Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Published

2021-11-12T22:15:07.733

Last Modified

2024-11-21T06:21:44.760

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	ideacentre_c5-14mb05_firmware	< o4hkt33a	Yes
Hardware	lenovo	ideacentre_c5-14mb05	-	No
Operating System	lenovo	ideacentre_3-07imb05_firmware	< m2vkt18a	Yes
Hardware	lenovo	ideacentre_3-07imb05	-	No
Operating System	lenovo	ideacentre_5-14imb05_firmware	< o4hkt33a	Yes
Hardware	lenovo	ideacentre_5-14imb05	-	No
Operating System	lenovo	ideacentre_5-14iob6_firmware	< m3gkt29a	Yes
Hardware	lenovo	ideacentre_5-14iob6	-	No
Operating System	lenovo	ideacentre_creator_5-14iob6_firmware	< m3gkt29a	Yes
Hardware	lenovo	ideacentre_creator_5-14iob6	-	No
Operating System	lenovo	ideacentre_g5-14imb05_firmware	< o4hkt33a	Yes
Hardware	lenovo	ideacentre_g5-14imb05	-	No
Operating System	lenovo	ideacentre_gaming_5-14iob6_firmware	< m3gkt29a	Yes
Hardware	lenovo	ideacentre_gaming_5-14iob6	-	No
Operating System	lenovo	thinkcentre_m60e_tiny_firmware	< m3skt1ea	Yes
Hardware	lenovo	thinkcentre_m60e_tiny	-	No
Operating System	lenovo	thinkcentre_m630e_firmware	< m28kt36a	Yes
Hardware	lenovo	thinkcentre_m630e	-	No
Operating System	lenovo	thinkcentre_m70a_firmware	≤ m2skt21a	Yes
Hardware	lenovo	thinkcentre_m70a	-	No
Operating System	lenovo	thinkcentre_m70s_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m70s	-	No
Operating System	lenovo	thinkcentre_m70t_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m70t	-	No
Operating System	lenovo	thinkcentre_m710e_firmware	< m1zkt37a	Yes
Hardware	lenovo	thinkcentre_m710e	-	No
Operating System	lenovo	thinkcentre_m710s_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_m710s	-	No
Operating System	lenovo	thinkcentre_m710t_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_m710t	-	No
Operating System	lenovo	thinkcentre_m720e_firmware	< m30kt23a	Yes
Hardware	lenovo	thinkcentre_m720e	-	No
Operating System	lenovo	thinkcentre_m75n_firmware	< m33kt21a	Yes
Hardware	lenovo	thinkcentre_m75n	-	No
Operating System	lenovo	thinkcentre_m75s_gen_2_firmware	< m3bkt24a	Yes
Hardware	lenovo	thinkcentre_m75s_gen_2	-	No
Operating System	lenovo	thinkcentre_m70a_gen_2_firmware	< m3nkt17a	Yes
Hardware	lenovo	thinkcentre_m70a_gen_2	-	No
Operating System	lenovo	thinkcentre_m70c_firmware	< m2vkt18a	Yes
Hardware	lenovo	thinkcentre_m70c	-	No
Operating System	lenovo	thinkcentre_m70q_firmware	< m2wkt49a	Yes
Hardware	lenovo	thinkcentre_m70q	-	No
Operating System	lenovo	thinkcentre_m75s_gen_2_firmware	< m3akt35a	Yes
Hardware	lenovo	thinkcentre_m75s_gen_2	-	No
Operating System	lenovo	thinkcentre_m75t_gen_2_firmware	< m3bkt24a	Yes
Hardware	lenovo	thinkcentre_m75t_gen_2	-	No
Operating System	lenovo	thinkcentre_m75t_gen_2_firmware	< m3akt35a	Yes
Hardware	lenovo	thinkcentre_m75t_gen_2	-	No
Operating System	lenovo	thinkcentre_m80q_firmware	< m2wkt49a	Yes
Hardware	lenovo	thinkcentre_m80q	-	No
Operating System	lenovo	thinkcentre_m80s_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m80s	-	No
Operating System	lenovo	thinkcentre_m80t_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m80t	-	No
Operating System	lenovo	thinkcentre_m810z_firmware	< m1ckt47a	Yes
Hardware	lenovo	thinkcentre_m810z	-	No
Operating System	lenovo	thinkcentre_m820z_firmware	< m1nkt57a	Yes
Hardware	lenovo	thinkcentre_m820z	-	No
Operating System	lenovo	thinkcentre_m90a_firmware	< m2rkt47a	Yes
Hardware	lenovo	thinkcentre_m90a	-	No
Operating System	lenovo	thinkcentre_m90q_tiny_firmware	< m2wkt49a	Yes
