CVE-2021-3519

moderate-risk

Published 2021-11-12

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.4/10 Medium

PHYSICAL / LOW complexity

Affected Products (20)

Ideacentre C5-14Mb05 Firmware

Ideacentre 3-07Imb05 Firmware

Ideacentre 5-14Imb05 Firmware

Ideacentre 5-14Iob6 Firmware

Ideacentre Creator 5-14Iob6 Firmware

Ideacentre G5-14Imb05 Firmware

Ideacentre Gaming 5-14Iob6 Firmware

Thinkcentre M60E Tiny Firmware

Thinkcentre M630E Firmware

Thinkcentre M70A Firmware

Thinkcentre M70S Firmware

Thinkcentre M70T Firmware

Thinkcentre M710E Firmware

Thinkcentre M710S Firmware

Thinkcentre M710T Firmware

Thinkcentre M720E Firmware

Thinkcentre M75N Firmware

Thinkcentre M75S Gen 2 Firmware

Thinkcentre M70A Gen 2 Firmware

Thinkcentre M70C Firmware

Affected Vendors

Lenovo

References (2)

Vendor Advisory https://support.lenovo.com/us/en/product_security/LEN-67440

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 27/34 · High