Skip to main content

Ideacentre C5 14Mb05 Firmware CVE-2021-3519

MEDIUM
Improper Authentication (CWE-287)
2021-11-12 psirt@lenovo.com
Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Imb05 Firmware Ideacentre 5 14Iob6 Firmware Ideacentre Creator 5 14Iob6 Firmware Ideacentre G5 14Imb05 Firmware Ideacentre Gaming 5 14Iob6 Firmware Thinkcentre M60E Tiny Firmware Thinkcentre M630E Firmware Thinkcentre M70A Firmware Thinkcentre M70S Firmware Thinkcentre M70T Firmware Thinkcentre M710E Firmware Thinkcentre M710S Firmware Thinkcentre M710T Firmware Thinkcentre M720E Firmware Thinkcentre M75N Firmware Thinkcentre M75S Gen 2 Firmware Thinkcentre M70A Gen 2 Firmware Thinkcentre M70C Firmware Thinkcentre M70Q Firmware Thinkcentre M75T Gen 2 Firmware Thinkcentre M80Q Firmware Thinkcentre M80S Firmware Thinkcentre M80T Firmware Thinkcentre M810Z Firmware Thinkcentre M820Z Firmware Thinkcentre M90A Firmware Thinkcentre M90Q Tiny Firmware Thinkcentre M90S Firmware Thinkcentre M90T Firmware Thinkcentre Qt M410 Firmware Thinkcentre Qt B415 Firmware Thinkcentre Qt M415 Firmware Thinkcentre E75 T S Firmware Ideacentre 310S 08Igm Firmware Ideacentre 510A 15Arr Firmware Ideacentre 510S 07Icb Firmware Ideacentre 510S 07Ick Firmware V30A 22Iml Firmware V330 Firmware V50A 24Imb Firmware V50S 07Imb Firmware V50A 22Imb Firmware V50T 13Imb Firmware V50T 13Imb G2 Firmware V520 Firmware V520S Firmware V530 15Arr Firmware V530 15Icr Firmware V530S 07Icb Firmware V530S 07Icr Firmware V55T 15Api Firmware Thinkstation P340 Tiny Firmware Thinkstation P340 Firmware Thinkstation P520 Firmware Thinkstation P520C Firmware Thinkstation P720 Firmware Thinkstation P920 Firmware
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 12, 2021 - 22:15 nvd
MEDIUM 6.8

DescriptionNVD

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

AnalysisAI

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Affected products include: Lenovo Ideacentre C5-14Mb05 Firmware, Lenovo Ideacentre 3-07Imb05 Firmware, Lenovo Ideacentre 5-14Imb05 Firmware, Lenovo Ideacentre 5-14Iob6 Firmware, Lenovo Ideacentre Creator 5-14Iob6 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

Share

CVE-2021-3519 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy