CVE-2019-6188 | ThinkPad T460p and T470p BIOS Tamper Mechanism

The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T460p, BIOS versions up to R07ET90W, and T470p, BIOS versions up to R0FET50W, which may allow for unauthorized access.

Published: 2019-11-12 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2019-6188 is rated Moderate Risk (63.4/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.32%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2019-6188

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.62% 1.32% +0.71%
2 2025-03-30 1.28% 0.62% -0.67%
3 2025-03-29 1.28%

Full EPSS history (10 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-6188

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
9.8 3.1 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
3.9 5.9 [email protected]
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
10.0 6.4 [email protected]

Weakness enumeration for CVE-2019-6188

Affected software / configurations for CVE-2019-6188

Vendor Product Version Raw CPE
lenovo 510-15ikl_firmware cpe:2.3:o:lenovo:510-15ikl_firmware:-:*:*:*:*:*:*:*
lenovo 510s-08ikl_firmware cpe:2.3:o:lenovo:510s-08ikl_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_300-20ish_firmware cpe:2.3:o:lenovo:ideacentre_300-20ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_300s-11ish_firmware cpe:2.3:o:lenovo:ideacentre_300s-11ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_310s-08asr_firmware cpe:2.3:o:lenovo:ideacentre_310s-08asr_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_310s-08igm_firmware cpe:2.3:o:lenovo:ideacentre_310s-08igm_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510-15icb_firmware cpe:2.3:o:lenovo:ideacentre_510-15icb_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510a-15icb_firmware cpe:2.3:o:lenovo:ideacentre_510a-15icb_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_510s-08ish_firmware cpe:2.3:o:lenovo:ideacentre_510s-08ish_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_700_firmware cpe:2.3:o:lenovo:ideacentre_700_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_720-18apr_firmware cpe:2.3:o:lenovo:ideacentre_720-18apr_firmware:-:*:*:*:*:*:*:*
lenovo ideacentre_720-18icb_firmware cpe:2.3:o:lenovo:ideacentre_720-18icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_c530-19icb_firmware cpe:2.3:o:lenovo:legion_c530-19icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_c730-19ico_firmware cpe:2.3:o:lenovo:legion_c730-19ico_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28apr_firmware cpe:2.3:o:lenovo:legion_t530-28apr_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28apr_reflash_firmware cpe:2.3:o:lenovo:legion_t530-28apr_reflash_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28icb_firmware cpe:2.3:o:lenovo:legion_t530-28icb_firmware:-:*:*:*:*:*:*:*
lenovo legion_t530-28icb_reflash_firmware cpe:2.3:o:lenovo:legion_t530-28icb_reflash_firmware:-:*:*:*:*:*:*:*
lenovo legion_t730-28ico_firmware cpe:2.3:o:lenovo:legion_t730-28ico_firmware:-:*:*:*:*:*:*:*
lenovo legion_y520t_z370_firmware cpe:2.3:o:lenovo:legion_y520t_z370_firmware:-:*:*:*:*:*:*:*
lenovo 63_firmware cpe:2.3:o:lenovo:63_firmware:-:*:*:*:*:*:*:*
lenovo h50-30g_desktop_firmware cpe:2.3:o:lenovo:h50-30g_desktop_firmware:-:*:*:*:*:*:*:*
lenovo m4500_firmware cpe:2.3:o:lenovo:m4500_firmware:-:*:*:*:*:*:*:*
lenovo m4500_id_firmware cpe:2.3:o:lenovo:m4500_id_firmware:-:*:*:*:*:*:*:*
lenovo m4550_id_firmware cpe:2.3:o:lenovo:m4550_id_firmware:-:*:*:*:*:*:*:*
lenovo v330-15igm_firmware cpe:2.3:o:lenovo:v330-15igm_firmware:-:*:*:*:*:*:*:*
lenovo v530s-07icb_firmware cpe:2.3:o:lenovo:v530s-07icb_firmware:-:*:*:*:*:*:*:*
lenovo qitian_4500_firmware cpe:2.3:o:lenovo:qitian_4500_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b4550_firmware cpe:2.3:o:lenovo:qitian_b4550_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b4650_firmware cpe:2.3:o:lenovo:qitian_b4650_firmware:-:*:*:*:*:*:*:*
lenovo qitian_b5900_firmware cpe:2.3:o:lenovo:qitian_b5900_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4550_firmware cpe:2.3:o:lenovo:qitian_m4550_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4600_firmware cpe:2.3:o:lenovo:qitian_m4600_firmware:-:*:*:*:*:*:*:*
lenovo qitian_m4650_firmware cpe:2.3:o:lenovo:qitian_m4650_firmware:-:*:*:*:*:*:*:*
lenovo qt_m410_firmware cpe:2.3:o:lenovo:qt_m410_firmware:-:*:*:*:*:*:*:*
lenovo qt_b415_firmware cpe:2.3:o:lenovo:qt_b415_firmware:-:*:*:*:*:*:*:*
