Strix
26.1K

CVE-2021-3519

MEDIUMCVSS 6.8/10EPSS 0.23%

Last modified

CVE-2021-3519 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Metrics

CVSS 3.1
6.8/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.23%

13.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoIdeacentre C5-14mb05 Firmware< o4hkt33a
LenovoIdeacentre 3-07imb05 Firmware< m2vkt18a
LenovoIdeacentre 5-14imb05 Firmware< o4hkt33a
LenovoIdeacentre 5-14iob6 Firmware< m3gkt29a
LenovoIdeacentre Creator 5-14iob6 Firmware< m3gkt29a
LenovoIdeacentre G5-14imb05 Firmware< o4hkt33a
LenovoIdeacentre Gaming 5-14iob6 Firmware< m3gkt29a
LenovoThinkcentre M60e Tiny Firmware< m3skt1ea
LenovoThinkcentre M630e Firmware< m28kt36a
LenovoThinkcentre M70a Firmware<= m2skt21a
LenovoThinkcentre M70s Firmware< m2tkt3ca
LenovoThinkcentre M70t Firmware< m2tkt3ca
LenovoThinkcentre M710e Firmware< m1zkt37a
LenovoThinkcentre M710s Firmware< m16kt67a
LenovoThinkcentre M710t Firmware< m16kt67a
LenovoThinkcentre M720e Firmware< m30kt23a
LenovoThinkcentre M75n Firmware< m33kt21a
LenovoThinkcentre M75s Gen 2 Firmware< m3bkt24a
LenovoThinkcentre M70a Gen 2 Firmware< m3nkt17a
LenovoThinkcentre M70c Firmware< m2vkt18a
LenovoThinkcentre M70q Firmware< m2wkt49a
LenovoThinkcentre M75s Gen 2 Firmware< m3akt35a
LenovoThinkcentre M75t Gen 2 Firmware< m3bkt24a
LenovoThinkcentre M75t Gen 2 Firmware< m3akt35a
LenovoThinkcentre M80q Firmware< m2wkt49a
LenovoThinkcentre M80s Firmware< m2tkt3ca
LenovoThinkcentre M80t Firmware< m2tkt3ca
LenovoThinkcentre M810z Firmware< m1ckt47a
LenovoThinkcentre M820z Firmware< m1nkt57a
LenovoThinkcentre M90a Firmware< m2rkt47a
LenovoThinkcentre M90q Tiny Firmware< m2wkt49a
LenovoThinkcentre M90s Firmware< m2tkt3ca
LenovoThinkcentre M90t Firmware< m2tkt3ca
LenovoThinkcentre Qt M410 Firmware< m16kt67a
LenovoThinkcentre Qt B415 Firmware< m16kt67a
LenovoThinkcentre Qt M415 Firmware< m16kt67a
LenovoThinkcentre E75 T\/S Firmware< m16kt67a
LenovoIdeacentre 310s-08igm Firmware<= m1tkt31a
LenovoIdeacentre 510a-15arr Firmware<= o4dkt41a
LenovoIdeacentre 510s-07icb Firmware< m22kt46a
LenovoIdeacentre 510s-07ick Firmware< m30kt24a
LenovoIdeacentre 510s-07ick Firmware< m30kt23a
LenovoV30a-22iml Firmware< m37kt26a
LenovoV330 Firmware<= m1tkt32a
LenovoV50a-24imb Firmware< m36kt27a
LenovoV50s-07imb Firmware< m2vkt18a
LenovoV50a-22imb Firmware< m36kt27a
LenovoV50t-13imb Firmware< o4hkt33a
LenovoV50t-13imb G2 Firmware< m3gkt29a
LenovoV520 Firmware< m16kt67a

Showing 50 of 62 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-3519?
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.
How severe is CVE-2021-3519?
CVE-2021-3519 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.23% probability of exploitation in the next 30 days.
How do I fix CVE-2021-3519?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-3519?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST