CVE-2021-3971

EPSS 3.13%
Published 22.04.2022 21:15:09
Last modified 21.11.2024 06:23:15
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Ideapad 3-14ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-14ada05 Version-

Lenovo ≫ Ideapad 3-14ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-14ada6 Version-

Lenovo ≫ Ideapad 3-14alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-14alc6 Version-

Lenovo ≫ Ideapad 3-14are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-14are05 Version-

Lenovo ≫ Ideapad 3-15ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-15ada6 Version-

Lenovo ≫ Ideapad 3-15alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-15alc6 Version-

Lenovo ≫ Ideapad 3-15are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-15are05 Version-

Lenovo ≫ Ideapad 3-15igl05 Firmware Version < dvcn23ww

Lenovo ≫ Ideapad 3-15igl05 Version-

Lenovo ≫ Ideapad 3-17ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-17ada05 Version-

Lenovo ≫ Ideapad 3-17ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-17ada6 Version-

Lenovo ≫ Ideapad 3-17alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-17alc6 Version-

Lenovo ≫ Ideapad 3-17are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-17are05 Version-

Lenovo ≫ Ideapad 3-17iil05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-17iil05 Version-

Lenovo ≫ Ideapad 3-15ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-15ada05 Version-

Lenovo ≫ L3-15itl6 Firmware Version < gfcn23ww

Lenovo ≫ L3-15itl6 Version-

Lenovo ≫ L340-15irh Firmware Version < bgcn35ww

Lenovo ≫ L340-15irh Version-

Lenovo ≫ L340-15iwl Firmware Version < atcn46ww

Lenovo ≫ L340-15iwl Version-

Lenovo ≫ L340-15iwl Touch Firmware Version < atcn46ww

Lenovo ≫ L340-15iwl Touch Version-

Lenovo ≫ L340-17irh Firmware Version < bgcn35ww

Lenovo ≫ L340-17irh Version-

Lenovo ≫ L340-17iwl Firmware Version < atcn46ww

Lenovo ≫ L340-17iwl Version-

Lenovo ≫ Legion 5 Pro-16ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5 Pro-16ach6 Version-

Lenovo ≫ Legion 5 Pro-16ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5 Pro-16ach6h Version-

Lenovo ≫ Legion 5 Pro-16ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5 Pro-16ith6 Version-

Lenovo ≫ Legion 5 Pro-16ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5 Pro-16ith6h Version-

Lenovo ≫ Legion 5-15ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5-15ach6 Version-

Lenovo ≫ Legion 5-15ach6a Firmware Version < g9cn28ww

Lenovo ≫ Legion 5-15ach6a Version-

Lenovo ≫ Legion 5-15ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5-15ach6h Version-

Lenovo ≫ Legion 5-15ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-15ith6 Version-

Lenovo ≫ Legion 5-15ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-15ith6h Version-

Lenovo ≫ Legion 5-17ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5-17ach6 Version-

Lenovo ≫ Legion 5-17ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5-17ach6h Version-

Lenovo ≫ Legion 5-17ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-17ith6 Version-

Lenovo ≫ Legion 5-17ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-17ith6h Version-

Lenovo ≫ Legion 7-16achg6 Firmware Version < gkcn51ww

Lenovo ≫ Legion 7-16achg6 Version-

Lenovo ≫ Legion 7-16ithg6 Firmware Version < gkcn51ww

Lenovo ≫ Legion 7-16ithg6 Version-

Lenovo ≫ Legion Y540-15irh Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-15irh Version-

Lenovo ≫ Legion Y540-15irh-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-15irh-pg0 Version-

Lenovo ≫ Legion Y540-17irh Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-17irh Version-

Lenovo ≫ Legion Y540-17irh-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-17irh-pg0 Version-

Lenovo ≫ Legion Y545 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y545 Version-

Lenovo ≫ Legion Y545-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y545-pg0 Version-

Lenovo ≫ Legion Y7000-2019 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y7000-2019 Version-

Lenovo ≫ Legion Y7000-2019-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y7000-2019-pg0 Version-

Lenovo ≫ S145-14api Firmware Version < bucn31ww

Lenovo ≫ S145-14api Version-

Lenovo ≫ S145-14ast Firmware Version < aycn26ww

Lenovo ≫ S145-14ast Version-

Lenovo ≫ S145-14igm Firmware Version < awcn28ww

Lenovo ≫ S145-14igm Version-

Lenovo ≫ S145-14iil Firmware Version < dkcn54ww

Lenovo ≫ S145-14iil Version-

Lenovo ≫ S145-15api Firmware Version < bucn31ww

Lenovo ≫ S145-15api Version-

Lenovo ≫ S145-15ast Firmware Version < aycn26ww

Lenovo ≫ S145-15ast Version-

Lenovo ≫ S145-15igm Firmware Version < awcn28ww

Lenovo ≫ S145-15igm Version-

Lenovo ≫ S145-15iil Firmware Version < dkcn54ww

Lenovo ≫ S145-15iil Version-

Lenovo ≫ S540-13api Firmware Version < cxcn34ww

Lenovo ≫ S540-13api Version-

Lenovo ≫ V14 G2-acl Firmware Version < glcn43ww

Lenovo ≫ V14 G2-acl Version-

Lenovo ≫ V14-ada Firmware Version < e8cn33ww

Lenovo ≫ V14-ada Version-

Lenovo ≫ V14-are Firmware Version < dzcn42ww

Lenovo ≫ V14-are Version-

Lenovo ≫ V14-igl Firmware Version < dvcn23ww

Lenovo ≫ V14-igl Version-

Lenovo ≫ V14-iil Firmware Version < dkcn54ww

Lenovo ≫ V14-iil Version-

Lenovo ≫ V140-15iwl Firmware Version < atcn46ww

Lenovo ≫ V140-15iwl Version-

Lenovo ≫ V15 G2-alc Firmware Version < glcn43ww

Lenovo ≫ V15 G2-alc Version-

Lenovo ≫ V15-ada Firmware Version < e8cn33ww

Lenovo ≫ V15-ada Version-

Lenovo ≫ V15-igl Firmware Version < dvcn23ww

Lenovo ≫ V15-igl Version-

Lenovo ≫ V15-iil Firmware Version < dkcn54ww

Lenovo ≫ V15-iil Version-

Lenovo ≫ V17-iil Firmware Version < emcn52ww

Lenovo ≫ V17-iil Version-

Lenovo ≫ V340-17iwl Firmware Version < atcn46ww

Lenovo ≫ V340-17iwl Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 D Firmware Version < hecn24ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 D Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Od Firmware Version < hecn24ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Od Version-

Lenovo ≫ Ideapad 3-14iil05 Firmware Version < dvcn23ww

Lenovo ≫ Ideapad 3-14iil05 Version-

Lenovo ≫ Ideapad 3-14igl05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-14igl05 Version-

Lenovo ≫ Ideapad 3-15iil05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-15iil05 Version-

Lenovo ≫ Ideapad 5-15are05 Firmware Version < e7cn44ww

Lenovo ≫ Ideapad 5-15are05 Version-

Lenovo ≫ Ideapad Creator 5-15imh05 Firmware Version < egcn36ww

Lenovo ≫ Ideapad Creator 5-15imh05 Version-

Lenovo ≫ Ideapad Gaming 3-15arh05 Firmware Version < fccn17ww

Lenovo ≫ Ideapad Gaming 3-15arh05 Version-

Lenovo ≫ Ideapad Gaming 3-15imh05 Firmware Version < egcn36ww

Lenovo ≫ Ideapad Gaming 3-15imh05 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.13%	0.863

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

https://support.lenovo.com/us/en/product_security/LEN-73440

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3971

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3971

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3971

EUVD