CVE-2021-3719 — MEDIUM (6.7)

Q: How severe is CVE-2021-3719?

CVE-2021-3719 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3719?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkcentre E93 Firmware, Lenovo Thinkcentre E93, Lenovo Thinkcentre M600 Firmware, Lenovo Thinkcentre M600, Lenovo Thinkcentre M700 Tiny Firmware.

Vulnerability Description

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lenovo	Thinkcentre E93 Firmware	< fbktdfa
Lenovo	Thinkcentre E93	-
Lenovo	Thinkcentre M600 Firmware	< m00kt65a
Lenovo	Thinkcentre M600	-
Lenovo	Thinkcentre M700 Tiny Firmware	< fwktb9a
Lenovo	Thinkcentre M700 Tiny	-
Lenovo	Thinkcentre M73 Firmware	< fhkt86a
Lenovo	Thinkcentre M73	-
Lenovo	Thinkcentre M73P Firmware	< fbktdfa
Lenovo	Thinkcentre M73P	-
Lenovo	Thinkcentre M800 Firmware	< fwktb9a
Lenovo	Thinkcentre M800	-
Lenovo	Thinkcentre M818Z Firmware	< m1ekt23a
Lenovo	Thinkcentre M818Z	-
Lenovo	Thinkcentre M83 Firmware	< fbktdfa
Lenovo	Thinkcentre M83	-
Lenovo	Thinkcentre M900 Firmware	< fwktb9a
Lenovo	Thinkcentre M900	-
Lenovo	Thinkcentre M900X Firmware	< fwktb9a
Lenovo	Thinkcentre M900X	-

Related Weaknesses (CWE)

CWE-20

References

https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory

FAQ

What is CVE-2021-3719?

CVE-2021-3719 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker wi...

How severe is CVE-2021-3719?

CVE-2021-3719 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3719?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkcentre E93 Firmware, Lenovo Thinkcentre E93, Lenovo Thinkcentre M600 Firmware, Lenovo Thinkcentre M600, Lenovo Thinkcentre M700 Tiny Firmware.