Strix
26.1K

CVE-2021-4211

MEDIUMCVSS 6.7/10EPSS 0.24%

Last modified

CVE-2021-4211 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Metrics

CVSS 3.1
6.7/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.24%

15.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
LenovoA340-22icb FirmwareAll versions
LenovoA340-22ick FirmwareAll versions
LenovoA340-24icb FirmwareAll versions
LenovoA340-24ick FirmwareAll versions
LenovoA540-24icb FirmwareAll versions
LenovoA540-27icb FirmwareAll versions
LenovoIdeacentre 5-14iob6 FirmwareAll versions
LenovoIdeacentre 510s-07icb FirmwareAll versions
LenovoIdeacentre 510s-07ick FirmwareAll versions
LenovoIdeacentre Aio 3-22ada6 FirmwareAll versions
LenovoIdeacentre Aio 3-22iil5 FirmwareAll versions
LenovoIdeacentre Aio 3-22itl6 FirmwareAll versions
LenovoIdeacentre Aio 3-24ada6 FirmwareAll versions
LenovoIdeacentre Aio 3-24iil5 FirmwareAll versions
LenovoIdeacentre Aio 3-24itl6 FirmwareAll versions
LenovoIdeacentre Aio 3-27itl6 FirmwareAll versions
LenovoIdeacentre Creator 5-14iob6 FirmwareAll versions
LenovoIdeacentre Gaming 5-14iob6 FirmwareAll versions
LenovoSe30 FirmwareAll versions
LenovoThinkcentre M600 FirmwareAll versions
LenovoThinkcentre M700 Tiny FirmwareAll versions
LenovoThinkcentre M70a FirmwareAll versions
LenovoThinkcentre M710e FirmwareAll versions
LenovoThinkcentre M710q FirmwareAll versions
LenovoThinkcentre M710q \(10yc\) FirmwareAll versions
LenovoThinkcentre M710s FirmwareAll versions
LenovoThinkcentre M710t FirmwareAll versions
LenovoThinkcentre M720e FirmwareAll versions
LenovoThinkcentre M75n FirmwareAll versions
LenovoThinkcentre M800 FirmwareAll versions
LenovoThinkcentre M810z FirmwareAll versions
LenovoThinkcentre M820z FirmwareAll versions
LenovoThinkcentre M900 FirmwareAll versions
LenovoThinkcentre M900x FirmwareAll versions
LenovoThinkcentre M90a \(Gen 2\) FirmwareAll versions
LenovoThinkcentre M910q FirmwareAll versions
LenovoThinkcentre M910s FirmwareAll versions
LenovoThinkcentre M910t FirmwareAll versions
LenovoThinkcentre M910x FirmwareAll versions
LenovoThinkstation P310 FirmwareAll versions
LenovoThinkstation P320 FirmwareAll versions
LenovoThinkstation P320 Tiny FirmwareAll versions
LenovoV30a-22iml FirmwareAll versions
LenovoV30a-24iml FirmwareAll versions
LenovoV410z FirmwareAll versions
LenovoV50t-13iob G2 FirmwareAll versions
LenovoV520 FirmwareAll versions
LenovoV520s FirmwareAll versions
LenovoV530-15icb FirmwareAll versions
LenovoV530-15icr FirmwareAll versions

Showing 50 of 53 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-4211?
A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
How severe is CVE-2021-4211?
CVE-2021-4211 has a CVSS score of 6.7/10 (MEDIUM severity). The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.
How do I fix CVE-2021-4211?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-4211?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST