CVE-2021-3972

EPSS 9.72%
Published 22.04.2022 21:15:09
Last modified 21.11.2024 06:23:16
Source psirt@lenovo.com
Teams watchlist Login
Open Login

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Ideapad 3-14ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-14ada05 Version-

Lenovo ≫ Ideapad 3-14ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-14ada6 Version-

Lenovo ≫ Ideapad 3-14alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-14alc6 Version-

Lenovo ≫ Ideapad 3-14are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-14are05 Version-

Lenovo ≫ Ideapad 3-15ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-15ada6 Version-

Lenovo ≫ Ideapad 3-15alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-15alc6 Version-

Lenovo ≫ Ideapad 3-15are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-15are05 Version-

Lenovo ≫ Ideapad 3-15igl05 Firmware Version < dvcn23ww

Lenovo ≫ Ideapad 3-15igl05 Version-

Lenovo ≫ Ideapad 3-17ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-17ada05 Version-

Lenovo ≫ Ideapad 3-17ada6 Firmware Version < hbcn21ww

Lenovo ≫ Ideapad 3-17ada6 Version-

Lenovo ≫ Ideapad 3-17alc6 Firmware Version < glcn43ww

Lenovo ≫ Ideapad 3-17alc6 Version-

Lenovo ≫ Ideapad 3-17are05 Firmware Version < dzcn42ww

Lenovo ≫ Ideapad 3-17are05 Version-

Lenovo ≫ Ideapad 3-17iil05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-17iil05 Version-

Lenovo ≫ Ideapad 3-17itl6 Firmware Version < ggcn33ww

Lenovo ≫ Ideapad 3-17itl6 Version-

Lenovo ≫ Ideapad 3-15ada05 Firmware Version < e8cn33ww

Lenovo ≫ Ideapad 3-15ada05 Version-

Lenovo ≫ L3 15iml05 Firmware Version < ejcn27ww

Lenovo ≫ L3 15iml05 Version-

Lenovo ≫ L3-15itl6 Firmware Version < gfcn23ww

Lenovo ≫ L3-15itl6 Version-

Lenovo ≫ L340-15irh Firmware Version < bgcn35ww

Lenovo ≫ L340-15irh Version-

Lenovo ≫ L340-15iwl Firmware Version < atcn46ww

Lenovo ≫ L340-15iwl Version-

Lenovo ≫ L340-15iwl Touch Firmware Version < atcn46ww

Lenovo ≫ L340-15iwl Touch Version-

Lenovo ≫ L340-17irh Firmware Version < bgcn35ww

Lenovo ≫ L340-17irh Version-

Lenovo ≫ L340-17iwl Firmware Version < atcn46ww

Lenovo ≫ L340-17iwl Version-

Lenovo ≫ Legion 5 Pro-16ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5 Pro-16ach6 Version-

Lenovo ≫ Legion 5 Pro-16ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5 Pro-16ach6h Version-

Lenovo ≫ Legion 5 Pro-16ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5 Pro-16ith6 Version-

Lenovo ≫ Legion 5 Pro-16ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5 Pro-16ith6h Version-

Lenovo ≫ Legion 5-15ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5-15ach6 Version-

Lenovo ≫ Legion 5-15ach6a Firmware Version < g9cn28ww

Lenovo ≫ Legion 5-15ach6a Version-

Lenovo ≫ Legion 5-15ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5-15ach6h Version-

Lenovo ≫ Legion 5-15imh6 Firmware Version < g8cn19ww

Lenovo ≫ Legion 5-15imh6 Version-

Lenovo ≫ Legion 5-15ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-15ith6 Version-

Lenovo ≫ Legion 5-15ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-15ith6h Version-

Lenovo ≫ Legion 5-17ach6 Firmware Version < hhcn25ww

Lenovo ≫ Legion 5-17ach6 Version-

Lenovo ≫ Legion 5-17ach6h Firmware Version < gkcn51ww

Lenovo ≫ Legion 5-17ach6h Version-

Lenovo ≫ Legion 5-17ith6 Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-17ith6 Version-

Lenovo ≫ Legion 5-17ith6h Firmware Version < h1cn46ww

Lenovo ≫ Legion 5-17ith6h Version-

Lenovo ≫ Legion 7-16achg6 Firmware Version < gkcn51ww

Lenovo ≫ Legion 7-16achg6 Version-

Lenovo ≫ Legion 7-16ithg6 Firmware Version < gkcn51ww

Lenovo ≫ Legion 7-16ithg6 Version-

Lenovo ≫ Legion S7-15ach6 Firmware Version < hacn35ww

Lenovo ≫ Legion S7-15ach6 Version-

Lenovo ≫ Legion Y540-15irh Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-15irh Version-

Lenovo ≫ Legion Y540-15irh-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-15irh-pg0 Version-

Lenovo ≫ Legion Y540-17irh Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-17irh Version-

Lenovo ≫ Legion Y540-17irh-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y540-17irh-pg0 Version-

Lenovo ≫ Legion Y545 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y545 Version-

Lenovo ≫ Legion Y545-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y545-pg0 Version-

Lenovo ≫ Legion Y7000-2019 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y7000-2019 Version-

Lenovo ≫ Legion Y7000-2019-pg0 Firmware Version < bhcn44ww

Lenovo ≫ Legion Y7000-2019-pg0 Version-

Lenovo ≫ S14 G2 Itl Firmware Version < ggcn33ww

Lenovo ≫ S14 G2 Itl Version-

Lenovo ≫ S145-14api Firmware Version < bucn31ww

Lenovo ≫ S145-14api Version-

Lenovo ≫ S145-14ast Firmware Version < aycn26ww

Lenovo ≫ S145-14ast Version-

Lenovo ≫ S145-14igm Firmware Version < awcn28ww

Lenovo ≫ S145-14igm Version-

Lenovo ≫ S145-14iil Firmware Version < dkcn54ww

Lenovo ≫ S145-14iil Version-

Lenovo ≫ S145-15api Firmware Version < bucn31ww

Lenovo ≫ S145-15api Version-

Lenovo ≫ S145-15ast Firmware Version < aycn26ww

Lenovo ≫ S145-15ast Version-

Lenovo ≫ S145-15igm Firmware Version < awcn28ww

Lenovo ≫ S145-15igm Version-

Lenovo ≫ S145-15iil Firmware Version < dkcn54ww

Lenovo ≫ S145-15iil Version-

Lenovo ≫ S540-13api Firmware Version < cxcn34ww

Lenovo ≫ S540-13api Version-

Lenovo ≫ S540-13iml Firmware Version-

Lenovo ≫ S540-13iml Version-

Lenovo ≫ Slim 7 Pro-14ihu5 Firmware Version-

Lenovo ≫ Slim 7 Pro-14ihu5 Version-

Lenovo ≫ Slim 9-14itl05 Firmware Version-

Lenovo ≫ Slim 9-14itl05 Version-

Lenovo ≫ V14 G1-iml Firmware Version < dxcn41ww

Lenovo ≫ V14 G1-iml Version-

Lenovo ≫ V14 G2-acl Firmware Version < glcn43ww

Lenovo ≫ V14 G2-acl Version-

Lenovo ≫ V14 G2-itl Firmware Version < ggcn33ww

Lenovo ≫ V14 G2-itl Version-

Lenovo ≫ V14-ada Firmware Version < e8cn33ww

Lenovo ≫ V14-ada Version-

Lenovo ≫ V14-are Firmware Version < dzcn42ww

Lenovo ≫ V14-are Version-

Lenovo ≫ V14-igl Firmware Version < dvcn23ww

Lenovo ≫ V14-igl Version-

Lenovo ≫ V14-iil Firmware Version < dkcn54ww

Lenovo ≫ V14-iil Version-

Lenovo ≫ V140-15iwl Firmware Version < atcn46ww

Lenovo ≫ V140-15iwl Version-

Lenovo ≫ V15 G1-iml Firmware Version < dxcn41ww

Lenovo ≫ V15 G1-iml Version-

Lenovo ≫ V15 G2-alc Firmware Version < glcn43ww

Lenovo ≫ V15 G2-alc Version-

Lenovo ≫ V15 G2-itl Firmware Version < ggcn33ww

Lenovo ≫ V15 G2-itl Version-

Lenovo ≫ V15-ada Firmware Version < e8cn33ww

Lenovo ≫ V15-ada Version-

Lenovo ≫ V15-igl Firmware Version < dvcn23ww

Lenovo ≫ V15-igl Version-

Lenovo ≫ V15-iil Firmware Version < dkcn54ww

Lenovo ≫ V15-iil Version-

Lenovo ≫ V17 G2-itl Firmware Version < ggcn33ww

Lenovo ≫ V17 G2-itl Version-

Lenovo ≫ V17-iil Firmware Version < emcn52ww

Lenovo ≫ V17-iil Version-

Lenovo ≫ V340-17iwl Firmware Version < atcn46ww

Lenovo ≫ V340-17iwl Version-

Lenovo ≫ Yoga 7-14acn6 Firmware Version < h9cn26ww

