Published: 19/08/2019 Updated: 19/10/2022

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lenovo 20f1_firmware -
lenovo 20f2_firmware -
lenovo 20jq_firmware -
lenovo 20jr_firmware -
lenovo 20g9_firmware -
lenovo 20gb_firmware -
lenovo 20g8_firmware -
lenovo 20ga_firmware -
lenovo 20ht_firmware -
lenovo 20hv_firmware -
lenovo 20hs_firmware -
lenovo 20hu_firmware -
lenovo 20lr_firmware -
lenovo 20lq_firmware -
lenovo 20ln_firmware -
lenovo 20lm_firmware -
lenovo 20j1_firmware -
lenovo 20j2_firmware -
lenovo 20kc_firmware -
lenovo 20kd_firmware -
lenovo 20mw_firmware -
lenovo 20mx_firmware -
lenovo 20kl_firmware -
lenovo 20km_firmware -
lenovo 20mu_firmware -
lenovo 20mv_firmware -
lenovo 20dc_firmware -
lenovo 20dd_firmware -
lenovo 30eh_firmware -
lenovo 20df_firmware -
lenovo 20dg_firmware -
lenovo 20e0_firmware -
lenovo 20de_firmware -
lenovo 20dh_firmware -
lenovo 20et_firmware -
lenovo 20eu_firmware -
lenovo 20ev_firmware -
lenovo 20ew_firmware -
lenovo 20ex_firmware -
lenovo 20ey_firmware -
lenovo 20h1_firmware -
lenovo 20h2_firmware -
lenovo 20h5_firmware -
lenovo 20h6_firmware -
lenovo 20h4_firmware -
lenovo 20h8_firmware -
lenovo 20kn_firmware -
lenovo 20kq_firmware -
lenovo 20ks_firmware -
lenovo 20kt_firmware -
lenovo 20ku_firmware -
lenovo 20kv_firmware -
lenovo 20n8_firmware -
lenovo 20n9_firmware -
lenovo 20ng_firmware -
lenovo 3xxx_firmware -
lenovo 20m5_firmware -
lenovo 20m6_firmware -
lenovo 20m7_firmware -
lenovo 20m8_firmware -
lenovo 20nr_firmware -
lenovo 20ns_firmware -
lenovo 20nt_firmware -
lenovo 20nu_firmware -
lenovo 246x_firmware -
lenovo 247x_firmware -
lenovo 248x_firmware -
lenovo 20ds_firmware -
lenovo 20dt_firmware -
lenovo 20fu_firmware -
lenovo 20fv_firmware -
lenovo 20j4_firmware -
lenovo 20j5_firmware -
lenovo 20ju_firmware -
lenovo 20jv_firmware -
lenovo 20ls_firmware -
lenovo 20lt_firmware -
lenovo 20l2_firmware -
lenovo 20lx_firmware -
lenovo 20ja_firmware -
lenovo 20dq_firmware -
lenovo 20dr_firmware -
lenovo 20g5_firmware -
lenovo 20g4_firmware -
lenovo 20b0_firmware -
lenovo 20b3_firmware -
lenovo 234x_firmware -
lenovo 235x_firmware -
lenovo 20a9_firmware -
lenovo 20aa_firmware -
lenovo 20ab_firmware -
lenovo 20ac_firmware -
lenovo 20b6_firmware -
lenovo 20b7_firmware -
lenovo 20aq_firmware -
lenovo 20ar_firmware -
lenovo 20an_firmware -
lenovo 20aw_firmware -
lenovo 20bu_firmware -
lenovo 20bv_firmware -
lenovo 20dj_firmware -
lenovo 20bw_firmware -
lenovo 20bx_firmware -
lenovo 20fm_firmware -
lenovo 20fn_firmware -
lenovo 20fw_firmware -
lenovo 20fx_firmware -
lenovo 20j6_firmware -
lenovo 20j7_firmware -
lenovo 239x_firmware -
lenovo 242x_firmware -
lenovo 243x_firmware -
lenovo 20be_firmware -
lenovo 20bf_firmware -
lenovo 244x_firmware -
lenovo 20bg_firmware -
lenovo 20ef_firmware -
lenovo 20eg_firmware -
lenovo 34xx_firmware -
lenovo 20a7_firmware -
lenovo 20a8_firmware -
lenovo 336x_firmware -
lenovo 337x_firmware -
lenovo 20bl_firmware -
lenovo 20bm_firmware -
lenovo 343x_firmware -
lenovo 344x_firmware -
lenovo 230x_firmware -
lenovo 232x_firmware -
lenovo 233x_firmware -
lenovo 20al_firmware -
lenovo 20am_firmware -
lenovo 20aj_firmware -
lenovo 20ak_firmware -
lenovo 20f5_firmware -
lenovo 20f6_firmware -
lenovo 20hn_firmware -
lenovo 20hm_firmware -
lenovo 20k5_firmware -
lenovo 20k6_firmware -
lenovo 20lh_firmware -
lenovo 20lj_firmware -
lenovo 20nn_firmware -
lenovo 20nq_firmware -
lenovo 20d9_firmware -
lenovo 20da_firmware -
lenovo 20jh_firmware -
lenovo 20jj_firmware -

Infrastructure for examining and patching Thinkpad embedded controller firmware

COMPATIBILTY WARNING: As the result of CVE-2019-6171, newer Lenovo firmware update files have added a digital signature If you upgrade to locked version you will not be able to patch your EC without downgrading it laptop last modifiable first protected version t430 BIOS 281 (G1ETC1WW) EC 113 (G1HT35WW) BIOS 282 (G1ETC2WW) EC 114 (G1HT36WW) t430s BIOS 275 (G7ETB

Infrastructure for examining and patching Thinkpad embedded controller firmware

Thinkpad XX30 EC COMPATIBILTY WARNING: As the result of CVE-2019-6171, newer Lenovo firmware update files have added a digital signature If you upgrade to locked version you will not be able to patch your EC without downgrading it laptop last modifiable first protected version t430 BIOS 281 (G1ETC1WW) EC 113 (G1HT35WW) BIOS 282 (G1ETC2WW) EC 114 (G1HT36WW) t4

Infrastructure for examining and patching Thinkpad embedded controller firmware

NVD-CWE-noinfo https://support.lenovo.com/solutions/LEN-27764 https://nvd.nist.gov https://github.com/hamishcoleman/thinkpad-ec

Get Started

CVE-2019-6171

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect