CVE-2021-3519

Published: Nov 12, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Affected (62)

Lenovo

59 products

Ideacentre C5 14mb05 Firmware

Ideacentre 3 07imb05 Firmware

Ideacentre 5 14imb05 Firmware

Ideacentre 5 14iob6 Firmware

Ideacentre Creator 5 14iob6 Firmware

Ideacentre G5 14imb05 Firmware

Ideacentre Gaming 5 14iob6 Firmware

Thinkcentre M60e Tiny Firmware

Thinkcentre M630e Firmware

Thinkcentre M70a Firmware

Thinkcentre M70s Firmware

Thinkcentre M70t Firmware

Thinkcentre M710e Firmware

Thinkcentre M710s Firmware

Thinkcentre M710t Firmware

Thinkcentre M720e Firmware

Thinkcentre M75n Firmware

Thinkcentre M75s Gen 2 Firmware

Thinkcentre M70a Gen 2 Firmware

Thinkcentre M70c Firmware

Thinkcentre M70q Firmware

Thinkcentre M75t Gen 2 Firmware

Thinkcentre M80q Firmware

Thinkcentre M80s Firmware

Thinkcentre M80t Firmware

Thinkcentre M810z Firmware

Thinkcentre M820z Firmware

Thinkcentre M90a Firmware

Thinkcentre M90q Tiny Firmware

Thinkcentre M90s Firmware

Thinkcentre M90t Firmware

Thinkcentre Qt M410 Firmware

Thinkcentre Qt B415 Firmware

Thinkcentre Qt M415 Firmware

Thinkcentre E75 T/s Firmware

Ideacentre 310s 08igm Firmware

Ideacentre 510a 15arr Firmware

Ideacentre 510s 07icb Firmware

Ideacentre 510s 07ick Firmware

V50t 13imb G2 Firmware

Thinkstation P340 Tiny Firmware

Thinkstation P340 Firmware

Thinkstation P520 Firmware

Thinkstation P520c Firmware

Thinkstation P720 Firmware

Thinkstation P920 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre C5 14mb05 Firmware	Before o4hkt33a

Running on/with	Platform Versions
Lenovo Ideacentre C5 14mb05	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 3 07imb05 Firmware	Before m2vkt18a

Running on/with	Platform Versions
Lenovo Ideacentre 3 07imb05	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 5 14imb05 Firmware	Before o4hkt33a

Running on/with	Platform Versions
Lenovo Ideacentre 5 14imb05	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 5 14iob6 Firmware	Before m3gkt29a

Running on/with	Platform Versions
Lenovo Ideacentre 5 14iob6	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Creator 5 14iob6 Firmware	Before m3gkt29a

Running on/with	Platform Versions
Lenovo Ideacentre Creator 5 14iob6	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre G5 14imb05 Firmware	Before o4hkt33a

Running on/with	Platform Versions
Lenovo Ideacentre G5 14imb05	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre Gaming 5 14iob6 Firmware	Before m3gkt29a

Running on/with	Platform Versions
Lenovo Ideacentre Gaming 5 14iob6	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M60e Tiny Firmware	Before m3skt1ea

Running on/with	Platform Versions
Lenovo Thinkcentre M60e Tiny	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M630e Firmware	Before m28kt36a

Running on/with	Platform Versions
Lenovo Thinkcentre M630e	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70a Firmware	Up to m2skt21a

Running on/with	Platform Versions
Lenovo Thinkcentre M70a	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70s Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M70s	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70t Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M70t	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710e Firmware	Before m1zkt37a

Running on/with	Platform Versions
Lenovo Thinkcentre M710e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710s Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre M710s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M710t Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre M710t	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M720e Firmware	Before m30kt23a

Running on/with	Platform Versions
Lenovo Thinkcentre M720e	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75n Firmware	Before m33kt21a

Running on/with	Platform Versions
Lenovo Thinkcentre M75n	All versions

Configuration R

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75s Gen 2 Firmware	Before m3bkt24a

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70a Gen 2 Firmware	Before m3nkt17a

Running on/with	Platform Versions
Lenovo Thinkcentre M70a Gen 2	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70c Firmware	Before m2vkt18a

Running on/with	Platform Versions
Lenovo Thinkcentre M70c	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M70q Firmware	Before m2wkt49a

Running on/with	Platform Versions
Lenovo Thinkcentre M70q	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75s Gen 2 Firmware	Before m3akt35a

Running on/with	Platform Versions
Lenovo Thinkcentre M75s Gen 2	All versions

Configuration W

1 vulnerable

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75t Gen 2 Firmware	Before m3bkt24a

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M75t Gen 2 Firmware	Before m3akt35a

Running on/with	Platform Versions
Lenovo Thinkcentre M75t Gen 2	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M80q Firmware	Before m2wkt49a

Running on/with	Platform Versions
Lenovo Thinkcentre M80q	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M80s Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M80s	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M80t Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M80t	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M810z Firmware	Before m1ckt47a

Running on/with	Platform Versions
Lenovo Thinkcentre M810z	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M820z Firmware	Before m1nkt57a

Running on/with	Platform Versions
Lenovo Thinkcentre M820z	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90a Firmware	Before m2rkt47a

Running on/with	Platform Versions
Lenovo Thinkcentre M90a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90q Tiny Firmware	Before m2wkt49a

Running on/with	Platform Versions
Lenovo Thinkcentre M90a Tiny	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90s Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M90s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre M90t Firmware	Before m2tkt3ca

Running on/with	Platform Versions
Lenovo Thinkcentre M90t	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre Qt M410 Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre Qt M410	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre Qt B415 Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre Qt B415	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre Qt M415 Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre Qt M415	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkcentre E75 T/s Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo Thinkcentre E75 T/s	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 310s 08igm Firmware	Up to m1tkt31a

Running on/with	Platform Versions
Lenovo Ideacentre 310s 08igm	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510a 15arr Firmware	Up to o4dkt41a

Running on/with	Platform Versions
Lenovo Ideacentre 510a 15arr	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07icb Firmware	Before m22kt46a

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07icb	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07ick Firmware	Before m30kt24a

Running on/with	Platform Versions
Microsoft Windows 10	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Ideacentre 510s 07ick Firmware	Before m30kt23a

Running on/with	Platform Versions
Lenovo Ideacentre 510s 07ick	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V30a 22iml Firmware	Before m37kt26a

Running on/with	Platform Versions
Lenovo V30a 22iml	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V330 Firmware	Up to m1tkt32a

Running on/with	Platform Versions
Lenovo V330	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50a 24imb Firmware	Before m36kt27a

Running on/with	Platform Versions
Lenovo V50a 24imb	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50s 07imb Firmware	Before m2vkt18a

Running on/with	Platform Versions
Lenovo V50s 07imb	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50a 22imb Firmware	Before m36kt27a

Running on/with	Platform Versions
Lenovo V50a 22imb	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50t 13imb Firmware	Before o4hkt33a

Running on/with	Platform Versions
Lenovo V50t 13imb	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V50t 13imb G2 Firmware	Before m3gkt29a

Running on/with	Platform Versions
Lenovo V50t 13imb G2	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V520 Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo V520	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V520s Firmware	Before m16kt67a

Running on/with	Platform Versions
Lenovo V520s	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530 15arr Firmware	Up to o4dkt41a

Running on/with	Platform Versions
Lenovo V530 15arr	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530 15icr Firmware	Before m2ykt29a

Running on/with	Platform Versions
Lenovo V530 15icr	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icb Firmware	Before m30kt23a

Running on/with	Platform Versions
Lenovo V530s 07icb	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V530s 07icr Firmware	Before m30kt23a

Running on/with	Platform Versions
Lenovo V530s 07icr	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo V55t 15api Firmware	Up to o4dkt41a

Running on/with	Platform Versions
Lenovo V55t 15api	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P340 Tiny Firmware	Before m2wkt49a

Running on/with	Platform Versions
Lenovo Thinkstation P340 Tiny	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P340 Firmware	Before s08kt3fa

Running on/with	Platform Versions
Lenovo Thinkstation P340	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520 Firmware	Up to s03kt49a

Running on/with	Platform Versions
Lenovo Thinkstation P520	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P520c Firmware	Up to s03kt49a

Running on/with	Platform Versions
Lenovo Thinkstation P520c	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P720 Firmware	Before s04kt54a\/s04kt54p

Running on/with	Platform Versions
Lenovo Thinkstation P720	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lenovo Thinkstation P920 Firmware	Before s04kt54a\/s04kt54p

Running on/with	Platform Versions
Lenovo Thinkstation P920	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://support.lenovo.com/us/en/product_security/LEN-67440

Source: psirt@lenovo.com

Vendor Advisory

https://support.lenovo.com/us/en/product_security/LEN-67440

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.