CVE-2021-3519

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.0%

top 89.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Ideacentre 3-07imb05 Firmware Lenovo Ideacentre 5-14imb05 Firmware Lenovo Ideacentre 5-14iob6 Firmware +57 more

Timeline

PublishedNov 12

Latest updateMay 24

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HExploitability: 0.9 | Impact: 5.5

Affected Packages60 packages

▶CVEListV5lenovo/desktop_biosvarious

▶NVDlenovo/v520_firmware< m16kt67a

▶NVDlenovo/v520s_firmware< m16kt67a

▶NVDlenovo/v30a-22iml_firmware< m37kt26a

▶NVDlenovo/v50a-22imb_firmware< m36kt27a

🔴Vulnerability Details

GHSA

GHSA-jxph-jj63-5vcv: A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Devi↗2022-05-24

▶

CVEList

CVE-2021-3519: A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Devi↗2021-11-12

▶