Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-3970
HistoryApr 22, 2022 - 9:15 p.m.

CVE-2021-3970

2022-04-2221:15:00
CWE-20
[email protected]
web.nvd.nist.gov
58
20
cve-2021-3970
lenovovariable smi handler
bios
vulnerability
lenovo notebook
arbitrary code execution

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code.

CPENameOperatorVersion
lenovo:ideapad_3-14ada05_firmwarelenovo ideapad 3-14ada05 firmwarelte8cn33ww
lenovo:ideapad_3-14ada6_firmwarelenovo ideapad 3-14ada6 firmwarelthbcn21ww
lenovo:ideapad_3-14alc6_firmwarelenovo ideapad 3-14alc6 firmwareltglcn43ww
lenovo:ideapad_3-14are05_firmwarelenovo ideapad 3-14are05 firmwareltdzcn42ww
lenovo:ideapad_3-15ada6_firmwarelenovo ideapad 3-15ada6 firmwarelthbcn21ww
lenovo:ideapad_3-15alc6_firmwarelenovo ideapad 3-15alc6 firmwareltglcn43ww
lenovo:ideapad_3-15are05_firmwarelenovo ideapad 3-15are05 firmwareltdzcn42ww
lenovo:ideapad_3-15igl05_firmwarelenovo ideapad 3-15igl05 firmwareltdvcn23ww
lenovo:ideapad_3-17ada05_firmwarelenovo ideapad 3-17ada05 firmwarelte8cn33ww
lenovo:ideapad_3-17ada6_firmwarelenovo ideapad 3-17ada6 firmwarelthbcn21ww
Rows per page:
1-10 of 1051

Social References

More

Related

cvelist 1
prion 1
malwarebytes 1
thn 3
cvelist
cvelist
CVE-2021-3970
2022-04-22 20:30:37
prion
prion
Input validation
2022-04-22 21:15:00
malwarebytes
malwarebytes
Lenovo issues fixes for laptop backdoors
2022-04-21 15:11:05
thn
thn
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
2022-04-19 12:31:00
New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models
2022-07-13 11:47:00
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
2022-11-10 06:36:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for CVE-2021-3970
cvelist1prion1malwarebytes1thn3