Description
A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/solutions/LEN-27764
Scores
CVSS v3
6.8
EPSS
0.0005
EPSS Percentile
14.5%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (50)
lenovo/20a7_firmware
lenovo/20a8_firmware
lenovo/20a9_firmware
lenovo/20aa_firmware
lenovo/20ab_firmware
lenovo/20ac_firmware
lenovo/20aj_firmware
lenovo/20ak_firmware
lenovo/20al_firmware
lenovo/20am_firmware
... and 40 more
Published
Aug 19, 2019
Tracked Since
Feb 18, 2026