Описание
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:lenovo:bios:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:lenovo:710s-13ikb\/xiaoxin_air_13ikb:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:710s-13isk\/xiaoxin_air_13:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:k21-80:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:k22-80\/lenovo_v720-12:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:k41-80:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ideapad_110-14ast:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ideapad_110-15ast:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ideapad_320-14ast:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_ideapad_320-15ast:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:lenovo_xiaoxin_rui7000:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:miix_710-12ikb:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:miix_720-12ikb:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:notebook_320-17ast:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:rescuer_e520-15ikb:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v110-14iap:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v110-15iap:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v110-15ikb:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:v110-15isk:-:*:*:*:*:*:*:*
cpe:2.3:h:lenovo:yoga_710-11ikb:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00043
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.7
github
больше 3 лет назад
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code.
EPSS
Процентиль: 12%
0.00043
Низкий
6.7 Medium
CVSS3
7.2 High
CVSS2
Дефекты
NVD-CWE-noinfo