Improper input validation in Lenovo Thinkcentre And Thinkstation Bios
CVE-2021-3719
A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.002 (15.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Lenovo Thinkcentre And Thinkstation Bios — versions various
- Lenovo Thinkcentre_e93
- Lenovo Thinkcentre_e93_firmware
- Lenovo Thinkcentre_m4500q
- Lenovo Thinkcentre_m4500q_firmware
- Lenovo Thinkcentre_m600
- Lenovo Thinkcentre_m600_firmware
- Lenovo Thinkcentre_m6500t\/s
- Lenovo Thinkcentre_m6500t\/s_firmware
- Lenovo Thinkcentre_m700_tiny
Weakness classification (CWE)
References
- psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-3719?
- CVE-2021-3719 is a medium-severity vulnerability in Lenovo Thinkcentre And Thinkstation Bios, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2021-11-12.
- How severe is CVE-2021-3719?
- Medium severity. CVSS v3 base score is 6.7 out of 10.