CVE-2021-3614

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.
Failing Open
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
lenovoCNA
6.4 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
lenovov130-15ikb_firmware
-
lenovo100e_2nd_gen_firmware
-
lenovo300e_2nd_gen_firmware
-
lenovoideapad_730-13iml_firmware
-
lenovoideapad_flex_5-14alc05_firmware
-
lenovoideapad_flex_5-15alc05_firmware
-
lenovoideapad_1-11igl05_firmware
-
lenovoideapad_1-14igl05_firmware
-
lenovoideapad_s940-14iil_firmware
-
lenovoideapad_s940-14iwl_firmware
-
lenovoideapad_slim_1-11ast-05_firmware
-
lenovoideapad_slim_1-14ast-05_firmware
-
lenovov130-15igm_firmware
-
lenovov130-15ikb_firmware
-
lenovov330-15ikb_firmware
-
lenovov330-15isk_firmware
-
lenovoideapad_yoga_c940-15irh_firmware
-
lenovoideapad_yoga_s730-13iml_firmware
-
lenovoideapad_yoga_s940-14iil_firmware
-
lenovoideapad_yoga_s940-14iwl_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-65529
https://support.lenovo.com/us/en/product_security/LEN-65529