6.7
CVE-2021-3452
- EPSS 0.13%
- Published 16.07.2021 21:15:10
- Last modified 21.11.2024 06:21:34
- Source psirt@lenovo.com
- Teams watchlist Login
- Open Login
A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Data is provided by the National Vulnerability Database (NVD)
Lenovo ≫ Bios Version-
Lenovo ≫ Thinkpad 11e 3rd Gen Version-
Lenovo ≫ Thinkpad 11e 4th Gen Version-
Lenovo ≫ Thinkpad 11e 5th Gen Version-
Lenovo ≫ Thinkpad 11e Yoga Gen 6 Version-
Lenovo ≫ Thinkpad 13 Gen 2 Version-
Lenovo ≫ Thinkpad E14 Gen 2 Version-
Lenovo ≫ Thinkpad E15 Gen 2 Version-
Lenovo ≫ Thinkpad L13 Version-
Lenovo ≫ Thinkpad L13 Gen 2 Version-
Lenovo ≫ Thinkpad L13 Yoga Version-
Lenovo ≫ Thinkpad L13 Yogo Gen 2 Version-
Lenovo ≫ Thinkpad L14 Version-
Lenovo ≫ Thinkpad L14 Gen 2 Version-
Lenovo ≫ Thinkpad L15 Version-
Lenovo ≫ Thinkpad L15 Gen 2 Version-
Lenovo ≫ Thinkpad L380 Version-
Lenovo ≫ Thinkpad L380 Yoga Version-
Lenovo ≫ Thinkpad L390 Version-
Lenovo ≫ Thinkpad L390 Yoga Version-
Lenovo ≫ Thinkpad T460 Version-
Lenovo ≫ Thinkpad X12 Detachable Gen 1 Version-
Lenovo ≫ Thinkpad X260 Version-
Lenovo ≫ Thinkpad X380 Yoga Version-
Lenovo ≫ Thinkpad Yoga 11e 3rd Gen Version-
Lenovo ≫ Thinkpad Yoga 11e 4th Gen Version-
Lenovo ≫ Thinkpad Yoga 370 Version-
Lenovo ≫ Bios Version-
Lenovo ≫ Thinkpad 11e 4th Gen Version-
Lenovo ≫ Thinkpad 11e 5th Gen Version-
Lenovo ≫ Thinkpad 11e Yoga Gen 6 Version-
Lenovo ≫ Thinkpad 13 Gen 2 Version-
Lenovo ≫ Thinkpad E14 Gen 2 Version-
Lenovo ≫ Thinkpad E15 Gen 2 Version-
Lenovo ≫ Thinkpad L13 Version-
Lenovo ≫ Thinkpad L13 Gen 2 Version-
Lenovo ≫ Thinkpad L13 Yoga Version-
Lenovo ≫ Thinkpad L13 Yogo Gen 2 Version-
Lenovo ≫ Thinkpad L14 Version-
Lenovo ≫ Thinkpad L14 Gen 2 Version-
Lenovo ≫ Thinkpad L15 Version-
Lenovo ≫ Thinkpad L15 Gen 2 Version-
Lenovo ≫ Thinkpad L380 Version-
Lenovo ≫ Thinkpad L380 Yoga Version-
Lenovo ≫ Thinkpad L390 Version-
Lenovo ≫ Thinkpad L390 Yoga Version-
Lenovo ≫ Thinkpad T460 Version-
Lenovo ≫ Thinkpad X12 Detachable Gen 1 Version-
Lenovo ≫ Thinkpad X260 Version-
Lenovo ≫ Thinkpad X380 Yoga Version-
Lenovo ≫ Thinkpad Yoga 11e 3rd Gen Version-
Lenovo ≫ Thinkpad Yoga 11e 4th Gen Version-
Lenovo ≫ Thinkpad Yoga 370 Version-
Lenovo ≫ Bios Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.286 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@lenovo.com | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.