CVE & CISA-KEV Catalog

CVE-2018-9069

MEDIUM
5.9
CVSS v3
NVD

Description

In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.

How to fix

Remediation Available
310s-14isk firmwareNVD
Affected:< 1.15Fixed in:1.15CVE-2018-9069derived from NVD
320-15ikbra firmwareNVD
Affected:< 6jcn24wwFixed in:6jcn24wwCVE-2018-9069derived from NVD
320-15ikbrn firmwareNVD
Affected:< 6jcn24wwFixed in:6jcn24wwCVE-2018-9069derived from NVD
320-15ikbrn touch firmwareNVD
Affected:< 6jcn24wwFixed in:6jcn24wwCVE-2018-9069derived from NVD
320-17ikbrnNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
320s-14ikbNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
320s-15ikb firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
320s-15isk firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
510s-14isk firmwareNVD
Affected:< 1.15Fixed in:1.15CVE-2018-9069derived from NVD
520-15ikbrn firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
520s-14ikb firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
7000-15 u42 firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
7000 u42 firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
710s plus-13ikb 16g firmwareNVD
Affected:< 2.55Fixed in:2.55CVE-2018-9069derived from NVD
710s plus-3ikb firmwareNVD
Affected:< 2.55Fixed in:2.55CVE-2018-9069derived from NVD
710s plus touch-13ikb firmwareNVD
Affected:< 2.55Fixed in:2.55CVE-2018-9069derived from NVD
720s-13ikb firmwareNVD
Affected:< 5scn38wwFixed in:5scn38wwCVE-2018-9069derived from NVD
e42-80 firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
e43-80 kbl firmwareNVD
Affected:< 4.07Fixed in:4.07CVE-2018-9069derived from NVD
e52-80 firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
flex 4-1470 firmwareNVD
Affected:< 1.15Fixed in:1.15CVE-2018-9069derived from NVD
flex 5-1470 firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
flex 5-1570 firmwareNVD
Affected:< 2.09Fixed in:2.09CVE-2018-9069derived from NVD
lenovo ideapad 720s-14ikb firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
lenovo ideapad flex 5-1470 firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
lenovo ideapad flex 5-1570 firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
lenovo v720-14 firmwareNVD
Affected:< 2.12Fixed in:2.12CVE-2018-9069derived from NVD
lenovo y520-15ikba firmwareNVD
Affected:< 5jcn25wwFixed in:5jcn25wwCVE-2018-9069derived from NVD
lenovo y520-15ikbm firmwareNVD
Affected:< 5jcn25wwFixed in:5jcn25wwCVE-2018-9069derived from NVD
lenovo y720-15ikb firmwareNVD
Affected:< 4gcn38wwFixed in:4gcn38wwCVE-2018-9069derived from NVD
lenovo yoga 520-14ikb firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
lenovo yoga 520-15ikb firmwareNVD
Affected:< 6jcn26wwFixed in:6jcn26wwCVE-2018-9069derived from NVD
miix 720-12ikbNVD
Affected:< 3scn66wwFixed in:3scn66wwCVE-2018-9069derived from NVD
nano110-15ikb firmwareNVD
Affected:< 5xcn24wwFixed in:5xcn24wwCVE-2018-9069derived from NVD
r720-15ikba firmwareNVD
Affected:< 5jcn25wwFixed in:5jcn25wwCVE-2018-9069derived from NVD
r720-15ikbn firmwareNVD
Affected:< 4gcn38wwFixed in:4gcn38wwCVE-2018-9069derived from NVD
rescuer r720-15ikbm firmwareNVD
Affected:< 5xcn24wwFixed in:5xcn24wwCVE-2018-9069derived from NVD
rescuer y520-15ikbm firmwareNVD
Affected:< 5xcn24wwFixed in:5xcn24wwCVE-2018-9069derived from NVD
v310-14ikb firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
v310-14isk firmwareNVD
Affected:< 4.07Fixed in:4.07CVE-2018-9069derived from NVD
v310-15ikb firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
v310-15isk firmwareNVD
Affected:< 0zcn47wwFixed in:0zcn47wwCVE-2018-9069derived from NVD
v330-14ikb firmwareNVD
Affected:< 4.07Fixed in:4.07CVE-2018-9069derived from NVD
v330-14isk firmwareNVD
Affected:< 4.07Fixed in:4.07CVE-2018-9069derived from NVD
v510-14ikb firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
v510-15ikb firmwareNVD
Affected:< 2wcn38wwFixed in:2wcn38wwCVE-2018-9069derived from NVD
xiaoxinair13ikbpro firmwareNVD
Affected:< 2.55Fixed in:2.55CVE-2018-9069derived from NVD
y520-15ikba firmwareNVD
Affected:< 5jcn25wwFixed in:5jcn25wwCVE-2018-9069derived from NVD
y520-15ikbn firmwareNVD
Affected:< 4gcn38wwFixed in:4gcn38wwCVE-2018-9069derived from NVD
y720-15ikb firmwareNVD
Affected:< 4gcn38wwFixed in:4gcn38wwCVE-2018-9069derived from NVD
yoga 310-11iap firmwareNVD
Affected:< 6.7Fixed in:6.7CVE-2018-9069derived from NVD
yoga 510-14isk firmwareNVD
Affected:< 1.15Fixed in:1.15CVE-2018-9069derived from NVD
yoga 720-13ikb firmwareNVD
Affected:< 2.05Fixed in:2.05CVE-2018-9069derived from NVD
yoga 720-13ikbr firmwareNVD
Affected:< 2.07Fixed in:2.07CVE-2018-9069derived from NVD
yoga 720-15ikb firmwareNVD
Affected:< 2.05Fixed in:2.05CVE-2018-9069derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Exploit Intelligence

0.53%probability of exploitation in 30 days
41stpercentile

Moderate risk: more likely to be exploited than 41% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-362 (Race Condition) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-6387High8.1100%-Fix
CVE-2023-36884High7.599%KEV + RansomFix
CVE-2018-15473Medium5.399%-Fix
CVE-2024-27983High8.287%-Fix
CVE-2014-0226Medium6.886%-Fix
CVE-2016-5195High7.084%KEVFix
Embed a live status badge for CVE-2018-9069
CVE-2018-9069 severity badge

Markdown

[![CVE-2018-9069](https://tridentstack.com/cve/badge/CVE-2018-9069.svg)](https://tridentstack.com/cve/CVE-2018-9069)

HTML

<a href="https://tridentstack.com/cve/CVE-2018-9069"><img src="https://tridentstack.com/cve/badge/CVE-2018-9069.svg" alt="CVE-2018-9069"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.