Unauthorized Access Vulnerability in Lenovo Desktop BIOS Settings
CVE-2021-3519

6.4MEDIUM

Key Information:

Vendor: Lenovo
Status: Desktop BiOS
Vendor: CVE Published:; 12 November 2021

Summary

A security flaw in certain Lenovo Desktop models allows unauthorized users to gain access to the boot menu when the 'BIOS Password At Boot Device List' setting is enabled. This could potentially lead to further exploitation of system resources or exposure of sensitive information if unmonitored.

Affected Version(s)

Desktop BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-67440

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2021
Vulnerability Reserved
Apr 27, 2021

Credit

Lenovo thanks Pawel Urbanek for reporting this issue.