CVE-2021-3519 MEDIUM

CVE-2021-3519

Vendor Lenovo
Product Desktop BIOS
Weakness CWE-287 · Improper authentication
Published November 12, 2021
Last update August 3, 2024

CVSS base score

6.4/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Key dates

02Disclosure timeline

November 12, 2021 CVE published
August 3, 2024 Record updated