CVE-2021-4211

EPSS 0.04%
Veröffentlicht 22.04.2022 21:15:10
Zuletzt bearbeitet 21.11.2024 06:37:09
Quelle psirt@lenovo.com
Teams Watchlist Login
Unerledigt Login

A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lenovo ≫ A340-22icb Firmware Version-

Lenovo ≫ A340-22icb Version-

Lenovo ≫ A340-22ick Firmware Version-

Lenovo ≫ A340-22ick Version-

Lenovo ≫ A340-24icb Firmware Version-

Lenovo ≫ A340-24icb Version-

Lenovo ≫ A340-24ick Firmware Version-

Lenovo ≫ A340-24ick Version-

Lenovo ≫ A540-24icb Firmware Version-

Lenovo ≫ A540-24icb Version-

Lenovo ≫ A540-27icb Firmware Version-

Lenovo ≫ A540-27icb Version-

Lenovo ≫ Ideacentre 5-14iob6 Firmware Version-

Lenovo ≫ Ideacentre 5-14iob6 Version-

Lenovo ≫ Ideacentre 510s-07icb Firmware Version-

Lenovo ≫ Ideacentre 510s-07icb Version-

Lenovo ≫ Ideacentre 510s-07ick Firmware Version-

Lenovo ≫ Ideacentre 510s-07ick Version-

Lenovo ≫ Ideacentre Aio 3-22ada6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22ada6 Version-

Lenovo ≫ Ideacentre Aio 3-22iil5 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22iil5 Version-

Lenovo ≫ Ideacentre Aio 3-22itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-22itl6 Version-

Lenovo ≫ Ideacentre Aio 3-24ada6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24ada6 Version-

Lenovo ≫ Ideacentre Aio 3-24iil5 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24iil5 Version-

Lenovo ≫ Ideacentre Aio 3-24itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-24itl6 Version-

Lenovo ≫ Ideacentre Aio 3-27itl6 Firmware Version-

Lenovo ≫ Ideacentre Aio 3-27itl6 Version-

Lenovo ≫ Ideacentre Creator 5-14iob6 Firmware Version-

Lenovo ≫ Ideacentre Creator 5-14iob6 Version-

Lenovo ≫ Ideacentre Gaming 5-14iob6 Firmware Version-

Lenovo ≫ Ideacentre Gaming 5-14iob6 Version-

Lenovo ≫ Se30 Firmware Version-

Lenovo ≫ Se30 Version-

Lenovo ≫ Thinkcentre M600 Firmware Version-

Lenovo ≫ Thinkcentre M600 Version-

Lenovo ≫ Thinkcentre M700 Tiny Firmware Version-

Lenovo ≫ Thinkcentre M700 Tiny Version-

Lenovo ≫ Thinkcentre M70a Firmware Version-

Lenovo ≫ Thinkcentre M70a Version-

Lenovo ≫ Thinkcentre M710e Firmware Version-

Lenovo ≫ Thinkcentre M710e Version-

Lenovo ≫ Thinkcentre M710q Firmware Version-

Lenovo ≫ Thinkcentre M710q Version-

Lenovo ≫ Thinkcentre M710q (10yc) Firmware Version-

Lenovo ≫ Thinkcentre M710q (10yc) Version-

Lenovo ≫ Thinkcentre M710s Firmware Version-

Lenovo ≫ Thinkcentre M710s Version-

Lenovo ≫ Thinkcentre M710t Firmware Version-

Lenovo ≫ Thinkcentre M710t Version-

Lenovo ≫ Thinkcentre M720e Firmware Version-

Lenovo ≫ Thinkcentre M720e Version-

Lenovo ≫ Thinkcentre M75n Firmware Version-

Lenovo ≫ Thinkcentre M75n Version-

Lenovo ≫ Thinkcentre M800 Firmware Version-

Lenovo ≫ Thinkcentre M800 Version-

Lenovo ≫ Thinkcentre M810z Firmware Version-

Lenovo ≫ Thinkcentre M810z Version-

Lenovo ≫ Thinkcentre M820z Firmware Version-

Lenovo ≫ Thinkcentre M820z Version-

Lenovo ≫ Thinkcentre M900 Firmware Version-

Lenovo ≫ Thinkcentre M900 Version-

Lenovo ≫ Thinkcentre M900x Firmware Version-

Lenovo ≫ Thinkcentre M900x Version-

Lenovo ≫ Thinkcentre M90a (gen 2) Firmware Version-

Lenovo ≫ Thinkcentre M90a (gen 2) Version-

Lenovo ≫ Thinkcentre M910q Firmware Version-

Lenovo ≫ Thinkcentre M910q Version-

Lenovo ≫ Thinkcentre M910s Firmware Version-

Lenovo ≫ Thinkcentre M910s Version-

Lenovo ≫ Thinkcentre M910t Firmware Version-

Lenovo ≫ Thinkcentre M910t Version-

Lenovo ≫ Thinkcentre M910x Firmware Version-

Lenovo ≫ Thinkcentre M910x Version-

Lenovo ≫ Thinkstation P310 Firmware Version-

Lenovo ≫ Thinkstation P310 Version-

Lenovo ≫ Thinkstation P320 Firmware Version-

Lenovo ≫ Thinkstation P320 Version-

Lenovo ≫ Thinkstation P320 Tiny Firmware Version-

Lenovo ≫ Thinkstation P320 Tiny Version-

Lenovo ≫ V30a-22iml Firmware Version-

Lenovo ≫ V30a-22iml Version-

Lenovo ≫ V30a-24iml Firmware Version-

Lenovo ≫ V30a-24iml Version-

Lenovo ≫ V410z Firmware Version-

Lenovo ≫ V410z Version-

Lenovo ≫ V50t-13iob G2 Firmware Version-

Lenovo ≫ V50t-13iob G2 Version-

Lenovo ≫ V520 Firmware Version-

Lenovo ≫ V520 Version-

Lenovo ≫ V520s Firmware Version-

Lenovo ≫ V520s Version-

Lenovo ≫ V530-15icb Firmware Version-

Lenovo ≫ V530-15icb Version-

Lenovo ≫ V530-15icr Firmware Version-

Lenovo ≫ V530-15icr Version-

Lenovo ≫ V530s-07icb Firmware Version-

Lenovo ≫ V530s-07icb Version-

Lenovo ≫ V530s-07icr Firmware Version-

Lenovo ≫ V530s-07icr Version-

Lenovo ≫ V540-24iwl Firmware Version-

Lenovo ≫ V540-24iwl Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.108

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@lenovo.com	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://support.lenovo.com/us/en/product_security/LEN-77639

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-4211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4211

EUVD