Sign-up

ID

VAR-201908-0050


CVE

CVE-2019-6171


TITLE

ThinkPad Vulnerability related to authorization, authority, and access control in the system of the old product

Trust: 0.8

sources: JVNDB: JVNDB-2019-008656

DESCRIPTION

A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware. ThinkPad Older product systems contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo ThinkPad 10 20E3 and so on are the products of China's Lenovo. The Lenovo ThinkPad 10 20E3 is a tablet computer. ThinkPad 10 20E4 is a tablet computer. ThinkPad 13 (KBL) 20J1 is a notebook computer

Trust: 2.34

sources: NVD: CVE-2019-6171 // JVNDB: JVNDB-2019-008656 // CNVD: CNVD-2019-44747 // VULHUB: VHN-157606 // VULMON: CVE-2019-6171

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-44747

AFFECTED PRODUCTS

vendor:lenovomodel:20jvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20exscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20g5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ajscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20akscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20n8scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20arscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ddscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20hvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bfscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20hmscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20klscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20aascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20eyscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h8scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lrscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20b7scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20b3scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20nqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20jrscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20m5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20etscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20a7scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:242xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kdscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:234xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20jqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bgscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20egscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20awscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20hsscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ljscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20amscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dsscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20k5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:248xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fwscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:239xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20juscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dhscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20b6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:344xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j7scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:343xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:247xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20anscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lnscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dcscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20acscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20muscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20abscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:246xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20jjscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ksscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j4scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20g4scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:30ehscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20mwscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ewscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20a8scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20f2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20f1scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lsscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20buscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20f5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20f6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bwscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20mvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kuscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20b0scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ntscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20efscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dtscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bescope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dfscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20knscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20d9scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20g8scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20euscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fmscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20e0scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h4scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dgscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20a9scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20nnscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:243xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20htscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20n9scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:235xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:336xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h1scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fnscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20djscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20evscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20nuscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20hnscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20nrscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20drscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20gascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20g9scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20jascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kcscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:233xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20blscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ltscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20k6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:3xxxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ktscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h5scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20m8scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fuscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20m7scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20m6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20j1scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:337xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20alscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20descope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20mxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lmscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20kmscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20fvscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20gbscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20aqscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:244xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:232xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20bmscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20lhscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20ngscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20h6scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20jhscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20huscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20nsscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:230xscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20l2scope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20dascope:eqversion: -

Trust: 1.0

vendor:lenovomodel:34xxscope:eqversion: -

Trust: 1.0

vendor:lenovomodel:20f1scope: - version: -

Trust: 0.8

vendor:lenovomodel:20f2scope: - version: -

Trust: 0.8

vendor:lenovomodel:20g8scope: - version: -

Trust: 0.8

vendor:lenovomodel:20g9scope: - version: -

Trust: 0.8

vendor:lenovomodel:20gascope: - version: -

Trust: 0.8

vendor:lenovomodel:20gbscope: - version: -

Trust: 0.8

vendor:lenovomodel:20htscope: - version: -

Trust: 0.8

vendor:lenovomodel:20hvscope: - version: -

Trust: 0.8

vendor:lenovomodel:20jqscope: - version: -

Trust: 0.8

vendor:lenovomodel:20jrscope: - version: -

Trust: 0.8

vendor:lenovomodel:thinkpad 20e3scope:eqversion:10

Trust: 0.6

vendor:lenovomodel:thinkpad 20e4scope:eqversion:10

Trust: 0.6

vendor:lenovomodel:thinkpad 20j1scope:eqversion:13

Trust: 0.6

vendor:lenovomodel:thinkpad 20j2scope:eqversion:13

Trust: 0.6

vendor:lenovomodel:thinkpad a275 20kcscope: - version: -

Trust: 0.6

vendor:lenovomodel:thinkpad 20kdscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-44747 // JVNDB: JVNDB-2019-008656 // NVD: CVE-2019-6171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6171
value: MEDIUM

