Will VTs for these Lenovo BIOS CVEs be added?

I have a client with over 100 Lenovo PCs who received this notification from Lenovo:


Will a VT be provided to detect the CVEs they list?



Hi, all the CVEs listed in the notification require local access.

Since OpenVAS uses NVTs that are executed over the network, it doesn’t have local access to the machine. Therefore I guess that no VTs will be provided for this.

The Lenovo announcement includes a table of model numbers and BIOS versions that are vulnerable. Both are available from Windows; the model number from WMI at

SELECT Model FROM Win32_ComputerSystem

and the BIOS version from the registry at one of these two locations


I see other VTs accessing WMI and the Windows registry.


There are not plans to cover these CVEs:

Currently coverage of BIOS CVEs is not in the scope of our work.