6.8

CVE-2021-3614

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoIdeapad 1-11ada05 Firmware Versionfqcn19ww
   LenovoIdeapad 1-11ada05 Version-
LenovoIdeapad 1-14ada05 Firmware Versionfqcn19ww
   LenovoIdeapad 1-14ada05 Version-
LenovoV130-15ikb Firmware Version-
   LenovoV130-15ikb Version-
Lenovo100e 2nd Gen Firmware Version-
   Lenovo100e 2nd Gen Version-
Lenovo300e 2nd Gen Firmware Version-
   Lenovo300e 2nd Gen Version-
LenovoIdeapad 730-13iml Firmware Version-
   LenovoIdeapad 730-13iml Version-
LenovoIdeapad 1-11igl05 Firmware Version-
   LenovoIdeapad 1-11igl05 Version-
LenovoIdeapad 1-14igl05 Firmware Version-
   LenovoIdeapad 1-14igl05 Version-
LenovoV130-15igm Firmware Version-
   LenovoV130-15igm Version-
LenovoV130-15ikb Firmware Version-
   LenovoV130-15ikb Version-
LenovoV330-15ikb Firmware Version-
   LenovoV330-15ikb Version-
LenovoV330-15isk Firmware Version-
   LenovoV330-15isk Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.113
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
psirt@lenovo.com 6.4 0.5 5.9
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-636 Not Failing Securely ('Failing Open')

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.