CVE-2021-3718 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
lenovo	CNA	4.3 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
lenovo	thinkpad_11e_3rd_gen_firmware	𝑥 ≤ 1.22
lenovo	thinkpad_11e_3rd_gen_firmware	𝑥 ≤ 1.29
lenovo	thinkpad_11e_4th_gen_i3_firmware	𝑥 ≤ 1.22
lenovo	thinkpad_11e_4th_gen_i7_firmware	𝑥 ≤ 1.22
lenovo	thinkpad_11e_4th_gen_i5_firmware	𝑥 ≤ 1.22
lenovo	thinkpad_11e_4th_gen_celeron_firmware	𝑥 ≤ 1.27
lenovo	thinkpad_11e_yoga_gen_6_firmware	𝑥 ≤ 1.12
lenovo	thinkpad_13_gen_2_firmware	𝑥 ≤ 1.29
lenovo	thinkpad_e490_firmware	𝑥 ≤ 1.30
lenovo	thinkpad_e490s_firmware	𝑥 ≤ 1.30
lenovo	thinkpad_e590_firmware	𝑥 ≤ 1.30
lenovo	thinkpad_l13_firmware	𝑥 ≤ 1.31
lenovo	thinkpad_l13_gen_2_firmware	𝑥 ≤ 1.11
lenovo	thinkpad_l13_gen_2_firmware	𝑥 ≤ 1.08
lenovo	thinkpad_l13_yoga_firmware	𝑥 ≤ 1.31
lenovo	thinkpad_l13_yoga_gen_2_firmware	𝑥 ≤ 1.11
lenovo	thinkpad_l13_yoga_gen_2_firmware	𝑥 ≤ 1.08
lenovo	thinkpad_l14_gen_1_firmware	𝑥 < 1.15
lenovo	thinkpad_l14_firmware	𝑥 < 1.20.1.17
lenovo	thinkpad_l15_gen_1_firmware	𝑥 < 1.15
lenovo	thinkpad_l15_firmware	𝑥 < 1.20.1.17
lenovo	thinkpad_l380_firmware	𝑥 ≤ 1.26
lenovo	thinkpad_l380_yoga_firmware	𝑥 ≤ 1.26
lenovo	thinkpad_l390_yoga_firmware	𝑥 ≤ 1.35
lenovo	thinkpad_l390_firmware	𝑥 ≤ 1.35
lenovo	thinkpad_l490_firmware	𝑥 < 1.26
lenovo	thinkpad_l590_firmware	𝑥 < 1.26
lenovo	thinkpad_s5_2nd_gen_firmware	𝑥 ≤ 1.28
lenovo	thinkpad_t460_firmware	𝑥 ≤ 1.43.1.11
lenovo	thinkpad_s2_gen_6_firmware	𝑥 ≤ 2021-09-30
lenovo	thinkpad_s2_yoga_gen_6_firmware	𝑥 ≤ 2021-09-30
lenovo	thinkpad_x12_detachable_gen_1_firmware	𝑥 < 1.16
lenovo	thinkpad_x260_firmware	𝑥 ≤ 1.47\/1.15
lenovo	thinkpad_x380_yoga_firmware	𝑥 ≤ 1.34
lenovo	thinkpad_11e_5th_gen_firmware	𝑥 ≤ 1.13
lenovo	thinkpad_11e_5th_gen_firmware	𝑥 ≤ 1.13

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-232 - Improper Handling of Undefined Values
The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

References

https://support.lenovo.com/us/en/product_security/LEN-72619