An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege.
CVSS Vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HLenovo Thinkpad 11e
HWLenovowszystkie wersjeLenovo Thinkpad 11e Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad 11e Yoga Gen 6
HWLenovowszystkie wersjeLenovo Thinkpad 11e Yoga Gen 6 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad 13
HWLenovowszystkie wersjeLenovo Thinkpad 13 2nd Gen
HWLenovowszystkie wersjeLenovo Thinkpad 13 2nd Gen Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad 13 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad A275
HWLenovowszystkie wersjeLenovo Thinkpad A275 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad A285
HWLenovowszystkie wersjeLenovo Thinkpad A285 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad A475
HWLenovowszystkie wersjeLenovo Thinkpad A475 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad A485
HWLenovowszystkie wersjeLenovo Thinkpad A485 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E14
HWLenovowszystkie wersjeLenovo Thinkpad E14 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E15
HWLenovowszystkie wersjeLenovo Thinkpad E15 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E455
HWLenovowszystkie wersjeLenovo Thinkpad E455 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E460
HWLenovowszystkie wersjeLenovo Thinkpad E460 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E465
HWLenovowszystkie wersjeLenovo Thinkpad E465 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E470
HWLenovowszystkie wersjeLenovo Thinkpad E470 Firmware
OSLenovo< 2020-07-10Lenovo Thinkpad E475
HWLenovowszystkie wersjeLenovo Thinkpad E475 Firmware
OSLenovo< 2020-07-10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2019-18619HIGH7.8ten sam produkt
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all ver...
CVE-2017-3767HIGH7.8ten sam produkt
A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1....
CVE-2017-3756HIGH7.8ten sam produkt
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems ve...
CVE-2022-4575MEDIUM6.7ten sam produkt
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad ...
CVE-2022-48189MEDIUM6.7ten sam produkt
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with ...