CVE-2021-3519 — MEDIUM (6.4)

Q: What is CVE-2021-3519?

CVE-2021-3519 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Q: How severe is CVE-2021-3519?

CVE-2021-3519 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3519?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Mb05 Firmware, Lenovo Ideacentre C5-14Mb05, Lenovo Ideacentre 3-07Imb05 Firmware, Lenovo Ideacentre 3-07Imb05, Lenovo Ideacentre 5-14Imb05 Firmware.

Vulnerability Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Ideacentre C5-14Mb05 Firmware	< o4hkt33a
Lenovo	Ideacentre C5-14Mb05	-
Lenovo	Ideacentre 3-07Imb05 Firmware	< m2vkt18a
Lenovo	Ideacentre 3-07Imb05	-
Lenovo	Ideacentre 5-14Imb05 Firmware	< o4hkt33a
Lenovo	Ideacentre 5-14Imb05	-
Lenovo	Ideacentre 5-14Iob6 Firmware	< m3gkt29a
Lenovo	Ideacentre 5-14Iob6	-
Lenovo	Ideacentre Creator 5-14Iob6 Firmware	< m3gkt29a
Lenovo	Ideacentre Creator 5-14Iob6	-
Lenovo	Ideacentre G5-14Imb05 Firmware	< o4hkt33a
Lenovo	Ideacentre G5-14Imb05	-
Lenovo	Ideacentre Gaming 5-14Iob6 Firmware	< m3gkt29a
Lenovo	Ideacentre Gaming 5-14Iob6	-
Lenovo	Thinkcentre M60E Tiny Firmware	< m3skt1ea
Lenovo	Thinkcentre M60E Tiny	-
Lenovo	Thinkcentre M630E Firmware	< m28kt36a
Lenovo	Thinkcentre M630E	-
Lenovo	Thinkcentre M70A Firmware	<= m2skt21a
Lenovo	Thinkcentre M70A	-

Related Weaknesses (CWE)

CWE-287

References

https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory

FAQ

What is CVE-2021-3519?

CVE-2021-3519 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

How severe is CVE-2021-3519?

CVE-2021-3519 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3519?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Ideacentre C5-14Mb05 Firmware, Lenovo Ideacentre C5-14Mb05, Lenovo Ideacentre 3-07Imb05 Firmware, Lenovo Ideacentre 3-07Imb05, Lenovo Ideacentre 5-14Imb05 Firmware.