Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for some Lenovo ThinkPads by Lenovo Group Ltd.

    CVE-2018-9062 (GCVE-0-2018-9062)

    Vulnerability from nvd – Published: 2018-07-19 19:00 – Updated: 2024-08-05 07:10
    VLAI
    Title
    BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
    Summary
    In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    References
    Impacted products
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:47.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105387"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "some Lenovo ThinkPads",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T09:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "name": "105387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105387"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-20527",
            "discovery": "EXTERNAL"
          },
          "title": "BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9062",
              "STATE": "PUBLIC",
              "TITLE": "BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "some Lenovo ThinkPads",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105387"
                },
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-20527",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-20527",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9062",
        "datePublished": "2018-07-19T19:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:47.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9062 (GCVE-0-2018-9062)

    Vulnerability from cvelistv5 – Published: 2018-07-19 19:00 – Updated: 2024-08-05 07:10
    VLAI
    Title
    BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
    Summary
    In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • Elevation of privilege
    Assigner
    References
    Impacted products
    Date Public
    2018-09-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:47.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105387"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "some Lenovo ThinkPads",
              "vendor": "Lenovo Group Ltd.",
              "versions": [
                {
                  "status": "affected",
                  "version": "various"
                }
              ]
            }
          ],
          "datePublic": "2018-09-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-09-26T09:57:01.000Z",
            "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
            "shortName": "lenovo"
          },
          "references": [
            {
              "name": "105387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105387"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
            }
          ],
          "source": {
            "advisory": "https://support.lenovo.com/us/en/solutions/LEN-20527",
            "discovery": "EXTERNAL"
          },
          "title": "BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@lenovo.com",
              "ID": "CVE-2018-9062",
              "STATE": "PUBLIC",
              "TITLE": "BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "some Lenovo ThinkPads",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "various"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Lenovo Group Ltd."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105387"
                },
                {
                  "name": "https://support.lenovo.com/us/en/solutions/LEN-20527",
                  "refsource": "CONFIRM",
                  "url": "https://support.lenovo.com/us/en/solutions/LEN-20527"
                }
              ]
            },
            "source": {
              "advisory": "https://support.lenovo.com/us/en/solutions/LEN-20527",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
        "assignerShortName": "lenovo",
        "cveId": "CVE-2018-9062",
        "datePublished": "2018-07-19T19:00:00.000Z",
        "dateReserved": "2018-03-27T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:47.415Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }