Attacker Value
Unknown
0
BIOS Write Protection Race Condition
0
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
BIOS Write Protection Race Condition
(Last updated November 27, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
MITRE ATT&CK
Select the MITRE ATT&CK Tactics that apply to this CVE
Collection
Select any Techniques used:
Command and Control
Select any Techniques used:
Credential Access
Select any Techniques used:
Defense Evasion
Select any Techniques used:
Discovery
Select any Techniques used:
Execution
Select any Techniques used:
Exfiltration
Select any Techniques used:
Impact
Select any Techniques used:
Initial Access
Select any Techniques used:
Lateral Movement
Select any Techniques used:
Persistence
Select any Techniques used:
Privilege Escalation
Select any Techniques used:
Topic Tags
Select the tags that apply to this CVE (Assessment added tags are disabled and cannot be removed)
What makes this of high-value to an attacker?
What makes this of low-value to an attacker?
Description
In some Lenovo IdeaPad consumer notebook models, a race condition in the BIOS flash device locking mechanism is not adequately protected against, potentially allowing an attacker with administrator access to alter the contents of BIOS.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.9 Medium
Impact Score:
5.2
Exploitability Score:
0.7
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
High
Availability (A):
High
General Information
Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
IdeaPad various
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown
Products
- 310s-14isk firmware,
- 320-15ikbra firmware,
- 320-15ikbrn firmware,
- 320-15ikbrn touch firmware,
- 320-17ikbrn,
- 320s-14ikb,
- 320s-15ikb firmware,
- 320s-15isk firmware,
- 510s-14isk firmware,
- 520-15ikbrn firmware,
- 520s-14ikb firmware,
- 7000 u42 firmware,
- 7000-15 u42 firmware,
- 710s plus touch-13ikb firmware,
- 710s plus-13ikb 16g firmware,
- 710s plus-3ikb firmware,
- 720s-13ikb firmware,
- b320-14ikb firmware -,
- e42-80 firmware,
- e43-80 kbl firmware,
- e52-80 firmware,
- flex 4-1470 firmware,
- flex 5-1470 firmware,
- flex 5-1570 firmware,
- ideapad 2in1 14 firmware -,
- lenovo ideapad 320-14ikb(i+a) firmware -,
- lenovo ideapad 320-14ikb(i+n) firmware -,
- lenovo ideapad 320-15abr firmware -,
- lenovo ideapad 320-15ikb(i+n) firmware -,
- lenovo ideapad 320s-14ikbr firmware -,
- lenovo ideapad 320s-15ikbr firmware -,
- lenovo ideapad 520s-14ikbr firmware -,
- lenovo ideapad 720s-14ikb firmware,
- lenovo ideapad flex 5-1470 firmware,
- lenovo ideapad flex 5-1570 firmware,
- lenovo ideapad y520-15ikbn firmware -,
- lenovo tianyi 310-14ikb firmware -,
- lenovo tianyi 310-15ikb firmware -,
- lenovo v720-14 firmware,
- lenovo y520-15ikba firmware,
- lenovo y520-15ikbm firmware,
- lenovo y720-15ikb firmware,
- lenovo yoga 520-14ikb firmware,
- lenovo yoga 520-15ikb firmware,
- miix 720-12ikb,
- nano110-14ikb firmware -,
- nano110-15ikb firmware,
- r720-15ikba firmware,
- r720-15ikbn firmware,
- rescuer r720-15ikbm firmware,
- rescuer y520-15ikbm firmware,
- v310-14ikb firmware,
- v310-14isk firmware,
- v310-15ikb firmware,
- v310-15isk firmware,
- v330-14ikb firmware,
- v330-14isk firmware,
- v510-14ikb firmware,
- v510-15ikb firmware,
- xiaoxinair13ikbpro firmware,
- y520-15ikba firmware,
- y520-15ikbn firmware,
- y720-15ikb firmware,
- yoga 310-11iap firmware,
- yoga 510-14isk firmware,
- yoga 720-13ikb firmware,
- yoga 720-13ikbr firmware,
- yoga 720-15ikb firmware
References
Additional Info
Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Rapid7
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
