Lucene search

[email protected]CVE-2019-6171

HistoryAug 19, 2019 - 3:15 p.m.

CVE-2019-6171

2019-08-1915:15:11

[email protected]

web.nvd.nist.gov

cve-2019-6171

thinkpad

bios

vulnerability

firmware

update

unauthorized

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

Affected configurations

NVD

Node

lenovo20f1_firmwareMatch-

AND

lenovo20f1Match-

Node

lenovo20f2_firmwareMatch-

AND

lenovo20f2Match-

Node

lenovo20jq_firmwareMatch-

AND

lenovo20jqMatch-

Node

lenovo20jr_firmwareMatch-

AND

lenovo20jrMatch-

Node

lenovo20g9_firmwareMatch-

AND

lenovo20g9Match-

Node

lenovo20gb_firmwareMatch-

AND

lenovo20gbMatch-

Node

lenovo20g8_firmwareMatch-

AND

lenovo20g8Match-

Node

lenovo20ga_firmwareMatch-

AND

lenovo20gaMatch-

Node

lenovo20g9_firmwareMatch-

AND

lenovo20g9Match-

Node

lenovo20gb_firmwareMatch-

AND

lenovo20gbMatch-

Node

lenovo20g8_firmwareMatch-

AND

lenovo20g8Match-

Node

lenovo20ga_firmwareMatch-

AND

lenovo20gaMatch-

Node

lenovo20ht_firmwareMatch-

AND

lenovo20htMatch-

Node

lenovo20hv_firmwareMatch-

AND

lenovo20hvMatch-

Node

lenovo20hs_firmwareMatch-

AND

lenovo20hsMatch-

Node

lenovo20hu_firmwareMatch-

AND

lenovo20huMatch-

Node

lenovo20ht_firmwareMatch-

AND

lenovo20htMatch-

Node

lenovo20hv_firmwareMatch-

AND

lenovo20hvMatch-

Node

lenovo20hs_firmwareMatch-

AND

lenovo20hsMatch-

Node

lenovo20hu_firmwareMatch-

AND

lenovo20huMatch-

Node

lenovo20lr_firmwareMatch-

AND

lenovo20lrMatch-

Node

lenovo20lq_firmwareMatch-

AND

lenovo20lqMatch-

Node

lenovo20ln_firmwareMatch-

AND

lenovo20lnMatch-

Node

lenovo20lm_firmwareMatch-

AND

lenovo20lmMatch-

Node

lenovo20lr_firmwareMatch-

AND

lenovo20lrMatch-

Node

lenovo20lq_firmwareMatch-

AND

lenovo20lqMatch-

Node

lenovo20ln_firmwareMatch-

AND

lenovo20lnMatch-

Node

lenovo20lm_firmwareMatch-

AND

lenovo20lmMatch-

Node

lenovo20j1_firmwareMatch-

AND

lenovo20j1Match-

Node

lenovo20j2_firmwareMatch-

AND

lenovo20j2Match-

Node

lenovo20j1_firmwareMatch-

AND

lenovo20j1Match-

Node

lenovo20j2_firmwareMatch-

AND

lenovo20j2Match-

Node

lenovo20kc_firmwareMatch-

AND

lenovo20kcMatch-

Node

lenovo20kd_firmwareMatch-

AND

lenovo20kdMatch-

Node

lenovo20mw_firmwareMatch-

AND

lenovo20mwMatch-

Node

lenovo20mx_firmwareMatch-

AND

lenovo20mxMatch-

Node

lenovo20kl_firmwareMatch-

AND

lenovo20klMatch-

Node

lenovo20km_firmwareMatch-

AND

lenovo20kmMatch-

Node

lenovo20mu_firmwareMatch-

AND

lenovo20muMatch-

Node

lenovo20mv_firmwareMatch-

AND

lenovo20mvMatch-

Node

lenovo20dc_firmwareMatch-

AND

lenovo20dcMatch-

Node

lenovo20dd_firmwareMatch-

AND

lenovo20ddMatch-

Node

lenovo30eh_firmwareMatch-

AND

lenovo30ehMatch-

Node

lenovo20df_firmwareMatch-

AND

lenovo20dfMatch-

Node

lenovo20dg_firmwareMatch-

AND

lenovo20dgMatch-

Node

lenovo20e0_firmwareMatch-

AND

lenovo20e0Match-

Node

lenovo20de_firmwareMatch-

AND

lenovo20deMatch-

Node

lenovo20dh_firmwareMatch-

AND

lenovo20dhMatch-

Node

lenovo20et_firmwareMatch-

AND

lenovo20etMatch-

Node

lenovo20eu_firmwareMatch-

AND

lenovo20euMatch-

Node

lenovo20ev_firmwareMatch-

AND

lenovo20evMatch-

Node

lenovo20ew_firmwareMatch-

AND

lenovo20ewMatch-

Node

lenovo20ex_firmwareMatch-

AND

lenovo20exMatch-

Node

lenovo20ey_firmwareMatch-

AND

lenovo20eyMatch-

Node

lenovo20h1_firmwareMatch-

