Strix
26.1K

CVE-2019-6171

MEDIUMCVSS 6.8/10EPSS 0.34%

Last modified

CVE-2019-6171 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.34%

26.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Lenovo20f1 FirmwareAll versions
Lenovo20f2 FirmwareAll versions
Lenovo20jq FirmwareAll versions
Lenovo20jr FirmwareAll versions
Lenovo20g9 FirmwareAll versions
Lenovo20gb FirmwareAll versions
Lenovo20g8 FirmwareAll versions
Lenovo20ga FirmwareAll versions
Lenovo20ht FirmwareAll versions
Lenovo20hv FirmwareAll versions
Lenovo20hs FirmwareAll versions
Lenovo20hu FirmwareAll versions
Lenovo20lr FirmwareAll versions
Lenovo20lq FirmwareAll versions
Lenovo20ln FirmwareAll versions
Lenovo20lm FirmwareAll versions
Lenovo20j1 FirmwareAll versions
Lenovo20j2 FirmwareAll versions
Lenovo20kc FirmwareAll versions
Lenovo20kd FirmwareAll versions
Lenovo20mw FirmwareAll versions
Lenovo20mx FirmwareAll versions
Lenovo20kl FirmwareAll versions
Lenovo20km FirmwareAll versions
Lenovo20mu FirmwareAll versions
Lenovo20mv FirmwareAll versions
Lenovo20dc FirmwareAll versions
Lenovo20dd FirmwareAll versions
Lenovo30eh FirmwareAll versions
Lenovo20df FirmwareAll versions
Lenovo20dg FirmwareAll versions
Lenovo20e0 FirmwareAll versions
Lenovo20de FirmwareAll versions
Lenovo20dh FirmwareAll versions
Lenovo20et FirmwareAll versions
Lenovo20eu FirmwareAll versions
Lenovo20ev FirmwareAll versions
Lenovo20ew FirmwareAll versions
Lenovo20ex FirmwareAll versions
Lenovo20ey FirmwareAll versions
Lenovo20h1 FirmwareAll versions
Lenovo20h2 FirmwareAll versions
Lenovo20h5 FirmwareAll versions
Lenovo20h6 FirmwareAll versions
Lenovo20h4 FirmwareAll versions
Lenovo20h8 FirmwareAll versions
Lenovo20kn FirmwareAll versions
Lenovo20kq FirmwareAll versions
Lenovo20ks FirmwareAll versions
Lenovo20kt FirmwareAll versions

Showing 50 of 148 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-6171?
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
How severe is CVE-2019-6171?
CVE-2019-6171 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2019-6171?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-6171?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST