← back
CVE-2019-6170

CVE-2019-6170

CVSS 6.4 MEDIUMEPSS 0.4%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Nov 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Lenovo · ThinkPad

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-27714