7.2

CVE-2021-3719

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LenovoThinkcentre E93 Firmware Version < fbktdfa
   LenovoThinkcentre E93 Version-
LenovoThinkcentre M600 Firmware Version < m00kt65a
   LenovoThinkcentre M600 Version-
LenovoThinkcentre M700 Tiny Firmware Version < fwktb9a
   LenovoThinkcentre M700 Tiny Version-
LenovoThinkcentre M73 Firmware Version < fhkt86a
   LenovoThinkcentre M73 Version-
LenovoThinkcentre M73p Firmware Version < fbktdfa
   LenovoThinkcentre M73p Version-
LenovoThinkcentre M800 Firmware Version < fwktb9a
   LenovoThinkcentre M800 Version-
LenovoThinkcentre M818z Firmware Version < m1ekt23a
   LenovoThinkcentre M818z Version-
LenovoThinkcentre M83 Firmware Version < fbktdfa
   LenovoThinkcentre M83 Version-
LenovoThinkcentre M900 Firmware Version < fwktb9a
   LenovoThinkcentre M900 Version-
LenovoThinkcentre M900x Firmware Version < fwktb9a
   LenovoThinkcentre M900x Version-
LenovoThinkcentre M93 Firmware Version < fbktdfa
   LenovoThinkcentre M93 Version-
LenovoThinkcentre M93p Firmware Version < fbktdfa
   LenovoThinkcentre M93p Version-
LenovoThinkcentre M4500q Firmware Version < fhkt86a
   LenovoThinkcentre M4500q Version-
LenovoThinkcentre M6500t/s Firmware Version < fbktdfa
   LenovoThinkcentre M6500t/s Version-
LenovoThinkcentre M8500t/s Firmware Version < fbktdfa
   LenovoThinkcentre M8500t/s Version-
LenovoThinkcentre X1 Firmware Version < m0hkt50a
   LenovoThinkcentre X1 Version-
LenovoThinkstation P300 Firmware Version < fbktdfa
   LenovoThinkstation P300 Version-
LenovoThinkstation P500 Firmware Version < a4ktaba
   LenovoThinkstation P500 Version-
LenovoThinkstation P700 Firmware Version < a5ktaba
   LenovoThinkstation P700 Version-
LenovoThinkstation P900 Firmware Version < a6ktaba
   LenovoThinkstation P900 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@lenovo.com 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.