Trust: 1.0

psirt@lenovo.com: CVE-2019-6171
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6171
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-44747
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201908-609
value: MEDIUM

Trust: 0.6

VULHUB: VHN-157606
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6171
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-44747
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-157606
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6171
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@lenovo.com: CVE-2019-6171
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2019-6171
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-44747 // VULHUB: VHN-157606 // VULMON: CVE-2019-6171 // JVNDB: JVNDB-2019-008656 // CNNVD: CNNVD-201908-609 // NVD: CVE-2019-6171 // NVD: CVE-2019-6171

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-157606 // JVNDB: JVNDB-2019-008656 // NVD: CVE-2019-6171

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201908-609

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008656

PATCH
title:LEN-27764url:https://support.lenovo.com/solutions/LEN-27764
Trust: 0.8
title:Patch for Multiple Lenovo Product Licensing and Access Control Issue Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/193669
Trust: 0.6
title:Multiple Lenovo Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96290
Trust: 0.6
title: - url:https://github.com/HeiderJeffer/thinkpad-ec 
Trust: 0.1
title:thinkpad-ecurl:https://github.com/hamishcoleman/thinkpad-ec 
Trust: 0.1
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-6171 
Trust: 0.1
title: - url:https://github.com/HeiderJeffer/Thinkpad-XX30-EC 
Trust: 0.1
title:Threatposturl:https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44747 // 
            
            
            
            VULMON: CVE-2019-6171 // 
            
            
            
            JVNDB: JVNDB-2019-008656 // 
            
            
            
            CNNVD: CNNVD-201908-609

EXTERNAL IDS
db:NVDid:CVE-2019-6171
Trust: 3.2
db:LENOVOid:LEN-27764
Trust: 1.8
db:JVNDBid:JVNDB-2019-008656
Trust: 0.8
db:CNNVDid:CNNVD-201908-609
Trust: 0.7
db:CNVDid:CNVD-2019-44747
Trust: 0.6
db:VULHUBid:VHN-157606
Trust: 0.1
db:VULMONid:CVE-2019-6171
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44747 // 
            
            
            
            VULHUB: VHN-157606 // 
            
            
            
            VULMON: CVE-2019-6171 // 
            
            
            
            JVNDB: JVNDB-2019-008656 // 
            
            
            
            CNNVD: CNNVD-201908-609 // 
            
            
            
            NVD: CVE-2019-6171

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-6171
Trust: 2.0
url:https://support.lenovo.com/solutions/len-27764
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6171
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-27764
Trust: 0.6
url:https://support.lenovo.com/us/zh/solutions/len-27764
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://github.com/heiderjeffer/thinkpad-ec
Trust: 0.1
url:https://github.com/hamishcoleman/thinkpad-ec
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44747 // 
            
            
            
            VULHUB: VHN-157606 // 
            
            
            
            VULMON: CVE-2019-6171 // 
            
            
            
            JVNDB: JVNDB-2019-008656 // 
            
            
            
            CNNVD: CNNVD-201908-609 // 
            
            
            
            NVD: CVE-2019-6171

SOURCES
db:CNVDid:CNVD-2019-44747
db:VULHUBid:VHN-157606
db:VULMONid:CVE-2019-6171
db:JVNDBid:JVNDB-2019-008656
db:CNNVDid:CNNVD-201908-609
db:NVDid:CVE-2019-6171

LAST UPDATE DATE
2024-11-23T22:48:20.784000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44747date:2019-12-11T00:00:00
db:VULHUBid:VHN-157606date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-6171date:2022-10-19T00:00:00
db:JVNDBid:JVNDB-2019-008656date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-609date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6171date:2024-11-21T04:46:05.243

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-44747date:2019-12-11T00:00:00
db:VULHUBid:VHN-157606date:2019-08-19T00:00:00
db:VULMONid:CVE-2019-6171date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-008656date:2019-09-04T00:00:00
db:CNNVDid:CNNVD-201908-609date:2019-08-08T00:00:00
db:NVDid:CVE-2019-6171date:2019-08-19T15:15:11.653