Vulnerability CVE-2019-6171


Published: 2019-08-19

Description:
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Lenovo -> 20a7 firmware 
Lenovo -> 20b6 firmware 
Lenovo -> 20df firmware 
Lenovo -> 20ey firmware 
Lenovo -> 20gb firmware 
Lenovo -> 20j5 firmware 
Lenovo -> 20kn firmware 
Lenovo -> 20m5 firmware 
Lenovo -> 20nu firmware 
Lenovo -> 343x firmware 
Lenovo -> 20a8 firmware 
Lenovo -> 20b7 firmware 
Lenovo -> 20dg firmware 
Lenovo -> 20f1 firmware 
Lenovo -> 20h1 firmware 
Lenovo -> 20j6 firmware 
Lenovo -> 20kq firmware 
Lenovo -> 20m6 firmware 
Lenovo -> 230x firmware 
Lenovo -> 344x firmware 
Lenovo -> 20a9 firmware 
Lenovo -> 20be firmware 
Lenovo -> 20dh firmware 
Lenovo -> 20f2 firmware 
Lenovo -> 20h2 firmware 
Lenovo -> 20j7 firmware 
Lenovo -> 20ks firmware 
Lenovo -> 20m7 firmware 
Lenovo -> 232x firmware 
Lenovo -> 34xx firmware 
Lenovo -> 20aa firmware 
Lenovo -> 20bf firmware 
Lenovo -> 20dj firmware 
Lenovo -> 20f5 firmware 
Lenovo -> 20h4 firmware 
Lenovo -> 20ja firmware 
Lenovo -> 20kt firmware 
Lenovo -> 20m8 firmware 
Lenovo -> 233x firmware 
Lenovo -> 3xxx firmware 
Lenovo -> 20ab firmware 
Lenovo -> 20bg firmware 
Lenovo -> 20dq firmware 
Lenovo -> 20f6 firmware 
Lenovo -> 20h5 firmware 
Lenovo -> 20jh firmware 
Lenovo -> 20ku firmware 
Lenovo -> 20mu firmware 
Lenovo -> 234x firmware 
Lenovo -> 20ac firmware 
Lenovo -> 20bl firmware 
Lenovo -> 20dr firmware 
Lenovo -> 20fm firmware 
Lenovo -> 20h6 firmware 
Lenovo -> 20jj firmware 
Lenovo -> 20kv firmware 
Lenovo -> 20mv firmware 
Lenovo -> 235x firmware 
Lenovo -> 20aj firmware 
Lenovo -> 20bm firmware 
Lenovo -> 20ds firmware 
Lenovo -> 20fn firmware 
Lenovo -> 20h8 firmware 
Lenovo -> 20jq firmware 
Lenovo -> 20l2 firmware 
Lenovo -> 20mw firmware 
Lenovo -> 239x firmware 
Lenovo -> 20ak firmware 
Lenovo -> 20bu firmware 
Lenovo -> 20dt firmware 
Lenovo -> 20fu firmware 
Lenovo -> 20hm firmware 
Lenovo -> 20jr firmware 
Lenovo -> 20lh firmware 
Lenovo -> 20mx firmware 
Lenovo -> 242x firmware 
Lenovo -> 20al firmware 
Lenovo -> 20bv firmware 
Lenovo -> 20e0 firmware 
Lenovo -> 20fv firmware 
Lenovo -> 20hn firmware 
Lenovo -> 20ju firmware 
Lenovo -> 20lj firmware 
Lenovo -> 20n8 firmware 
Lenovo -> 243x firmware 
Lenovo -> 20am firmware 
Lenovo -> 20bw firmware 
Lenovo -> 20ef firmware 
Lenovo -> 20fw firmware 
Lenovo -> 20hs firmware 
Lenovo -> 20jv firmware 
Lenovo -> 20lm firmware 
Lenovo -> 20n9 firmware 
Lenovo -> 244x firmware 
Lenovo -> 20an firmware 
Lenovo -> 20bx firmware 
Lenovo -> 20eg firmware 
Lenovo -> 20fx firmware 
Lenovo -> 20ht firmware 
Lenovo -> 20k5 firmware 

 References:
https://support.lenovo.com/solutions/LEN-27764

Copyright 2020, cxsecurity.com

 

Back to Top