CVE-2021-3972

EUVD-2021-27177
A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
lenovoCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
lenovos540-13iml_firmware
-
lenovoslim_7_pro-14ihu5_firmware
-
lenovoslim_9-14itl05_firmware
-
lenovoyoga_c940-14iil_firmware
-
lenovoyoga_slim_7_pro-14ihu5_firmware
-
lenovoyoga_slim_7_pro-14ihu5_o_firmware
-
lenovoyoga_slim_7_pro-14itl5_firmware
-
lenovoyoga_slim_9-14itl05_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.lenovo.com/us/en/product_security/LEN-73440
https://support.lenovo.com/us/en/product_security/LEN-73440