Description

Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll back of CSME Firmware in flash.

Related CPE's

o

lenovo

thinkpad_e14_firmware

Vulnerable

h

lenovo

thinkpad_e14

-

o

lenovo

thinkpad_e15_firmware

Vulnerable

h

lenovo

thinkpad_e15

-

o

lenovo

thinkpad_r14_firmware

Vulnerable

h

lenovo

thinkpad_r14

-

o

lenovo

thinkpad_s3_gen_2_firmware

Vulnerable

h

lenovo

thinkpad_s3_gen_2

-

o

lenovo

thinkpad_e490s_firmware

Vulnerable

h

lenovo

thinkpad_e490s

-

o

lenovo

thinkpad_s3_firmware

Vulnerable

h

lenovo

thinkpad_s3

-

o

lenovo

thinkpad_e490_firmware

Vulnerable

h

lenovo

thinkpad_e490

-

o

lenovo

thinkpad_e590_firmware

Vulnerable

h

lenovo

thinkpad_e590

-

o

lenovo

thinkpad_r490_firmware

Vulnerable

h

lenovo

thinkpad_r490

-

o

lenovo

thinkpad_r590_firmware

Vulnerable

h

lenovo

thinkpad_r590

-

o

lenovo

thinkpad_l13_1st_gen_firmware

Vulnerable

h

lenovo

thinkpad_l13_1st_gen

-

o

lenovo

thinkpad_l1415_gen_1_firmware

Vulnerable

h

lenovo

thinkpad_l1415_gen_1

-

o

lenovo

thinkpad_l390_yoga_firmware

Vulnerable

h

lenovo

thinkpad_l390_yoga

-

o

lenovo

thinkpad_s2_yoga_4th_gen_firmware

Vulnerable

h

lenovo

thinkpad_s2_yoga_4th_gen

-

o

lenovo

thinkpad_l490_firmware

Vulnerable

h

lenovo

thinkpad_l490

-

o

lenovo

thinkpad_l590_firmware

Vulnerable

h

lenovo

thinkpad_l590

-

o

lenovo

thinkpad_p1_\(20mx\)_firmware

Vulnerable

h

lenovo

thinkpad_p1_\(20mx\)

-

o

lenovo

thinkpad_p1_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_p1_\(20qx\)

-

o

lenovo

thinkpad_p43s_\(20rx\)_firmware

Vulnerable

h

lenovo

thinkpad_p43s_\(20rx\)

-

o

lenovo

thinkpad_p52_\(20mx\)_firmware

Vulnerable

h

lenovo

thinkpad_p52_\(20mx\)

-

o

lenovo

thinkpad_p53_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_p53_\(20qx\)

-

o

lenovo

thinkpad_p53s_\(20nx\)_firmware

Vulnerable

h

lenovo

thinkpad_p53s_\(20nx\)

-

o

lenovo

thinkpad_p72_\(20mx\)_firmware

Vulnerable

h

lenovo

thinkpad_p72_\(20mx\)

-

o

lenovo

thinkpad_p73_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_p73_\(20qx\)

-

o

lenovo

thinkpad_t490_\(20nx\)_firmware

Vulnerable

h

lenovo

thinkpad_t490_\(20nx\)

-

o

lenovo

thinkpad_t490_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_t490_\(20qx\)

-

o

lenovo

thinkpad_t490_\(20rx\)_firmware

Vulnerable

h

lenovo

thinkpad_t490_\(20rx\)

-

o

lenovo

thinkpad_t490s_\(20nx\)_firmware

Vulnerable

h

lenovo

thinkpad_t490s_\(20nx\)

-

o

lenovo

thinkpad_t590_\(20nx\)_firmware

Vulnerable

h

lenovo

thinkpad_t590_\(20nx\)

-

o

lenovo

thinkpad_x1_carbon_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_carbon_\(20qx\)

-

o

lenovo

thinkpad_x1_carbon_\(20rx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_carbon_\(20rx\)

-

o

lenovo

thinkpad_x1_extreme_\(20mx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_extreme_\(20mx\)

-

o

lenovo

thinkpad_x1_extreme_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_extreme_\(20qx\)

-

o

lenovo

thinkpad_x1_yoga_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_yoga_\(20qx\)

-

o

lenovo

thinkpad_x1_yoga_\(20sx\)_firmware

Vulnerable

h

lenovo

thinkpad_x1_yoga_\(20sx\)

-

o

lenovo

thinkpad_x390_\(20qx\)_firmware

Vulnerable

h

lenovo

thinkpad_x390_\(20qx\)

-

o

lenovo

thinkpad_x390_\(20sx\)_firmware

Vulnerable

h

lenovo

thinkpad_x390_\(20sx\)

-

o

lenovo

thinkpad_x390_yoga_firmware

Vulnerable

h

lenovo

thinkpad_x390_yoga

-

References

https://support.lenovo.com/us/en/product_security/LEN-30042

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2020-06-09T20:15:22.693

4 years ago

Last modified

2020-06-22T13:44:51.553

4 years ago