CVE-2018-9069 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H
lenovo	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
hp	310s-14isk_firmware	𝑥 < 1.15
hp	320-15ikbra_firmware	𝑥 < 6jcn24ww
hp	320-15ikbrn_firmware	𝑥 < 6jcn24ww
hp	320-15ikbrn_touch_firmware	𝑥 < 6jcn24ww
hp	320-17ikbrn	𝑥 < 2.09
hp	320s-14ikb	𝑥 < 2.09
hp	320s-15ikb_firmware	𝑥 < 2.09
hp	320s-15isk_firmware	𝑥 < 2wcn38ww
hp	510s-14isk_firmware	𝑥 < 1.15
hp	520-15ikbrn_firmware	𝑥 < 6jcn26ww
hp	520s-14ikb_firmware	𝑥 < 2.09
hp	710s_plus-13ikb_16g_firmware	𝑥 < 2.55
hp	710s_plus-3ikb_firmware	𝑥 < 2.55
hp	xiaoxinair13ikbpro_firmware	𝑥 < 2.55
hp	710s_plus_touch-13ikb_firmware	𝑥 < 2.55
hp	720s-13ikb_firmware	𝑥 < 5scn38ww
hp	b320-14ikb_firmware	-
lenovo	e42-80_firmware	𝑥 < 2wcn38ww
lenovo	e52-80_firmware	𝑥 < 2wcn38ww
hp	flex_4-1470_firmware	𝑥 < 1.15
hp	flex_5-1470_firmware	𝑥 < 2.09
hp	flex_5-1570_firmware	𝑥 < 2.09
hp	ideapad_2in1_14_firmware	-
hp	lenovo_ideapad_320-14ikb\(i\+a\)_firmware	-
hp	lenovo_ideapad_320-14ikb\(i\+n\)_firmware	-
hp	lenovo_ideapad_320-15abr_firmware	-
hp	lenovo_ideapad_320-15ikb\(i\+n\)_firmware	-
hp	lenovo_ideapad_320s-14ikbr_firmware	-
hp	lenovo_ideapad_320s-15ikbr_firmware	-
hp	lenovo_ideapad_520s-14ikbr_firmware	-
hp	lenovo_ideapad_720s-14ikb_firmware	𝑥 < 6jcn26ww
hp	lenovo_ideapad_flex_5-1470_firmware	𝑥 < 6jcn26ww
hp	lenovo_ideapad_flex_5-1570_firmware	𝑥 < 6jcn26ww
hp	lenovo_ideapad_y520-15ikbn_firmware	-
hp	lenovo_tianyi_310-14ikb_firmware	-
hp	lenovo_tianyi_310-15ikb_firmware	-
hp	lenovo_y520-15ikba_firmware	𝑥 < 5jcn25ww
hp	lenovo_y520-15ikbm_firmware	𝑥 < 5jcn25ww
hp	lenovo_yoga_520-14ikb_firmware	𝑥 < 6jcn26ww
hp	lenovo_yoga_520-15ikb_firmware	𝑥 < 6jcn26ww
hp	miix_720-12ikb	𝑥 < 3scn66ww
hp	nano110-14ikb_firmware	-
hp	nano110-15ikb_firmware	𝑥 < 5xcn24ww
hp	rescuer_r720-15ikbm_firmware	𝑥 < 5xcn24ww
hp	rescuer_y520-15ikbm_firmware	𝑥 < 5xcn24ww
lenovo	v310-14ikb_firmware	𝑥 < 2wcn38ww
lenovo	v310-14isk_firmware	𝑥 < 4.07
lenovo	v310-15ikb_firmware	𝑥 < 2wcn38ww
lenovo	v310-15isk_firmware	𝑥 < 0zcn47ww
hp	v330-14ikb_firmware	𝑥 < 4.07
hp	v330-14isk_firmware	𝑥 < 4.07
lenovo	v510-14ikb_firmware	𝑥 < 2wcn38ww
lenovo	v510-15ikb_firmware	𝑥 < 2wcn38ww
hp	yoga_310-11iap_firmware	𝑥 < 6.7
hp	yoga_510-14isk_firmware	𝑥 < 1.15
hp	yoga_720-13ikb_firmware	𝑥 < 2.05
hp	yoga_720-13ikbr_firmware	𝑥 < 2.07
hp	yoga_720-15ikb_firmware	𝑥 < 2.05
hp	lenovo_v720-14_firmware	𝑥 < 2.12
hp	7000_u42_firmware	𝑥 < 2.09
hp	7000-15_u42_firmware	𝑥 < 2.09
hp	r720-15ikba_firmware	𝑥 < 5jcn25ww
hp	y520-15ikba_firmware	𝑥 < 5jcn25ww
hp	r720-15ikbn_firmware	𝑥 < 4gcn38ww
hp	y520-15ikbn_firmware	𝑥 < 4gcn38ww
hp	y720-15ikb_firmware	𝑥 < 4gcn38ww
hp	lenovo_y720-15ikb_firmware	𝑥 < 4gcn38ww
hp	e43-80_kbl_firmware	𝑥 < 4.07

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

https://support.lenovo.com/us/en/solutions/LEN-20184