CVE-2018-9062

Name: CVE-2018-9062
Creator: NVD / NIST
Published: 2018-07-19T19:29:00.607+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.8/10EPSS 0.51%

Last modified Jun 17, 2026

CVE-2018-9062 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.

Description

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

Metrics

CVSS 3.1

6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.51%

39.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-74

Affected Software

Vendor	Product	Versions
Lenovo	E42-80 Firmware	< 2wcn40ww
Lenovo	E42-80 Isk Firmware	< 0zcn48ww
Lenovo	E52-80 Firmware	< 2wcn40ww
Lenovo	E52-80 Isk Firmware	< 0zcn48ww
Lenovo	Miix 720-12ikb Firmware	< 3scn68ww
Lenovo	V310-14ikb Firmware	< 2wcn40ww
Lenovo	V310-14isk Firmware	< 0zcn48ww
Lenovo	V310-15ikb Firmware	< 2wcn40ww
Lenovo	V310-15isk Firmware	< 0zcn48ww
Lenovo	V510-14ikb Firmware	< 2wcn40ww
Lenovo	V510-15ikb Firmware	< 2wcn40ww
Lenovo	Thinkpad L380 Firmware	< r0ret28w
Lenovo	Thinkpad E480 Firmware	< r0pet47w
Lenovo	Thinkpad E580 Firmware	< r0pet47w
Lenovo	Thinkpad L480 Firmware	< r0qet47w
Lenovo	Thinkpad L580 Firmware	< r0qet47w
Lenovo	Thinkpad P51 Firmware	< n1uet71w
Lenovo	Thinkpad P51s Firmware	< n1vet45w
Lenovo	Thinkpad P52 Firmware	< n2cet28w
Lenovo	Thinkpad P52s Firmware	< n27et27w
Lenovo	Thinkpad P71 Firmware	< n1tet50w
Lenovo	Thinkpad P72 Firmware	< n2cet28w
Lenovo	Thinkpad T25 Firmware	< n1qet77w
Lenovo	Thinkpad T470 Firmware	< n1qet77w
Lenovo	Thinkpad T470p Firmware	< r0fet44w
Lenovo	Thinkpad T470s Firmware	< n1wet49w
Lenovo	Thinkpad T480 Firmware	< n24et41w
Lenovo	Thinkpad T480s Firmware	< n22et48w
Lenovo	Thinkpad T570 Firmware	< n1vet45w
Lenovo	Thinkpad T580 Firmware	< n27et27w
Lenovo	Thinkpad X380 Yoga Firmware	< r0set29w
Lenovo	Thinkpad Yoga 11e Firmware	< r0vet23w
Lenovo	Thinkpad Yoga 370 Firmware	< r0het48w
Lenovo	Thinkpad S1 Firmware	< r0het48w
Lenovo	Thinkpad X1 Carbon Firmware	< n1met49w
Lenovo	Thinkpad X1 Carbon Firmware	< n23et52w
Lenovo	Thinkpad X1 Tablet Firmware	< n1oet45w
Lenovo	Thinkpad X1 Tablet Firmware	< n1zet69w
Lenovo	Thinkpad X1 Yoga Firmware	< n1net42w
Lenovo	Thinkpad X1 Yoga Firmware	< n25et38w
Lenovo	Thinkpad X270 Firmware	< r0iet53w
Lenovo	Thinkpad X280 Firmware	< n20et33w

References

http://www.securityfocus.com/bid/105387Third Party Advisory, VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-20527Patch, Vendor Advisory
http://www.securityfocus.com/bid/105387Third Party Advisory, VDB Entry
https://support.lenovo.com/us/en/solutions/LEN-20527Patch, Vendor Advisory

Timeline

Published: Jul 19, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-9062?

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.

How severe is CVE-2018-9062?

CVE-2018-9062 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.51% probability of exploitation in the next 30 days.

How do I fix CVE-2018-9062?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-9062?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST