I have a client with over 100 Lenovo PCs who received this notification from Lenovo:
https://support.lenovo.com/us/en/product_security/LEN-94953
Will a VT be provided to detect the CVEs they list?
Thanks,
Karl
Hi, all the CVEs listed in the notification require local access.
Since OpenVAS uses NVTs that are executed over the network, it doesn’t have local access to the machine. Therefore I guess that no VTs will be provided for this.
The Lenovo announcement includes a table of model numbers and BIOS versions that are vulnerable. Both are available from Windows; the model number from WMI at
SELECT Model FROM Win32_ComputerSystem
and the BIOS version from the registry at one of these two locations
HKLM\HARDWARE\Description\System\SystemBiosVersion
HKLM\HARDWARE\Description\System\BIOS\BIOSVersion
I see other VTs accessing WMI and the Windows registry.
Karl
There are not plans to cover these CVEs:
Currently coverage of BIOS CVEs is not in the scope of our work.