CVE-2021-3519
MEDIUMLenovo IdeaCentre and ThinkCentre Firmware - Unauthenticated Boot Menu Access via BIOS Password Bypass
Title source: llmDescription
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.lenovo.com/us/en/product_security/LEN-67440
Scores
CVSS v3
6.4
EPSS
0.0003
EPSS Percentile
10.4%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Details
CWE
CWE-287
Status
published
Products (50)
lenovo/ideacentre_3-07imb05_firmware
< m2vkt18a
lenovo/ideacentre_310s-08igm_firmware
< m1tkt31a
lenovo/ideacentre_5-14imb05_firmware
< o4hkt33a
lenovo/ideacentre_5-14iob6_firmware
< m3gkt29a
lenovo/ideacentre_510a-15arr_firmware
< o4dkt41a
lenovo/ideacentre_510s-07icb_firmware
< m22kt46a
lenovo/ideacentre_510s-07ick_firmware
< m30kt24a
lenovo/ideacentre_c5-14mb05_firmware
< o4hkt33a
lenovo/ideacentre_creator_5-14iob6_firmware
< m3gkt29a
lenovo/ideacentre_g5-14imb05_firmware
< o4hkt33a
... and 40 more
Published
Nov 12, 2021
Tracked Since
Feb 18, 2026