A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware.
CVSS Score
6.4
EPSS Score
0.001
Published
2019-08-19
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
CVSS Score
6.8
EPSS Score
0.001
Published
2018-07-19