CVE-2019-6188
high-risk
Published 2019-11-12
The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.
Do I need to act?
-
0.62% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
510-15Ikl Firmware
510S-08Ikl Firmware
Ideacentre 300-20Ish Firmware
Ideacentre 300S-11Ish Firmware
Ideacentre 310S-08Asr Firmware
Ideacentre 310S-08Igm Firmware
Ideacentre 510-15Icb Firmware
Ideacentre 510A-15Icb Firmware
Ideacentre 510S-08Ish Firmware
Ideacentre 700 Firmware
Ideacentre 720-18Apr Firmware
Ideacentre 720-18Icb Firmware
Legion C530-19Icb Firmware
Legion C730-19Ico Firmware
Legion T530-28Apr Firmware
Legion T530-28Apr Reflash Firmware
Legion T530-28Icb Firmware
Legion T530-28Icb Reflash Firmware
Legion T730-28Ico Firmware
Legion Y520T Z370 Firmware
Affected Vendors
References (2)
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-27714
67
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
33/34 · Critical