CVE-2019-6171 — Lenovo Bios vulnerability

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.0%

top 85.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Bios

Timeline

PublishedAug 19

Latest updateMay 24

Description

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5lenovo/biosvarious

🔴Vulnerability Details

GHSA

GHSA-8pxc-53gq-54c7: A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical acc↗2022-05-24

▶

CVEList

CVE-2019-6171: A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical acc↗2019-08-19

▶