Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-3972
HistoryApr 22, 2022 - 9:15 p.m.

CVE-2021-3972

2022-04-2221:15:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
83
20
cve-2021-3972
lenovo
bios
vulnerability
nvd
security
nvram
driver

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CPENameOperatorVersion
lenovo:ideapad_3-14ada05_firmwarelenovo ideapad 3-14ada05 firmwarelte8cn33ww
lenovo:ideapad_3-14ada6_firmwarelenovo ideapad 3-14ada6 firmwarelthbcn21ww
lenovo:ideapad_3-14alc6_firmwarelenovo ideapad 3-14alc6 firmwareltglcn43ww
lenovo:ideapad_3-14are05_firmwarelenovo ideapad 3-14are05 firmwareltdzcn42ww
lenovo:ideapad_3-15ada6_firmwarelenovo ideapad 3-15ada6 firmwarelthbcn21ww
lenovo:ideapad_3-15alc6_firmwarelenovo ideapad 3-15alc6 firmwareltglcn43ww
lenovo:ideapad_3-15are05_firmwarelenovo ideapad 3-15are05 firmwareltdzcn42ww
lenovo:ideapad_3-15igl05_firmwarelenovo ideapad 3-15igl05 firmwareltdvcn23ww
lenovo:ideapad_3-17ada05_firmwarelenovo ideapad 3-17ada05 firmwarelte8cn33ww
lenovo:ideapad_3-17ada6_firmwarelenovo ideapad 3-17ada6 firmwarelthbcn21ww
Rows per page:
1-10 of 1051

Social References

More

Related

prion 1
cvelist 1
malwarebytes 1
thn 3
prion
prion
Design/Logic Flaw
2022-04-22 21:15:00
cvelist
cvelist
CVE-2021-3972
2022-04-22 20:30:40
malwarebytes
malwarebytes
Lenovo issues fixes for laptop backdoors
2022-04-21 15:11:05
thn
thn
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
2022-04-19 12:31:00
New UEFI Firmware Vulnerabilities Impact Several Lenovo Notebook Models
2022-07-13 11:47:00
New UEFI Firmware Flaws Reported in Several Lenovo Notebook Models
2022-11-10 06:36:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON
Related for CVE-2021-3972
prion1cvelist1malwarebytes1thn3