lenovo qt_m415_firmware cpe:2.3:o:lenovo:qt_m415_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e73_firmware cpe:2.3:o:lenovo:thinkcentre_e73_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e73s_firmware cpe:2.3:o:lenovo:thinkcentre_e73s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e74_firmware cpe:2.3:o:lenovo:thinkcentre_e74_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e74s_firmware cpe:2.3:o:lenovo:thinkcentre_e74s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e75t_firmware cpe:2.3:o:lenovo:thinkcentre_e75t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e75s_firmware cpe:2.3:o:lenovo:thinkcentre_e75s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_e93_firmware cpe:2.3:o:lenovo:thinkcentre_e93_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500k_firmware cpe:2.3:o:lenovo:thinkcentre_m4500k_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500q_firmware cpe:2.3:o:lenovo:thinkcentre_m4500q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500t_firmware cpe:2.3:o:lenovo:thinkcentre_m4500t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4500s_firmware cpe:2.3:o:lenovo:thinkcentre_m4500s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4600t_firmware cpe:2.3:o:lenovo:thinkcentre_m4600t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m4600s_firmware cpe:2.3:o:lenovo:thinkcentre_m4600s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m600_firmware cpe:2.3:o:lenovo:thinkcentre_m600_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m610_firmware cpe:2.3:o:lenovo:thinkcentre_m610_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m625q_firmware cpe:2.3:o:lenovo:thinkcentre_m625q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6500t_firmware cpe:2.3:o:lenovo:thinkcentre_m6500t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6500s_firmware cpe:2.3:o:lenovo:thinkcentre_m6500s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600_firmware cpe:2.3:o:lenovo:thinkcentre_m6600_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600q_firmware cpe:2.3:o:lenovo:thinkcentre_m6600q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600t_firmware cpe:2.3:o:lenovo:thinkcentre_m6600t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m6600s_firmware cpe:2.3:o:lenovo:thinkcentre_m6600s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700q_firmware cpe:2.3:o:lenovo:thinkcentre_m700q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700t_firmware cpe:2.3:o:lenovo:thinkcentre_m700t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m700s_firmware cpe:2.3:o:lenovo:thinkcentre_m700s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710e_firmware cpe:2.3:o:lenovo:thinkcentre_m710e_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710q_firmware cpe:2.3:o:lenovo:thinkcentre_m710q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710t_firmware cpe:2.3:o:lenovo:thinkcentre_m710t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m710s_firmware cpe:2.3:o:lenovo:thinkcentre_m710s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715q_firmware cpe:2.3:o:lenovo:thinkcentre_m715q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715q_rr_firmware cpe:2.3:o:lenovo:thinkcentre_m715q_rr_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715t_firmware cpe:2.3:o:lenovo:thinkcentre_m715t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m715s_firmware cpe:2.3:o:lenovo:thinkcentre_m715s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720q_firmware cpe:2.3:o:lenovo:thinkcentre_m720q_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720t_firmware cpe:2.3:o:lenovo:thinkcentre_m720t_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m720s_firmware cpe:2.3:o:lenovo:thinkcentre_m720s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m725s_firmware cpe:2.3:o:lenovo:thinkcentre_m725s_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73_firmware cpe:2.3:o:lenovo:thinkcentre_m73_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73_tiny_firmware cpe:2.3:o:lenovo:thinkcentre_m73_tiny_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m73p_firmware cpe:2.3:o:lenovo:thinkcentre_m73p_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m79_firmware cpe:2.3:o:lenovo:thinkcentre_m79_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m800_firmware cpe:2.3:o:lenovo:thinkcentre_m800_firmware:-:*:*:*:*:*:*:*
lenovo thinkcentre_m83_firmware cpe:2.3:o:lenovo:thinkcentre_m83_firmware:-:*:*:*:*:*:*:*

References for CVE-2019-6188

cvelogic Threat Intelligence