AND

lenovo20h1Match-

Node

lenovo20h2_firmwareMatch-

AND

lenovo20h2Match-

Node

lenovo20h5_firmwareMatch-

AND

lenovo20h5Match-

Node

lenovo20h6_firmwareMatch-

AND

lenovo20h6Match-

Node

lenovo20h4_firmwareMatch-

AND

lenovo20h4Match-

Node

lenovo20h8_firmwareMatch-

AND

lenovo20h8Match-

Node

lenovo20kn_firmwareMatch-

AND

lenovo20knMatch-

Node

lenovo20kq_firmwareMatch-

AND

lenovo20kqMatch-

Node

lenovo20ks_firmwareMatch-

AND

lenovo20ksMatch-

Node

lenovo20kt_firmwareMatch-

AND

lenovo20ktMatch-

Node

lenovo20ku_firmwareMatch-

AND

lenovo20kuMatch-

Node

lenovo20kv_firmwareMatch-

AND

lenovo20kvMatch-

Node

lenovo20n8_firmwareMatch-

AND

lenovo20n8Match-

Node

lenovo20n9_firmwareMatch-

AND

lenovo20n9Match-

Node

lenovo20ng_firmwareMatch-

AND

lenovo20ngMatch-

Node

lenovo20h5_firmwareMatch-

AND

lenovo20h5Match-

Node

lenovo20h6_firmwareMatch-

AND

lenovo20h6Match-

Node

lenovo3xxx_firmwareMatch-

AND

lenovo3xxxMatch-

Node

lenovo20m5_firmwareMatch-

AND

lenovo20m5Match-

Node

lenovo20m6_firmwareMatch-

AND

lenovo20m6Match-

Node

lenovo20m7_firmwareMatch-

AND

lenovo20m7Match-

Node

lenovo20m8_firmwareMatch-

AND

lenovo20m8Match-

Node

lenovo20nr_firmwareMatch-

AND

lenovo20nrMatch-

Node

lenovo20ns_firmwareMatch-

AND

lenovo20nsMatch-

Node

lenovo20nt_firmwareMatch-

AND

lenovo20ntMatch-

Node

lenovo20nu_firmwareMatch-

AND

lenovo20nuMatch-

Node

lenovo246x_firmwareMatch-

AND

lenovo246xMatch-

Node

lenovo247x_firmwareMatch-

AND

lenovo247xMatch-

Node

lenovo248x_firmwareMatch-

AND

lenovo248xMatch-

Node

lenovo20ds_firmwareMatch-

AND

lenovo20dsMatch-

Node

lenovo20dt_firmwareMatch-

AND

lenovo20dtMatch-

Node

lenovo20fu_firmwareMatch-

AND

lenovo20fuMatch-

Node

lenovo20fv_firmwareMatch-

AND

lenovo20fvMatch-

Node

lenovo20j4_firmwareMatch-

AND

lenovo20j4Match-

Node

lenovo20j5_firmwareMatch-

AND

lenovo20j5Match-

Node

lenovo20ju_firmwareMatch-

AND

lenovo20juMatch-

Node

lenovo20jv_firmwareMatch-

AND

lenovo20jvMatch-

Node

lenovo20ls_firmwareMatch-

AND

lenovo20lsMatch-

Node

lenovo20lt_firmwareMatch-

AND

lenovo20ltMatch-

Node

lenovo20l2_firmwareMatch-

AND

lenovo20l2Match-

Node

lenovo20lx_firmwareMatch-

AND

lenovo20lxMatch-

Node

lenovo20ja_firmwareMatch-

AND

lenovo20jaMatch-

Node

lenovo20dq_firmwareMatch-

AND

lenovo20dqMatch-

Node

lenovo20dr_firmwareMatch-

AND

lenovo20drMatch-

Node

lenovo20g5_firmwareMatch-

AND

lenovo20g5Match-

Node

lenovo20g4_firmwareMatch-

AND

lenovo20g4Match-

Node

lenovo20b0_firmwareMatch-

AND

lenovo20b0Match-

Node

lenovo20b3_firmwareMatch-

AND

lenovo20b3Match-

Node

lenovo234x_firmwareMatch-

AND

lenovo234xMatch-

Node

lenovo235x_firmwareMatch-

AND

lenovo235xMatch-

Node

lenovo235x_firmwareMatch-

AND

lenovo235xMatch-

Node

lenovo20a9_firmwareMatch-

AND

lenovo20a9Match-

Node

lenovo20aa_firmwareMatch-

AND

lenovo20aaMatch-

Node

lenovo20ab_firmwareMatch-

AND

lenovo20abMatch-

Node

lenovo20ac_firmwareMatch-

AND

lenovo20acMatch-

Node

lenovo20b6_firmwareMatch-

AND

lenovo20b6Match-

Node

lenovo20b7_firmwareMatch-

AND

lenovo20b7Match-

Node

lenovo20aq_firmwareMatch-

AND

lenovo20aqMatch-

Node

lenovo20ar_firmwareMatch-

AND

lenovo20arMatch-

Node

lenovo20an_firmwareMatch-

AND

lenovo20anMatch-

Node

lenovo20aw_firmwareMatch-

AND

