What is CVE-2021-3599?

CVE-2021-3599 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2021-11-12.

How severe is CVE-2021-3599?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Improper input validation in Lenovo Thinkpad Bios

CVE-2021-3599

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Thinkpad Bios — versions various

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

support.lenovo.com/us/en/product_security/LEN-67440 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3599?: CVE-2021-3599 is a medium-severity vulnerability in Lenovo Thinkpad Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2021-11-12.
How severe is CVE-2021-3599?: Medium severity. CVSS v3 base score is 6.7 out of 10.