CVSS: 3.3EPSS: 0%CPEs: 356EXPL: 0CVE-2019-6156
https://notcve.org/view.php?id=CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in various versions of BIOS for Lenovo systems, the PRx is not set. This does not impact the SMM BIOS Write Protection, which keeps systems protected. En los sistemas Lenovo, SMM BIOS Write Protection se utiliza para evitar la escritura en SPI Flash. • https://support.lenovo.com/solutions/LEN-26332 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-6154
https://notcve.org/view.php?id=CVE-2019-6154
A DLL search path vulnerability was reported in Lenovo Bootable Generator, prior to version Mar-2019, that could allow a malicious user with local access to execute code on the system. Se informó de una vulnerabilidad en la ruta de búsqueda de DLL en Lenovo Bootable Generator, anterior a la versión Mar-2019, que podría permitir a un usuario malicioso con acceso local ejecute código en el sistema. • https://support.lenovo.com/solutions/LEN-25401 • CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2019-0135
https://notcve.org/view.php?id=CVE-2019-0135
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206 Los permisos inapropiados en el instalador para Accelerated Storage Manager de Intel® en RSTe de Intel® anterior a versión 5.5.0.2015, pueden permitir que un usuario autenticado habilite potencialmente una escalada de privilegios por medio de un acceso local. L-SA-00206. • https://support.lenovo.com/us/en/product_security/LEN-27843 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 222EXPL: 0CVE-2017-3753
https://notcve.org/view.php?id=CVE-2017-3753
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V. Se ha identificado una vulnerabilidad en algunos productos Lenovo que emplean código UEFI (BIOS) desarrollado por American Megatrends, Inc. (AMI). • https://support.lenovo.com/us/en/product_security/LEN-14695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2016-5247
https://notcve.org/view.php?id=CVE-2016-5247
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. El BIOS para Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93 y dispositivos M93P; ThinkServer RQ940, RS140, TS140, TS240, TS440 y dispositivos TS540; y ThinkStation E32, P300 y dispositivos P310 podría permitir a usuarios locales o atacantes físicamente próximos eludir el mecanismo de protección Secure Boot mediante el aprovechamiento de una llave test AMI. • http://www.securityfocus.com/bid/92661 https://support.lenovo.com/product_security/PS500067 • CWE-254: 7PK - Security Features •