CVE-2021-3614

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

CVSS v3 6.4 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:fqcn19ww:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:fqcn19ww:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:v130-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:100e_2nd_gen_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:100e_2nd_gen:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:300e_2nd_gen_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:300e_2nd_gen:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:ideapad_730-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_730-13iml:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:ideapad_flex_5-14alc05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_flex_5-14alc05:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:ideapad_flex_5-15alc05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_flex_5-15alc05:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:v130-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:ideapad_yoga_c940-15irh_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_yoga_c940-15irh:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lenovo:ideapad_yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lenovo:ideapad_yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:lenovo:ideapad_yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_yoga_s940-14iwl:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type	Values Removed	Values Added
CVSS	v2 : ~~4.4~~ v3 : ~~6.8~~	v2 : 4.4 v3 : 6.4
References	~~() https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory~~	() https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory

30 Jul 2021, 12:56

Type	Values Removed	Values Added
References	~~(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 -~~	(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory
CPE		cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:::::::* cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:fqcn19ww:::::::* cpe:2.3:o:lenovo:100e_2nd_gen_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_yoga_s730-13iml:-:::::::* cpe:2.3:h:lenovo:v330-15isk:-:::::::* cpe:2.3:h:lenovo:100e_2nd_gen:-:::::::* cpe:2.3:h:lenovo:ideapad_yoga_c940-15irh:-:::::::* cpe:2.3:h:lenovo:ideapad_yoga_s940-14iwl:-:::::::* cpe:2.3:o:lenovo:v330-15ikb_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_flex_5-15alc05_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_flex_5-15alc05:-:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_730-13iml_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-11ada05:-:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:::::::* cpe:2.3:h:lenovo:v330-15ikb:-:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:::::::* cpe:2.3:h:lenovo:ideapad_s940-14iil:-:::::::* cpe:2.3:o:lenovo:300e_2nd_gen_firmware:-:::::::* cpe:2.3:h:lenovo:v130-15igm:-:::::::* cpe:2.3:o:lenovo:ideapad_yoga_s940-14iil_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-14ada05:-:::::::* cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:v330-15isk_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_yoga_s940-14iil:-:::::::* cpe:2.3:o:lenovo:ideapad_yoga_c940-15irh_firmware:-:::::::* cpe:2.3:o:lenovo:v130-15ikb_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:fqcn19ww:::::::* cpe:2.3:h:lenovo:300e_2nd_gen:-:::::::* cpe:2.3:o:lenovo:ideapad_yoga_s940-14iwl_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-14igl05:-:::::::* cpe:2.3:o:lenovo:v130-15igm_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_yoga_s730-13iml_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-11igl05:-:::::::* cpe:2.3:h:lenovo:v130-15ikb:-:::::::* cpe:2.3:o:lenovo:ideapad_flex_5-14alc05_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_flex_5-14alc05:-:::::::* cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_730-13iml:-:::::::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.4 v3 : 6.8

16 Jul 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-16 21:15

Updated : 2024-11-21 06:21

NVD link : CVE-2021-3614

Mitre link : CVE-2021-3614

CVE.ORG link : CVE-2021-3614

JSON object : View

Products Affected

lenovo

ideapad_slim_1-11ast-05_firmware
v330-15isk
ideapad_1-14igl05_firmware
ideapad_s940-14iwl_firmware
ideapad_yoga_s940-14iil
v130-15igm
ideapad_yoga_c940-15irh
300e_2nd_gen
ideapad_yoga_s730-13iml_firmware
ideapad_1-14ada05
ideapad_1-14igl05
100e_2nd_gen_firmware
100e_2nd_gen
ideapad_s940-14iil
ideapad_s940-14iwl
ideapad_s940-14iil_firmware
v330-15isk_firmware
ideapad_1-14ada05_firmware
ideapad_1-11ada05
ideapad_slim_1-11ast-05
ideapad_flex_5-14alc05
ideapad_1-11igl05
ideapad_yoga_s730-13iml
ideapad_slim_1-14ast-05
ideapad_yoga_s940-14iil_firmware
v330-15ikb
ideapad_yoga_c940-15irh_firmware
v130-15ikb
ideapad_flex_5-15alc05_firmware
v330-15ikb_firmware
ideapad_slim_1-14ast-05_firmware
ideapad_yoga_s940-14iwl_firmware
ideapad_flex_5-15alc05
v130-15ikb_firmware
ideapad_730-13iml
ideapad_yoga_s940-14iwl
ideapad_flex_5-14alc05_firmware
300e_2nd_gen_firmware
v130-15igm_firmware
ideapad_1-11igl05_firmware
ideapad_730-13iml_firmware
ideapad_1-11ada05_firmware

CWE

CWE-636

Not Failing Securely ('Failing Open')

NVD-CWE-noinfo

6.4 /10