Hardware	lenovo	thinkcentre_m90a_tiny	-	No
Operating System	lenovo	thinkcentre_m90s_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m90s	-	No
Operating System	lenovo	thinkcentre_m90t_firmware	< m2tkt3ca	Yes
Hardware	lenovo	thinkcentre_m90t	-	No
Operating System	lenovo	thinkcentre_qt_m410_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_qt_m410	-	No
Operating System	lenovo	thinkcentre_qt_b415_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_qt_b415	-	No
Operating System	lenovo	thinkcentre_qt_m415_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_qt_m415	-	No
Operating System	lenovo	thinkcentre_e75_t\/s_firmware	< m16kt67a	Yes
Hardware	lenovo	thinkcentre_e75_t\/s	-	No
Operating System	lenovo	ideacentre_310s-08igm_firmware	≤ m1tkt31a	Yes
Hardware	lenovo	ideacentre_310s-08igm	-	No
Operating System	microsoft	windows_10	-	No
Operating System	lenovo	ideacentre_510a-15arr_firmware	≤ o4dkt41a	Yes
Hardware	lenovo	ideacentre_510a-15arr	-	No
Operating System	microsoft	windows_10	-	No
Operating System	lenovo	ideacentre_510s-07icb_firmware	< m22kt46a	Yes
Hardware	lenovo	ideacentre_510s-07icb	-	No
Operating System	microsoft	windows_10	-	No
Operating System	lenovo	ideacentre_510s-07ick_firmware	< m30kt24a	Yes
Hardware	lenovo	ideacentre_510s-07ick	-	No
Operating System	microsoft	windows_10	-	No
Operating System	lenovo	ideacentre_510s-07ick_firmware	< m30kt23a	Yes
Hardware	lenovo	ideacentre_510s-07ick	-	No
Operating System	lenovo	v30a-22iml_firmware	< m37kt26a	Yes
Hardware	lenovo	v30a-22iml	-	No
Operating System	lenovo	v330_firmware	≤ m1tkt32a	Yes
Hardware	lenovo	v330	-	No
Operating System	lenovo	v50a-24imb_firmware	< m36kt27a	Yes
Hardware	lenovo	v50a-24imb	-	No
Operating System	lenovo	v50s-07imb_firmware	< m2vkt18a	Yes
Hardware	lenovo	v50s-07imb	-	No
Operating System	lenovo	v50a-22imb_firmware	< m36kt27a	Yes
Hardware	lenovo	v50a-22imb	-	No
Operating System	lenovo	v50t-13imb_firmware	< o4hkt33a	Yes
Hardware	lenovo	v50t-13imb	-	No
Operating System	lenovo	v50t-13imb_g2_firmware	< m3gkt29a	Yes
Hardware	lenovo	v50t-13imb_g2	-	No
Operating System	lenovo	v520_firmware	< m16kt67a	Yes
Hardware	lenovo	v520	-	No
Operating System	lenovo	v520s_firmware	< m16kt67a	Yes
Hardware	lenovo	v520s	-	No
Operating System	lenovo	v530-15arr_firmware	≤ o4dkt41a	Yes
Hardware	lenovo	v530-15arr	-	No
Operating System	lenovo	v530-15icr_firmware	< m2ykt29a	Yes
Hardware	lenovo	v530-15icr	-	No
Operating System	lenovo	v530s-07icb_firmware	< m30kt23a	Yes
Hardware	lenovo	v530s-07icb	-	No
Operating System	lenovo	v530s-07icr_firmware	< m30kt23a	Yes
Hardware	lenovo	v530s-07icr	-	No
Operating System	lenovo	v55t-15api_firmware	≤ o4dkt41a	Yes
Hardware	lenovo	v55t-15api	-	No
Operating System	lenovo	thinkstation_p340_tiny_firmware	< m2wkt49a	Yes
Hardware	lenovo	thinkstation_p340_tiny	-	No
Operating System	lenovo	thinkstation_p340_firmware	< s08kt3fa	Yes
Hardware	lenovo	thinkstation_p340	-	No
Operating System	lenovo	thinkstation_p520_firmware	≤ s03kt49a	Yes
Hardware	lenovo	thinkstation_p520	-	No
Operating System	lenovo	thinkstation_p520c_firmware	≤ s03kt49a	Yes
Hardware	lenovo	thinkstation_p520c	-	No
Operating System	lenovo	thinkstation_p720_firmware	< s04kt54a\/s04kt54p	Yes
Hardware	lenovo	thinkstation_p720	-	No
Operating System	lenovo	thinkstation_p920_firmware	< s04kt54a\/s04kt54p	Yes
Hardware	lenovo	thinkstation_p920	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-67440 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-67440 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)