Published: 14/03/2019 Updated: 30/04/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple Lenovo products could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a flaw in the Intel firmware. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Affected Products

Vendor Advisories

Potential security vulnerabilities have been identified with Intel Platform Firmware that could allow privileged users and unauthenticated users to execute arbitrary code via local system access ...

Recent Articles

Lenovo Patches Intel Firmware Flaws in Multiple Product Lines
Threatpost • Lindsey O'Donnell • 15 Mar 2019

Lenovo has patched several several high-severity vulnerabilities tied to Intel flaws that could enable escalation of privilege, information disclosure, or even denial of service.
Overall the device maker patched flaws tied to 16 high-severity CVEs on Thursday. Those include five related to Intel firmware vulnerabilities, as well as 11 flaws stemming from vulnerabilities in Intel Converged Security and Management Engine (CSME), Intel Server Platform Services, Intel Trusted Execution Engine...