Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Physical
1

CVE-2021-3519

Disclosure Date: November 12, 2021
CVE-2021-3519 CVSS v3 Base Score: 6.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the “BIOS Password At Boot Device List” BIOS setting is Yes.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.8 Medium
Impact Score:
5.9
Exploitability Score:
0.9
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Physical
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Desktop BIOS various
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • lenovo

Products

  • ideacentre 3-07imb05 firmware,
  • ideacentre 310s-08igm firmware,
  • ideacentre 5-14imb05 firmware,
  • ideacentre 5-14iob6 firmware,
  • ideacentre 510a-15arr firmware,
  • ideacentre 510s-07icb firmware,
  • ideacentre 510s-07ick firmware,
  • ideacentre c5-14mb05 firmware,
  • ideacentre creator 5-14iob6 firmware,
  • ideacentre g5-14imb05 firmware,
  • ideacentre gaming 5-14iob6 firmware,
  • thinkcentre e75 t/s firmware,
  • thinkcentre m60e tiny firmware,
  • thinkcentre m630e firmware,
  • thinkcentre m70a firmware,
  • thinkcentre m70a gen 2 firmware,
  • thinkcentre m70c firmware,
  • thinkcentre m70q firmware,
  • thinkcentre m70s firmware,
  • thinkcentre m70t firmware,
  • thinkcentre m710e firmware,
  • thinkcentre m710s firmware,
  • thinkcentre m710t firmware,
  • thinkcentre m720e firmware,
  • thinkcentre m75n firmware,
  • thinkcentre m75s gen 2 firmware,
  • thinkcentre m75t gen 2 firmware,
  • thinkcentre m80q firmware,
  • thinkcentre m80s firmware,
  • thinkcentre m80t firmware,
  • thinkcentre m810z firmware,
  • thinkcentre m820z firmware,
  • thinkcentre m90a firmware,
  • thinkcentre m90q tiny firmware,
  • thinkcentre m90s firmware,
  • thinkcentre m90t firmware,
  • thinkcentre qt b415 firmware,
  • thinkcentre qt m410 firmware,
  • thinkcentre qt m415 firmware,
  • thinkstation p340 firmware,
  • thinkstation p340 tiny firmware,
  • thinkstation p520 firmware,
  • thinkstation p520c firmware,
  • thinkstation p720 firmware,
  • thinkstation p920 firmware,
  • v30a-22iml firmware,
  • v330 firmware,
  • v50a-22imb firmware,
  • v50a-24imb firmware,
  • v50s-07imb firmware,
  • v50t-13imb firmware,
  • v50t-13imb g2 firmware,
  • v520 firmware,
  • v520s firmware,
  • v530-15arr firmware,
  • v530-15icr firmware,
  • v530s-07icb firmware,
  • v530s-07icr firmware,
  • v55t-15api firmware

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis