Published: 14/03/2019 Updated: 15/03/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

Vulnerability Summary

Multiple Lenovo products could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a flaw in the Intel firmware. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: LOCAL
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Vulnerability Trend

Affected Products

Vendor Advisories

Potential security vulnerabilities have been identified with Intel Platform Firmware that could allow privileged users and unauthenticated users to execute arbitrary code via local system access ...

Recent Articles

Lenovo Patches High-Severity Arbitrary Code Execution Flaws
Threatpost • Lindsey O'Donnell • 15 Mar 2019

Lenovo has patched several high-severity vulnerabilities in its products that could enable escalation of privilege, information disclosure, or even denial of service.
Overall the device maker patched flaws tied to 16 high-severity CVEs on Thursday. Those include five related to Intel firmware vulnerabilities, as well as 11 flaws stemming from vulnerabilities in Intel Converged Security and Management Engine (CSME), Intel Server Platform Services, Intel Trusted Execution Engine and Intel A...