CVSS: 7.6EPSS: 0%CPEs: 345EXPL: 0CVE-2018-12169
https://notcve.org/view.php?id=CVE-2018-12169
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. El firmware del código de muestra de la plataforma en 4ª, 5ª, 6ª, 7ª y 8ª generación del procesador Intel Core contiene un error lógico que podría permitir a un atacante físico omitir la autenticación del firmware. • http://www.securityfocus.com/bid/105387 https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html https://support.lenovo.com/us/en/solutions/LEN-20527 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 101EXPL: 0CVE-2018-9062 – BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
https://notcve.org/view.php?id=CVE-2018-9062
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. En algunos ThinkPads de Lenovo, una región de BIOS no se incluye correctamente en las comprobaciones, lo que permite la inyección de código arbitrario. • http://www.securityfocus.com/bid/105387 https://support.lenovo.com/us/en/solutions/LEN-20527 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2017-3767
https://notcve.org/view.php?id=CVE-2017-3767
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. Se ha identificado una vulnerabilidad de escalado de privilegios en las versiones anteriores a la 6.0.1.8224 del controlador de audio Realtek en productos Lenovo ThinkPad. Un atacante con privilegios locales podría ejecutar código con privilegios administrativos. • https://support.lenovo.com/us/en/product_security/LEN-15759 •
CVSS: 7.8EPSS: 0%CPEs: 151EXPL: 0CVE-2017-3756
https://notcve.org/view.php?id=CVE-2017-3756
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. Se identificó una vulnerabilidad de escalado de privilegios en Lenovo Active Protection System para versiones de sistemas ThinkPad anteriores a la 1.82.0.17. Un atacante con privilegios locales podría ejecutar código con privilegios de administrador a través de una ruta de servicio sin entrecomillar. • http://www.securityfocus.com/bid/100305 https://support.lenovo.com/us/en/product_security/LEN-15765 •
CVSS: 4.7EPSS: 0%CPEs: 148EXPL: 0CVE-2016-8222
https://notcve.org/view.php?id=CVE-2016-8222
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. Una vulnerabilidad ha sido identificada en un controlador de kernel firmado para la BIOS de algunos sistemas ThinkPad que pueden permitir a un atacante con privilegios nivel administrador de Windows llamar a servicios System Management Mode (SMM). Esto puede conducir a un ataque de denegación de servicio o permitir que ciertas variables o ajustes BIOS sean alterados (como una secuencia boot). • http://www.securityfocus.com/bid/94409 https://support.lenovo.com/us/en/solutions/LEN_8327 • CWE-284: Improper Access Control •