CVE & CISA-KEV Catalog

CVE-2021-3519

MEDIUM
6.4
CVSS v3
NVD

Description

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

How to fix

Remediation Available
ideacentre 3-07imb05 firmwareNVD
Affected:< m2vkt18aFixed in:m2vkt18aCVE-2021-3519derived from NVD
ideacentre 5-14imb05 firmwareNVD
Affected:< o4hkt33aFixed in:o4hkt33aCVE-2021-3519derived from NVD
ideacentre 5-14iob6 firmwareNVD
Affected:< m3gkt29aFixed in:m3gkt29aCVE-2021-3519derived from NVD
ideacentre 510s-07icb firmwareNVD
Affected:< m22kt46aFixed in:m22kt46aCVE-2021-3519derived from NVD
ideacentre 510s-07ick firmwareNVD
Affected:< m30kt23aFixed in:m30kt23aCVE-2021-3519derived from NVD
ideacentre c5-14mb05 firmwareNVD
Affected:< o4hkt33aFixed in:o4hkt33aCVE-2021-3519derived from NVD
ideacentre creator 5-14iob6 firmwareNVD
Affected:< m3gkt29aFixed in:m3gkt29aCVE-2021-3519derived from NVD
ideacentre g5-14imb05 firmwareNVD
Affected:< o4hkt33aFixed in:o4hkt33aCVE-2021-3519derived from NVD
ideacentre gaming 5-14iob6 firmwareNVD
Affected:< m3gkt29aFixed in:m3gkt29aCVE-2021-3519derived from NVD
thinkcentre e75 t\/s firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkcentre m60e tiny firmwareNVD
Affected:< m3skt1eaFixed in:m3skt1eaCVE-2021-3519derived from NVD
thinkcentre m630e firmwareNVD
Affected:< m28kt36aFixed in:m28kt36aCVE-2021-3519derived from NVD
thinkcentre m70a gen 2 firmwareNVD
Affected:< m3nkt17aFixed in:m3nkt17aCVE-2021-3519derived from NVD
thinkcentre m70c firmwareNVD
Affected:< m2vkt18aFixed in:m2vkt18aCVE-2021-3519derived from NVD
thinkcentre m70q firmwareNVD
Affected:< m2wkt49aFixed in:m2wkt49aCVE-2021-3519derived from NVD
thinkcentre m70s firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre m70t firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre m710e firmwareNVD
Affected:< m1zkt37aFixed in:m1zkt37aCVE-2021-3519derived from NVD
thinkcentre m710s firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkcentre m710t firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkcentre m720e firmwareNVD
Affected:< m30kt23aFixed in:m30kt23aCVE-2021-3519derived from NVD
thinkcentre m75n firmwareNVD
Affected:< m33kt21aFixed in:m33kt21aCVE-2021-3519derived from NVD
thinkcentre m75s gen 2 firmwareNVD
Affected:< m3akt35aFixed in:m3akt35aCVE-2021-3519derived from NVD
Affected:< m3bkt24aFixed in:m3bkt24aCVE-2021-3519derived from NVD
thinkcentre m75t gen 2 firmwareNVD
Affected:< m3akt35aFixed in:m3akt35aCVE-2021-3519derived from NVD
Affected:< m3bkt24aFixed in:m3bkt24aCVE-2021-3519derived from NVD
thinkcentre m80q firmwareNVD
Affected:< m2wkt49aFixed in:m2wkt49aCVE-2021-3519derived from NVD
thinkcentre m80s firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre m80t firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre m810z firmwareNVD
Affected:< m1ckt47aFixed in:m1ckt47aCVE-2021-3519derived from NVD
thinkcentre m820z firmwareNVD
Affected:< m1nkt57aFixed in:m1nkt57aCVE-2021-3519derived from NVD
thinkcentre m90a firmwareNVD
Affected:< m2rkt47aFixed in:m2rkt47aCVE-2021-3519derived from NVD
thinkcentre m90q tiny firmwareNVD
Affected:< m2wkt49aFixed in:m2wkt49aCVE-2021-3519derived from NVD
thinkcentre m90s firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre m90t firmwareNVD
Affected:< m2tkt3caFixed in:m2tkt3caCVE-2021-3519derived from NVD
thinkcentre qt b415 firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkcentre qt m410 firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkcentre qt m415 firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
thinkstation p340 firmwareNVD
Affected:< s08kt3faFixed in:s08kt3faCVE-2021-3519derived from NVD
thinkstation p340 tiny firmwareNVD
Affected:< m2wkt49aFixed in:m2wkt49aCVE-2021-3519derived from NVD
thinkstation p720 firmwareNVD
Affected:< s04kt54a/s04kt54pFixed in:s04kt54a/s04kt54pCVE-2021-3519derived from NVD
thinkstation p920 firmwareNVD
Affected:< s04kt54a/s04kt54pFixed in:s04kt54a/s04kt54pCVE-2021-3519derived from NVD
v30a-22iml firmwareNVD
Affected:< m37kt26aFixed in:m37kt26aCVE-2021-3519derived from NVD
v50a-22imb firmwareNVD
Affected:< m36kt27aFixed in:m36kt27aCVE-2021-3519derived from NVD
v50a-24imb firmwareNVD
Affected:< m36kt27aFixed in:m36kt27aCVE-2021-3519derived from NVD
v50s-07imb firmwareNVD
Affected:< m2vkt18aFixed in:m2vkt18aCVE-2021-3519derived from NVD
v50t-13imb firmwareNVD
Affected:< o4hkt33aFixed in:o4hkt33aCVE-2021-3519derived from NVD
v50t-13imb g2 firmwareNVD
Affected:< m3gkt29aFixed in:m3gkt29aCVE-2021-3519derived from NVD
v520 firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
v520s firmwareNVD
Affected:< m16kt67aFixed in:m16kt67aCVE-2021-3519derived from NVD
v530-15icr firmwareNVD
Affected:< m2ykt29aFixed in:m2ykt29aCVE-2021-3519derived from NVD
v530s-07icb firmwareNVD
Affected:< m30kt23aFixed in:m30kt23aCVE-2021-3519derived from NVD
v530s-07icr firmwareNVD
Affected:< m30kt23aFixed in:m30kt23aCVE-2021-3519derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityLow
AvailabilityHigh

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

Exploit Intelligence

0.23%probability of exploitation in 30 days
14thpercentile

Low risk: more likely to be exploited than 14% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-287 (Improper Authentication) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-35082Critical9.8100%KEV + RansomFix
CVE-2023-35078Critical9.8100%KEV + RansomFix
CVE-2017-7921Critical9.8100%KEV-
CVE-2024-7593Critical9.8100%KEV-
CVE-2023-46805High8.2100%KEV + Ransom-
CVE-2022-40684Critical9.8100%KEV + RansomFix
Embed a live status badge for CVE-2021-3519
CVE-2021-3519 severity badge

Markdown

[![CVE-2021-3519](https://tridentstack.com/cve/badge/CVE-2021-3519.svg)](https://tridentstack.com/cve/CVE-2021-3519)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-3519"><img src="https://tridentstack.com/cve/badge/CVE-2021-3519.svg" alt="CVE-2021-3519"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.