What is CVE-2021-3971?

CVE-2021-3971 is a medium-severity vulnerability in Lenovo Notebook Bios, classified under Active Debug Code. CVSS score: 6.7/10. Published 2022-04-22.

How severe is CVE-2021-3971?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Is CVE-2021-3971 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lenovo Notebook Bios

CVE-2021-3971

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware pro…

EPSS: 0.008 (74.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Notebook Bios — versions various

Weakness classification (CWE)

CWE-489 — Active Debug Code

Public proof-of-concept exploits

fabiobritez/sc2_

References

support.lenovo.com/us/en/product_security/LEN-73440 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3971?: CVE-2021-3971 is a medium-severity vulnerability in Lenovo Notebook Bios, classified under Active Debug Code. CVSS score: 6.7/10. Published 2022-04-22.
How severe is CVE-2021-3971?: Medium severity. CVSS v3 base score is 6.7 out of 10.
Is CVE-2021-3971 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.