CVE-2019-6171
high-risk
Published 2019-08-19
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
Do I need to act?
-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.8/10
Medium
PHYSICAL
/ LOW complexity
Affected Products (20)
20F1 Firmware
20F2 Firmware
20Jq Firmware
20Jr Firmware
20G9 Firmware
20Gb Firmware
20G8 Firmware
20Ga Firmware
20Ht Firmware
20Hv Firmware
20Hs Firmware
20Hu Firmware
20Lr Firmware
20Lq Firmware
20Ln Firmware
20Lm Firmware
20J1 Firmware
20J2 Firmware
20Kc Firmware
20Kd Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/solutions/LEN-27764
Vendor Advisory
https://support.lenovo.com/solutions/LEN-27764
55
/ 100
high-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
33/34 · Critical