2 matches found
CVE-2019-6171
CVE-2019-6171 affects older ThinkPad models where an attacker with administrative privileges or physical access can cause the Embedded Controller to accept unsigned firmware updates. Root cause is unsigned firmware update capability in the EC, enabling privilege escalation via BIOS/EC update path...
Embedded Controller Update Vulnerability - US
Lenovo Security Advisory: LEN-27764 Potential Impact: Privilege escalation Severity: Medium Scope of Impact: Lenovo-specific CVE Identifier: CVE-2019-6171 Summary Description: A vulnerability was reported in older ThinkPad systems that could allow a user with administrative privileges or physical...