CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Published: Nov 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3519
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
lenovo / ideacentre_c5-14mb05_firmware	-	o4hkt33a
lenovo / ideacentre_3-07imb05_firmware	-	m2vkt18a
lenovo / ideacentre_5-14imb05_firmware	-	o4hkt33a
lenovo / ideacentre_5-14iob6_firmware	-	m3gkt29a
lenovo / ideacentre_creator_5-14iob6_firmware	-	m3gkt29a
lenovo / ideacentre_g5-14imb05_firmware	-	o4hkt33a
lenovo / ideacentre_gaming_5-14iob6_firmware	-	m3gkt29a
lenovo / thinkcentre_m60e_tiny_firmware	-	m3skt1ea
lenovo / thinkcentre_m630e_firmware	-	m28kt36a
lenovo / thinkcentre_m70a_firmware	-	m2skt21a.x
lenovo / thinkcentre_m70s_firmware	-	m2tkt3ca
lenovo / thinkcentre_m70t_firmware	-	m2tkt3ca
lenovo / thinkcentre_m710e_firmware	-	m1zkt37a
lenovo / thinkcentre_m710s_firmware	-	m16kt67a
lenovo / thinkcentre_m710t_firmware	-	m16kt67a
lenovo / thinkcentre_m720e_firmware	-	m30kt23a
lenovo / thinkcentre_m75n_firmware	-	m33kt21a
lenovo / thinkcentre_m75s_gen_2_firmware	-	m3bkt24a
lenovo / thinkcentre_m70a_gen_2_firmware	-	m3nkt17a
lenovo / thinkcentre_m70c_firmware	-	m2vkt18a
lenovo / thinkcentre_m70q_firmware	-	m2wkt49a
lenovo / thinkcentre_m75s_gen_2_firmware	-	m3akt35a
lenovo / thinkcentre_m75t_gen_2_firmware	-	m3bkt24a
lenovo / thinkcentre_m75t_gen_2_firmware	-	m3akt35a
lenovo / thinkcentre_m80q_firmware	-	m2wkt49a
lenovo / thinkcentre_m80s_firmware	-	m2tkt3ca
lenovo / thinkcentre_m80t_firmware	-	m2tkt3ca
lenovo / thinkcentre_m810z_firmware	-	m1ckt47a
lenovo / thinkcentre_m820z_firmware	-	m1nkt57a
lenovo / thinkcentre_m90a_firmware	-	m2rkt47a
lenovo / thinkcentre_m90q_tiny_firmware	-	m2wkt49a
lenovo / thinkcentre_m90s_firmware	-	m2tkt3ca
lenovo / thinkcentre_m90t_firmware	-	m2tkt3ca
lenovo / thinkcentre_qt_m410_firmware	-	m16kt67a
lenovo / thinkcentre_qt_b415_firmware	-	m16kt67a
lenovo / thinkcentre_qt_m415_firmware	-	m16kt67a
lenovo / thinkcentre_e75_t/s_firmware	-	m16kt67a
lenovo / ideacentre_310s-08igm_firmware	-	m1tkt31a.x
lenovo / ideacentre_510a-15arr_firmware	-	o4dkt41a.x
lenovo / ideacentre_510s-07icb_firmware	-	m22kt46a
lenovo / ideacentre_510s-07ick_firmware	-	m30kt24a
lenovo / ideacentre_510s-07ick_firmware	-	m30kt23a
lenovo / v30a-22iml_firmware	-	m37kt26a
lenovo / v330_firmware	-	m1tkt32a.x
lenovo / v50a-24imb_firmware	-	m36kt27a
lenovo / v50s-07imb_firmware	-	m2vkt18a
lenovo / v50a-22imb_firmware	-	m36kt27a
lenovo / v50t-13imb_firmware	-	o4hkt33a
lenovo / v50t-13imb_g2_firmware	-	m3gkt29a
lenovo / v520_firmware	-	m16kt67a
lenovo / v520s_firmware	-	m16kt67a
lenovo / v530-15arr_firmware	-	o4dkt41a.x
lenovo / v530-15icr_firmware	-	m2ykt29a
lenovo / v530s-07icb_firmware	-	m30kt23a
lenovo / v530s-07icr_firmware	-	m30kt23a
lenovo / v55t-15api_firmware	-	o4dkt41a.x
lenovo / thinkstation_p340_tiny_firmware	-	m2wkt49a
lenovo / thinkstation_p340_firmware	-	s08kt3fa
lenovo / thinkstation_p520_firmware	-	s03kt49a.x
lenovo / thinkstation_p520c_firmware	-	s03kt49a.x
lenovo / thinkstation_p720_firmware	-	s04kt54a\/s04kt54p
lenovo / thinkstation_p920_firmware	-	s04kt54a\/s04kt54p

https://support.lenovo.com/us/en/product_security/LEN-67440

Vulnerability Database

CVE-2021-3519

Deep Security Visibility Without the Complexity