What is CVE-2021-3972?

CVE-2021-3972 is a medium-severity vulnerability in Lenovo Notebook Bios, classified under Active Debug Code. CVSS score: 6.7/10. Published 2022-04-22.

How severe is CVE-2021-3972?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Is CVE-2021-3972 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Lenovo Notebook Bios

CVE-2021-3972

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modi…

EPSS: 0.032 (87.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo Notebook Bios — versions various

Weakness classification (CWE)

CWE-489 — Active Debug Code

Public proof-of-concept exploits

References

support.lenovo.com/us/en/product_security/LEN-73440 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-3972?: CVE-2021-3972 is a medium-severity vulnerability in Lenovo Notebook Bios, classified under Active Debug Code. CVSS score: 6.7/10. Published 2022-04-22.
How severe is CVE-2021-3972?: Medium severity. CVSS v3 base score is 6.7 out of 10.
Is CVE-2021-3972 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.