1. Home
  2. CVE Database
  3. CVE-2019-6171
MEDIUM · 6.8

CVE-2019-6171

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller ...

Vulnerability Description

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Lenovo20F1 Firmware-
Lenovo20F1-
Lenovo20F2 Firmware-
Lenovo20F2-
Lenovo20Jq Firmware-
Lenovo20Jq-
Lenovo20Jr Firmware-
Lenovo20Jr-
Lenovo20G9 Firmware-
Lenovo20G9-
Lenovo20Gb Firmware-
Lenovo20Gb-
Lenovo20G8 Firmware-
Lenovo20G8-
Lenovo20Ga Firmware-
Lenovo20Ga-
Lenovo20Ht Firmware-
Lenovo20Ht-
Lenovo20Hv Firmware-
Lenovo20Hv-

References

FAQ

What is CVE-2019-6171?

CVE-2019-6171 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller ...

How severe is CVE-2019-6171?

CVE-2019-6171 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6171?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo 20F1 Firmware, Lenovo 20F1, Lenovo 20F2 Firmware, Lenovo 20F2, Lenovo 20Jq Firmware.