8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.2 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
**Lenovo Security Advisory:**LEN-37550
**Potential Impact:**Escalation of Privilege, Denial of Service, Information Disclosure
**Severity:**High
**Scope of Impact:**Industry-wide
**CVE Identifier:**CVE-2019-14556, CVE-2019-14557, CVE-2019-14558, CVE-2020-8671, CVE-2020-8672, CVE-2020-0571, CVE-2020-24457
Summary Description:
Intel reported potential security vulnerabilities in BIOS firmware for multiple Intel Platforms that may allow escalation of privilege, denial of service and/or information disclosure.
Mitigation Strategy for Customers (what you should do to protect yourself):
Intel recommends upgrading to the BIOS firmware version (or newer) indicated for your model in the Product Impact section below.
Product Impact:
To download the version specified for your product below, follow these steps:
Alternatively and if applicable for your product, you may use Lenovo Vantage or Windows Update to update to the latest available version. To confirm you are using the minimum fix version (or higher), go to Add/Remove Programs and check the version listed there.
8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5.2 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P