CVE-2018-12169 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.6 HIGH	PHYSICAL	LOW	NONE	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Affected Products (NVD)

Vendor	Product	Version
lenovo	thinkpad_11e	-
lenovo	thinkpad_e480	-
lenovo	thinkpad_e580	-
lenovo	thinkpad_l380	-
lenovo	thinkpad_l380_yoga	-
lenovo	thinkpad_l480	-
lenovo	thinkpad_l580	-
lenovo	thinkpad_p51	-
lenovo	thinkpad_p51s	-
lenovo	thinkpad_p52	-
lenovo	thinkpad_p52s	-
lenovo	thinkpad_p71	-
lenovo	thinkpad_p72	-
lenovo	thinkpad_t25	-
lenovo	thinkpad_t470	-
lenovo	thinkpad_t470p	-
lenovo	thinkpad_t470s	-
lenovo	thinkpad_t480	-
lenovo	thinkpad_t480s	-
lenovo	thinkpad_t570	-
lenovo	thinkpad_t580	-
lenovo	thinkpad_x1_carbon	-
lenovo	thinkpad_x1_tablet	-
lenovo	thinkpad_x1_yoga	-
lenovo	thinkpad_x270	-
lenovo	thinkpad_x280	-
lenovo	thinkpad_x380_yoga	-
lenovo	thinkpad_yoga_370	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

http://www.securityfocus.com/bid/105387

https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html

https://support.lenovo.com/us/en/solutions/LEN-20527

http://www.securityfocus.com/bid/105387

https://edk2-docs.gitbooks.io/security-advisory/content/unauthenticated-firmware-chain-of-trust-bypass.html

https://support.lenovo.com/us/en/solutions/LEN-20527