Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Local
1

CVE-2021-3599

Disclosure Date: November 12, 2021
CVE-2021-3599 CVSS v3 Base Score: 6.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
6.7 Medium
Impact Score:
5.9
Exploitability Score:
0.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
ThinkPad BIOS various
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • lenovo

Products

  • ideapad s940-14iwl firmware,
  • ideapad yoga s940-14iwl firmware,
  • thinkpad 10 firmware,
  • thinkpad 11e 3rd gen firmware,
  • thinkpad 11e 4th gen firmware,
  • thinkpad 11e yoga gen 6 firmware,
  • thinkpad 13 gen 2 firmware,
  • thinkpad 25 firmware,
  • thinkpad e14 firmware,
  • thinkpad e14 gen 2 firmware,
  • thinkpad e14 gen 3 firmware,
  • thinkpad e15 firmware,
  • thinkpad e15 gen 2 firmware,
  • thinkpad e15 gen 3 firmware,
  • thinkpad e470 firmware,
  • thinkpad e480 firmware,
  • thinkpad e490 firmware,
  • thinkpad e570 firmware,
  • thinkpad e580 firmware,
  • thinkpad e590 firmware,
  • thinkpad helix firmware,
  • thinkpad l13 firmware,
  • thinkpad l13 gen 2 firmware,
  • thinkpad l13 yoga firmware,
  • thinkpad l13 yoga gen 2 firmware,
  • thinkpad l14 firmware,
  • thinkpad l15 firmware,
  • thinkpad l15 gen 2 firmware,
  • thinkpad l380 firmware,
  • thinkpad l380 yoga firmware,
  • thinkpad l390 firmware,
  • thinkpad l390 yoga firmware,
  • thinkpad l460 firmware,
  • thinkpad l470 firmware,
  • thinkpad l480 firmware,
  • thinkpad l490 firmware,
  • thinkpad l560 firmware,
  • thinkpad l570 firmware,
  • thinkpad l580 firmware,
  • thinkpad l590 firmware,
  • thinkpad p1 firmware,
  • thinkpad p1 gen 2 firmware,
  • thinkpad p1 gen 3 firmware,
  • thinkpad p14s gen 1 firmware,
  • thinkpad p14s gen 2 firmware,
  • thinkpad p15 gen 1 firmware,
  • thinkpad p15s gen 1 firmware,
  • thinkpad p15s gen 2 firmware,
  • thinkpad p15v gen 1 firmware,
  • thinkpad p17 gen 1 firmware,
  • thinkpad p43s firmware,
  • thinkpad p50 firmware,
  • thinkpad p50s firmware,
  • thinkpad p51 firmware,
  • thinkpad p51s firmware,
  • thinkpad p52 firmware,
  • thinkpad p52s firmware,
  • thinkpad p53 firmware,
  • thinkpad p53s firmware,
  • thinkpad p70 firmware,
  • thinkpad p71 firmware,
  • thinkpad p72 firmware,
  • thinkpad p73 firmware,
  • thinkpad s2 gen 6 firmware,
  • thinkpad s2 yoga gen 6 firmware,
  • thinkpad s5 2nd gen firmware,
  • thinkpad s540 firmware,
  • thinkpad t14 gen 1 firmware,
  • thinkpad t14 gen 2 firmware,
  • thinkpad t14s firmware,
  • thinkpad t14s gen 2 firmware,
  • thinkpad t15 firmware,
  • thinkpad t15 gen 2 firmware,
  • thinkpad t15g gen 1 firmware,
  • thinkpad t15p gen 1 firmware,
  • thinkpad t440p firmware,
  • thinkpad t460 firmware,
  • thinkpad t460p firmware,
  • thinkpad t460s firmware,
  • thinkpad t470 firmware,
  • thinkpad t470p firmware,
  • thinkpad t470s firmware,
  • thinkpad t480 firmware,
  • thinkpad t480s firmware,
  • thinkpad t490 firmware,
  • thinkpad t490s firmware,
  • thinkpad t550 firmware,
  • thinkpad t560 firmware,
  • thinkpad t570 firmware,
  • thinkpad t580 firmware,
  • thinkpad t590 firmware,
  • thinkpad w550s firmware,
  • thinkpad x1 carbon 3rd gen firmware,
  • thinkpad x1 carbon 4th gen firmware,
  • thinkpad x1 carbon 5th gen kabylake firmware,
  • thinkpad x1 carbon 5th gen skylake firmware,
  • thinkpad x1 carbon gen 6 firmware,
  • thinkpad x1 carbon gen 7 firmware,
  • thinkpad x1 carbon gen 8 firmware,
  • thinkpad x1 extreme 2nd firmware,
  • thinkpad x1 extreme firmware,
  • thinkpad x1 extreme gen 3 firmware,
  • thinkpad x1 fold gen 1 firmware,
  • thinkpad x1 nano gen 1 firmware,
  • thinkpad x1 tablet firmware,
  • thinkpad x1 tablet gen 2 firmware,
  • thinkpad x1 tablet gen 3 firmware,
  • thinkpad x1 titanium firmware,
  • thinkpad x1 yoga 1st gen firmware,
  • thinkpad x1 yoga 3rd gen firmware,
  • thinkpad x1 yoga 4th gen firmware,
  • thinkpad x1 yoga gen 5 firmware,
  • thinkpad x12 detachable gen 1 firmware,
  • thinkpad x13 gen 1 firmware,
  • thinkpad x13 gen 2 firmware,
  • thinkpad x13 yoga gen 1 firmware,
  • thinkpad x13 yoga gen 2 firmware,
  • thinkpad x250 firmware,
  • thinkpad x260 firmware,
  • thinkpad x270 firmware,
  • thinkpad x280 firmware,
  • thinkpad x380 yoga firmware,
  • thinkpad x390 firmware,
  • thinkpad x390 yoga firmware,
  • thinkpad yoga 11e 3rd gen firmware,
  • thinkpad yoga 11e 4th gen firmware,
  • thinkpad yoga 11e 5th gen firmware,
  • thinkpad yoga 15 firmware,
  • thinkpad yoga 260 firmware,
  • thinkpad yoga 370 firmware,
  • v130-15igm firmware,
  • v330-15ikb firmware,
  • v330-15isk firmware

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis