Privilege Escalation Vulnerability in Lenovo Notebook Systems
CVE-2021-3614

6.4MEDIUM

Key Information:

Vendor: Lenovo
Status: Notebook BiOS
Vendor: CVE Published:; 16 July 2021

Summary

A vulnerability exists in specific Lenovo Notebook systems that may allow an attacker with physical access to exploit the system. This can occur during a BIOS update processed through Lenovo Vantage, potentially enabling unauthorized privilege elevation. Users and system administrators should take caution during BIOS updates and ensure that physical access to devices is restricted.

Affected Version(s)

Notebook BIOS various

References

https://support.lenovo.com/us/en/product_security/LEN-65529

x_refsource_MISC

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2021
Vulnerability Reserved
Jun 23, 2021

Credit

Lenovo thanks Tim Boyd, NCC Group for reporting this issue.