lenovo20awMatch-

Node

lenovo20bu_firmwareMatch-

AND

lenovo20buMatch-

Node

lenovo20bv_firmwareMatch-

AND

lenovo20bvMatch-

Node

lenovo20dj_firmwareMatch-

AND

lenovo20djMatch-

Node

lenovo20bw_firmwareMatch-

AND

lenovo20bwMatch-

Node

lenovo20bx_firmwareMatch-

AND

lenovo20bxMatch-

Node

lenovo20fm_firmwareMatch-

AND

lenovo20fmMatch-

Node

lenovo20fn_firmwareMatch-

AND

lenovo20fnMatch-

Node

lenovo20fw_firmwareMatch-

AND

lenovo20fwMatch-

Node

lenovo20fx_firmwareMatch-

AND

lenovo20fxMatch-

Node

lenovo20j6_firmwareMatch-

AND

lenovo20j6Match-

Node

lenovo20j7_firmwareMatch-

AND

lenovo20j7Match-

Node

lenovo235x_firmwareMatch-

AND

lenovo235xMatch-

Node

lenovo239x_firmwareMatch-

AND

lenovo239xMatch-

Node

lenovo242x_firmwareMatch-

AND

lenovo242xMatch-

Node

lenovo243x_firmwareMatch-

AND

lenovo243xMatch-

Node

lenovo20be_firmwareMatch-

AND

lenovo20beMatch-

Node

lenovo20bf_firmwareMatch-

AND

lenovo20bfMatch-

Node

lenovo243x_firmwareMatch-

AND

lenovo243xMatch-

Node

lenovo244x_firmwareMatch-

AND

lenovo244xMatch-

Node

lenovo246x_firmwareMatch-

AND

lenovo246xMatch-

Node

lenovo20bg_firmwareMatch-

AND

lenovo20bgMatch-

Node

lenovo20bg_firmwareMatch-

AND

lenovo20bgMatch-

Node

lenovo20ef_firmwareMatch-

AND

lenovo20efMatch-

Node

lenovo20eg_firmwareMatch-

AND

lenovo20egMatch-

Node

lenovo34xx_firmwareMatch-

AND

lenovo34xxMatch-

Node

lenovo20a7_firmwareMatch-

AND

lenovo20a7Match-

Node

lenovo20a8_firmwareMatch-

AND

lenovo20a8Match-

Node

lenovo336x_firmwareMatch-

AND

lenovo336xMatch-

Node

lenovo337x_firmwareMatch-

AND

lenovo337xMatch-

Node

lenovo20bl_firmwareMatch-

AND

lenovo20blMatch-

Node

lenovo20bm_firmwareMatch-

AND

lenovo20bmMatch-

Node

lenovo343x_firmwareMatch-

AND

lenovo343xMatch-

Node

lenovo344x_firmwareMatch-

AND

lenovo344xMatch-

Node

lenovo230x_firmwareMatch-

AND

lenovo230xMatch-

Node

lenovo232x_firmwareMatch-

AND

lenovo232xMatch-

Node

lenovo233x_firmwareMatch-

AND

lenovo233xMatch-

Node

lenovo20al_firmwareMatch-

AND

lenovo20alMatch-

Node

lenovo20am_firmwareMatch-

AND

lenovo20amMatch-

Node

lenovo20aj_firmwareMatch-

AND

lenovo20ajMatch-

Node

lenovo20ak_firmwareMatch-

AND

lenovo20akMatch-

Node

lenovo20f5_firmwareMatch-

AND

lenovo20f5Match-

Node

lenovo20f6_firmwareMatch-

AND

lenovo20f6Match-

Node

lenovo20hn_firmwareMatch-

AND

lenovo20hnMatch-

Node

lenovo20hm_firmwareMatch-

AND

lenovo20hmMatch-

Node

lenovo20k5_firmwareMatch-

AND

lenovo20k5Match-

Node

lenovo20k6_firmwareMatch-

AND

lenovo20k6Match-

Node

lenovo20lh_firmwareMatch-

AND

lenovo20lhMatch-

Node

lenovo20lj_firmwareMatch-

AND

lenovo20ljMatch-

Node

lenovo20nn_firmwareMatch-

AND

lenovo20nnMatch-

Node

lenovo20nq_firmwareMatch-

AND

lenovo20nqMatch-

Node

lenovo20d9_firmwareMatch-

AND

lenovo20d9Match-

Node

lenovo20da_firmwareMatch-

AND

lenovo20daMatch-

Node

lenovo20jh_firmwareMatch-

AND

lenovo20jhMatch-

Node

lenovo20jj_firmwareMatch-

AND

lenovo20jjMatch-

CPENameOperatorVersion
lenovo:20f1_firmwarelenovo 20f1 firmwareeq-

CPE	Name	Operator	Version
lenovo:20f1_firmware	lenovo 20f1 firmware	eq	-

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/solutions/LEN-27764

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVE-2019-6171

lenovo2 cvelist1 nvd1 prion1 threatpost1