{"containers": {"cna": {"affected": [{"product": "Notebook BIOS", "vendor": "Lenovo", "versions": [{"status": "affected", "version": "various"}]}], "credits": [{"lang": "en", "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-636", "description": "CWE-636 Not Failing Securely ('Failing Open')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-16T20:30:20.000Z", "orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "shortName": "lenovo"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"}], "solutions": [{"lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."}], "source": {"advisory": "LEN-65529", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2021-3614", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Notebook BIOS", "version": {"version_data": [{"version_affected": "=", "version_value": "various"}]}}]}, "vendor_name": "Lenovo"}]}}, "credit": [{"lang": "eng", "value": "Lenovo thanks Tim Boyd, NCC Group for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-636 Not Failing Securely ('Failing Open')"}]}]}, "references": {"reference_data": [{"name": "https://support.lenovo.com/us/en/product_security/LEN-65529", "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"}]}, "solution": [{"lang": "en", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."}], "source": {"advisory": "LEN-65529", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.203Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"}]}]}, "cveMetadata": {"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b", "assignerShortName": "lenovo", "cveId": "CVE-2021-3614", "datePublished": "2021-07-16T20:30:20.000Z", "dateReserved": "2021-06-23T00:00:00.000Z", "dateUpdated": "2024-08-03T17:01:07.203Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_1-11ada05_firmware:fqcn19ww:*:*:*:*:*:*:*", "matchCriteriaId": "D6C2AE3D-0713-4FE2-9C91-327928810471", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_1-11ada05:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7C32B51-6F03-4568-BCDF-D59867AC4723", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_1-14ada05_firmware:fqcn19ww:*:*:*:*:*:*:*", "matchCriteriaId": "CEF2EA27-F4FA-45AB-A65A-CEE457DE32F2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_1-14ada05:-:*:*:*:*:*:*:*", "matchCriteriaId": "41F01C73-2B64-47E4-8A04-27426CCCEFE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:v130-15ikb_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8801CAA7-4677-4263-9AFE-A45271F41D2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E32DEE9B-A1C0-4679-BDE3-21E57977443F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:100e_2nd_gen_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EC0D6C4-3441-4785-B2E6-D32A7E5AE974", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:100e_2nd_gen:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D442B28-EFE9-4819-842F-B0E5CAFB6FE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:300e_2nd_gen_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D9C2961-34AA-4CAC-A889-20DACD51AF22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:300e_2nd_gen:-:*:*:*:*:*:*:*", "matchCriteriaId": "F6D1C808-EB2B-4FDF-AE48-A60331AA2932", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_730-13iml_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6FE7E9D-BEAA-42AA-B504-47E6F5C0AEDA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_730-13iml:-:*:*:*:*:*:*:*", "matchCriteriaId": "438D9742-DB55-428B-92CB-5D0712E4B21C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_flex_5-14alc05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "906BFE2B-7DAD-4503-8F6B-E71FE4CFF453", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_flex_5-14alc05:-:*:*:*:*:*:*:*", "matchCriteriaId": "2810A82D-E927-4CF8-9B3B-97F186AEBC25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_flex_5-15alc05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "79315231-9E83-44BF-96DE-91E4AC9AD15D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_flex_5-15alc05:-:*:*:*:*:*:*:*", "matchCriteriaId": "5395EE56-4C01-46F0-9D6A-F28A51E8CE49", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "522827D6-4928-49B5-B293-61BCB6959134", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*", "matchCriteriaId": "0AC62EEC-713B-4559-8AB7-0B2B0F4D84F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B9AB2D9-0D58-4145-9DDE-23C55B0D0A8C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*", "matchCriteriaId": "076B2AA1-ED0B-47B3-B6E2-FFEBB21220AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6EA58-3B77-428C-8CAE-2A3882D55612", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AA59CAA-1FFF-4E3A-87F5-3F845504C26F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "678FF008-4CB3-42C3-9717-C96CBEE740F4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9DD9308-18A9-49B1-85AD-0D9E9E93FACC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB8BA6E9-F84C-4FEA-8E7C-A61CED49C556", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D758B0-E09A-4D2D-8EF0-954E2FB3426E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9497349B-7024-4FAB-A722-10928995B0D0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA0D718A-2E08-487E-8963-1D4B7491C325", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD79628A-52FD-46F7-A756-B26C61F9F36E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5053055-975C-4074-A9BA-BEB2E055DDEE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:v130-15ikb_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8801CAA7-4677-4263-9AFE-A45271F41D2E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:v130-15ikb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E32DEE9B-A1C0-4679-BDE3-21E57977443F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4C185C13-B791-40ED-B8B8-D654EFFAE804", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*", "matchCriteriaId": "E62FBC6C-7CE6-4143-8E20-A53EBCDA760B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B6561DCB-6CEA-4E92-A517-EBB32B60C594", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*", "matchCriteriaId": "7536DC2F-CCB1-4BF5-A04B-412A35DB1302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_yoga_c940-15irh_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D7C372C-2BB7-4029-B6E9-03FB29C5B007", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_yoga_c940-15irh:-:*:*:*:*:*:*:*", "matchCriteriaId": "1234D01A-8E5E-4F21-BF2B-C431C0EF16A7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4654B180-88B5-4374-B2E6-CD50C916D622", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_yoga_s730-13iml:-:*:*:*:*:*:*:*", "matchCriteriaId": "505B510A-FC5E-453D-B8BE-71402BF3E592", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7183153-6685-4EDE-8F49-7CF3FB8C238B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_yoga_s940-14iil:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FC0480E-6B77-42AB-8F56-9CD52491D96B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lenovo:ideapad_yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E6CCD0E-DA9D-4438-B066-3069A979D79E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lenovo:ideapad_yoga_s940-14iwl:-:*:*:*:*:*:*:*", "matchCriteriaId": "F21457A4-F531-4FD8-9FD5-5C99FC663064", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage."}, {"lang": "es", "value": "Se ha reportado una vulnerabilidad en algunos sistemas de port\u00e1tiles Lenovo que podr\u00eda permitir a un atacante con acceso f\u00edsico elevar los privilegios en determinadas condiciones durante una actualizaci\u00f3n de la BIOS llevada a cabo por Lenovo Vantage"}], "id": "CVE-2021-3614", "lastModified": "2024-11-21T06:21:59.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "psirt@lenovo.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-16T21:15:10.820", "references": [{"source": "psirt@lenovo.com", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.lenovo.com/us/en/product_security/LEN-65529"}], "sourceIdentifier": "psirt@lenovo.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-636"}], "source": "psirt@lenovo.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}