Skip to main content

20F1 Firmware CVE-2019-6171

MEDIUM
2019-08-19 psirt@lenovo.com
Information Disclosure 20F1 Firmware 20F2 Firmware 20Jq Firmware 20Jr Firmware 20G9 Firmware 20Gb Firmware 20G8 Firmware 20Ga Firmware 20Ht Firmware 20Hv Firmware 20Hs Firmware 20Hu Firmware 20Lr Firmware 20Lq Firmware 20Ln Firmware 20Lm Firmware 20J1 Firmware 20J2 Firmware 20Kc Firmware 20Kd Firmware 20Mw Firmware 20Mx Firmware 20Kl Firmware 20Km Firmware 20Mu Firmware 20Mv Firmware 20Dc Firmware 20Dd Firmware 30Eh Firmware 20Df Firmware 20Dg Firmware 20E0 Firmware 20De Firmware 20Dh Firmware 20Et Firmware 20Eu Firmware 20Ev Firmware 20Ew Firmware 20Ex Firmware 20Ey Firmware 20H1 Firmware 20H2 Firmware 20H5 Firmware 20H6 Firmware 20H4 Firmware 20H8 Firmware 20Kn Firmware 20Kq Firmware 20Ks Firmware 20Kt Firmware 20Ku Firmware 20Kv Firmware 20N8 Firmware 20N9 Firmware 20Ng Firmware 3Xxx Firmware 20M5 Firmware 20M6 Firmware 20M7 Firmware 20M8 Firmware 20Nr Firmware 20Ns Firmware 20Nt Firmware 20Nu Firmware 246X Firmware 247X Firmware 248X Firmware 20Ds Firmware 20Dt Firmware 20Fu Firmware 20Fv Firmware 20J4 Firmware 20J5 Firmware 20Ju Firmware 20Jv Firmware 20Ls Firmware 20Lt Firmware 20L2 Firmware 20Lx Firmware 20Ja Firmware 20Dq Firmware 20Dr Firmware 20G5 Firmware 20G4 Firmware 20B0 Firmware 20B3 Firmware 234X Firmware 235X Firmware 20A9 Firmware 20Aa Firmware 20Ab Firmware 20Ac Firmware 20B6 Firmware 20B7 Firmware 20Aq Firmware 20Ar Firmware 20An Firmware 20Aw Firmware 20Bu Firmware 20Bv Firmware 20Dj Firmware 20Bw Firmware 20Bx Firmware 20Fm Firmware 20Fn Firmware 20Fw Firmware 20Fx Firmware 20J6 Firmware 20J7 Firmware 239X Firmware 242X Firmware 243X Firmware 20Be Firmware 20Bf Firmware 244X Firmware 20Bg Firmware 20Ef Firmware 20Eg Firmware 34Xx Firmware 20A7 Firmware 20A8 Firmware 336X Firmware 337X Firmware 20Bl Firmware 20Bm Firmware 343X Firmware 344X Firmware 230X Firmware 232X Firmware 233X Firmware 20Al Firmware 20Am Firmware 20Aj Firmware 20Ak Firmware 20F5 Firmware 20F6 Firmware 20Hn Firmware 20Hm Firmware 20K5 Firmware 20K6 Firmware 20Lh Firmware 20Lj Firmware 20Nn Firmware 20Nq Firmware 20D9 Firmware 20Da Firmware 20Jh Firmware 20Jj Firmware
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 19, 2019 - 15:15 nvd
MEDIUM 6.8

DescriptionNVD

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

AnalysisAI

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. Affected products include: Lenovo 20F1 Firmware, Lenovo 20F2 Firmware, Lenovo 20Jq Firmware, Lenovo 20Jr Firmware, Lenovo 20G9 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2019-6171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy