What is CVE-2021-3519?

CVE-2021-3519 is a medium-severity vulnerability in Lenovo Desktop Bios, classified under Improper Authentication. CVSS score: 6.4/10. Published 2021-11-12.

How severe is CVE-2021-3519?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Auth bypass in Lenovo Desktop Bios

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

Vulnerability class: Broken Authentication

EPSS: 0.002 (13.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H.

Affected products

Lenovo Desktop Bios — versions various
Lenovo Ideacentre_3-07imb05
Lenovo Ideacentre_3-07imb05_firmware
Lenovo Ideacentre_310s-08igm
Lenovo Ideacentre_310s-08igm_firmware
Lenovo Ideacentre_510a-15arr
Lenovo Ideacentre_510a-15arr_firmware
Lenovo Ideacentre_510s-07icb
Lenovo Ideacentre_510s-07icb_firmware
Lenovo Ideacentre_510s-07ick

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-3519?: CVE-2021-3519 is a medium-severity vulnerability in Lenovo Desktop Bios, classified under Improper Authentication. CVSS score: 6.4/10. Published 2021-11-12.
How severe is CVE-2021-3519?: Medium severity. CVSS v3 base score is 6.4 out of 10.