CVE-2018-12169

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
intelCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
lenovothinkpad_11e
-
lenovothinkpad_e480
-
lenovothinkpad_e580
-
lenovothinkpad_l380
-
lenovothinkpad_l380_yoga
-
lenovothinkpad_l480
-
lenovothinkpad_l580
-
lenovothinkpad_p51
-
lenovothinkpad_p51s
-
lenovothinkpad_p52
-
lenovothinkpad_p52s
-
lenovothinkpad_p71
-
lenovothinkpad_p72
-
lenovothinkpad_t25
-
lenovothinkpad_t470
-
lenovothinkpad_t470p
-
lenovothinkpad_t470s
-
lenovothinkpad_t480
-
lenovothinkpad_t480s
-
lenovothinkpad_t570
-
lenovothinkpad_t580
-
lenovothinkpad_x1_carbon
-
lenovothinkpad_x1_tablet
-
lenovothinkpad_x1_yoga
-
lenovothinkpad_x270
-
lenovothinkpad_x280
-
lenovothinkpad_x380_yoga
-
lenovothinkpad_yoga_370
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105387
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
https://support.lenovo.com/us/en/solutions/LEN-20527
http://www.securityfocus.com/bid/105387
https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html
https://support.lenovo.com/us/en/solutions/LEN-20527