Lenovo ≫ Yoga 7-14acn6 Version-

Lenovo ≫ Yoga C740-14iml Firmware Version < bncn44ww

Lenovo ≫ Yoga C740-14iml Version-

Lenovo ≫ Yoga C740-15iml Firmware Version < bncn44ww

Lenovo ≫ Yoga C740-15iml Version-

Lenovo ≫ Yoga C940-14iil Firmware Version-

Lenovo ≫ Yoga C940-14iil Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 D Firmware Version < hecn24ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 D Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Firmware Version < gzcn27ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 O Firmware Version < gzcn27ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 O Version-

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Od Firmware Version < hecn24ww

Lenovo ≫ Yoga Slim 7 Pro-14ach5 Od Version-

Lenovo ≫ Yoga Slim 7 Pro-14arh5 Firmware Version < g7cn21ww

Lenovo ≫ Yoga Slim 7 Pro-14arh5 Version-

Lenovo ≫ Yoga Slim 7 Pro-14ihu5 Firmware Version-

Lenovo ≫ Yoga Slim 7 Pro-14ihu5 Version-

Lenovo ≫ Yoga Slim 7 Pro-14ihu5 O Firmware Version-

Lenovo ≫ Yoga Slim 7 Pro-14ihu5 O Version-

Lenovo ≫ Yoga Slim 7 Pro-14itl5 Firmware Version-

Lenovo ≫ Yoga Slim 7 Pro-14itl5 Version-

Lenovo ≫ Yoga Slim 9-14itl05 Firmware Version-

Lenovo ≫ Yoga Slim 9-14itl05 Version-

Lenovo ≫ Ideapad 3-14iil05 Firmware Version < dvcn23ww

Lenovo ≫ Ideapad 3-14iil05 Version-

Lenovo ≫ Ideapad 3-14igl05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-14igl05 Version-

Lenovo ≫ Ideapad 3-14iml05 Firmware Version < dxcn41ww

Lenovo ≫ Ideapad 3-14iml05 Version-

Lenovo ≫ Ideapad 3-14itl05 Firmware Version < gccn26ww

Lenovo ≫ Ideapad 3-14itl05 Version-

Lenovo ≫ Ideapad 3-14itl6 Firmware Version < ggcn33ww

Lenovo ≫ Ideapad 3-14itl6 Version-

Lenovo ≫ Ideapad 3-15iil05 Firmware Version < emcn52ww

Lenovo ≫ Ideapad 3-15iil05 Version-

Lenovo ≫ Ideapad 3-15iml05 Firmware Version < dxcn41ww

Lenovo ≫ Ideapad 3-15iml05 Version-

Lenovo ≫ Ideapad 3-15itl05 Firmware Version < gccn26ww

Lenovo ≫ Ideapad 3-15itl05 Version-

Lenovo ≫ Ideapad 3-15itl6 Firmware Version < ggcn33ww

Lenovo ≫ Ideapad 3-15itl6 Version-

Lenovo ≫ Ideapad 3-17iml05 Firmware Version < dxcn41ww

Lenovo ≫ Ideapad 3-17iml05 Version-

Lenovo ≫ Ideapad 5-15are05 Firmware Version < e7cn44ww

Lenovo ≫ Ideapad 5-15are05 Version-

Lenovo ≫ Ideapad 5-15iil05 Firmware Version < dpcn54ww

Lenovo ≫ Ideapad 5-15iil05 Version-

Lenovo ≫ Ideapad Creator 5-15imh05 Firmware Version < egcn36ww

Lenovo ≫ Ideapad Creator 5-15imh05 Version-

Lenovo ≫ Ideapad Gaming 3-15arh05 Firmware Version < fccn17ww

Lenovo ≫ Ideapad Gaming 3-15arh05 Version-

Lenovo ≫ Ideapad Gaming 3-15imh05 Firmware Version < egcn36ww

Lenovo ≫ Ideapad Gaming 3-15imh05 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.72%	0.926

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

https://support.lenovo.com/us/en/product_security/LEN-73440

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3972

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3972

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3972

EUVD