CVE-2021-3519 | Severity.io

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Related CPE's

ideacentre_c5-14mb05_firmware

Vulnerable

ideacentre_c5-14mb05

ideacentre_3-07imb05_firmware

Vulnerable

ideacentre_3-07imb05

ideacentre_5-14imb05_firmware

Vulnerable

ideacentre_5-14imb05

ideacentre_5-14iob6_firmware

Vulnerable

ideacentre_5-14iob6

ideacentre_creator_5-14iob6_firmware

Vulnerable

ideacentre_creator_5-14iob6

ideacentre_g5-14imb05_firmware

Vulnerable

ideacentre_g5-14imb05

ideacentre_gaming_5-14iob6_firmware

Vulnerable

ideacentre_gaming_5-14iob6

thinkcentre_m60e_tiny_firmware

Vulnerable

thinkcentre_m60e_tiny

thinkcentre_m630e_firmware

Vulnerable

thinkcentre_m630e

thinkcentre_m70a_firmware

Vulnerable

thinkcentre_m70a

thinkcentre_m70s_firmware

Vulnerable

thinkcentre_m70s

thinkcentre_m70t_firmware

Vulnerable

thinkcentre_m70t

thinkcentre_m710e_firmware

Vulnerable

thinkcentre_m710e

thinkcentre_m710s_firmware

Vulnerable

thinkcentre_m710s

thinkcentre_m710t_firmware

Vulnerable

thinkcentre_m710t

thinkcentre_m720e_firmware

Vulnerable

thinkcentre_m720e

thinkcentre_m75n_firmware

Vulnerable

thinkcentre_m75n

o

lenovo

thinkcentre_m75s_gen_2_firmware

2

h

lenovo

thinkcentre_m75s_gen_2

2

thinkcentre_m70a_gen_2_firmware

Vulnerable

thinkcentre_m70a_gen_2

thinkcentre_m70c_firmware

Vulnerable

thinkcentre_m70c

thinkcentre_m70q_firmware

Vulnerable

thinkcentre_m70q

o

lenovo

thinkcentre_m75t_gen_2_firmware

2

h

lenovo

thinkcentre_m75t_gen_2

2

thinkcentre_m80q_firmware

Vulnerable

thinkcentre_m80q

thinkcentre_m80s_firmware

Vulnerable

thinkcentre_m80s

thinkcentre_m80t_firmware

Vulnerable

thinkcentre_m80t

thinkcentre_m810z_firmware

Vulnerable

thinkcentre_m810z

thinkcentre_m820z_firmware

Vulnerable

thinkcentre_m820z

thinkcentre_m90a_firmware

Vulnerable

thinkcentre_m90a

thinkcentre_m90q_tiny_firmware

Vulnerable

thinkcentre_m90a_tiny

thinkcentre_m90s_firmware

Vulnerable

thinkcentre_m90s

thinkcentre_m90t_firmware

Vulnerable

thinkcentre_m90t

thinkcentre_qt_m410_firmware

Vulnerable

thinkcentre_qt_m410

thinkcentre_qt_b415_firmware

Vulnerable

thinkcentre_qt_b415

thinkcentre_qt_m415_firmware

Vulnerable

thinkcentre_qt_m415

thinkcentre_e75_t\/s_firmware

Vulnerable

thinkcentre_e75_t\/s

ideacentre_310s-08igm_firmware

Vulnerable

ideacentre_310s-08igm

o

microsoft

windows_10

4

ideacentre_510a-15arr_firmware

Vulnerable

ideacentre_510a-15arr

ideacentre_510s-07icb_firmware

Vulnerable

ideacentre_510s-07icb

o

lenovo

ideacentre_510s-07ick_firmware

2

h

lenovo

ideacentre_510s-07ick

2

v30a-22iml_firmware

Vulnerable

Vulnerable

v50a-24imb_firmware

Vulnerable

v50s-07imb_firmware

Vulnerable

v50a-22imb_firmware

Vulnerable

v50t-13imb_firmware

Vulnerable

v50t-13imb_g2_firmware

Vulnerable

Vulnerable

Vulnerable

v530-15arr_firmware

Vulnerable

v530-15icr_firmware

Vulnerable

v530s-07icb_firmware

Vulnerable

v530s-07icr_firmware

Vulnerable

v55t-15api_firmware

Vulnerable

thinkstation_p340_tiny_firmware

Vulnerable

thinkstation_p340_tiny

thinkstation_p340_firmware

Vulnerable

thinkstation_p340

thinkstation_p520_firmware

Vulnerable

thinkstation_p520

thinkstation_p520c_firmware

Vulnerable

thinkstation_p520c

thinkstation_p720_firmware

Vulnerable

thinkstation_p720

thinkstation_p920_firmware

Vulnerable

thinkstation_p920

References

https://support.lenovo.com/us/en/product_security/LEN-67440

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-287

[email protected]

Secondary

CWE-287

CVSS impact metrics

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 · Medium

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-11-12T22:15:07.733

3 years ago

Last modified

2021-11-19T22:04:31.987

3 years ago