmware:*:*:*:*:*:*:*:* 1 OR 4gcn38ww
cpe:2.3:h:hp:r720-15ikbn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:y520-15ikbn_firmware:*:*:*:*:*:*:*:* 1 OR 4gcn38ww
cpe:2.3:h:hp:y520-15ikbn:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:y720-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 4gcn38ww
cpe:2.3:h:hp:y720-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:lenovo_y720-15ikb_firmware:*:*:*:*:*:*:*:* 1 OR 4gcn38ww
cpe:2.3:h:hp:lenovo_y720-15ikb:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:hp:e43-80_kbl_firmware:*:*:*:*:*:*:*:* 1 OR 4.07
cpe:2.3:h:hp:e43-80_kbl:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7
  • Severity
  • HIGH
  • Exploitability Score
  • 6.8
  • Impact Score
  • 7.8
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • HIGH
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 5.9
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 0.7
  • Impact Score
  • 5.2
References
Reference URL Reference Tags
https://support.lenovo.com/us/en/solutions/LEN-20184 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2018-9069
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9069
History
Created Old Value New Value Data Type Notes
2022-05-10 16:49:30 Added to TrackCVE
2022-12-03 12:44:40 2018-10-02T13:29Z 2018-10-02T13:29:00 CVE Published Date updated
2022-12-03 12:44:40 2020-02-18T20:54:46 CVE Modified Date updated
2022-12-03 12:44:40 Analyzed Vulnerability Status updated