CVE-2021-3519

Home/CVE/A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when t

CVE

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when t

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

MEDIUM · CVSS 6.4 EPSS 0.00034

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-287Improper Authentication

▤

Affected Products & Versions

lenovo ideacentre c5-14mb05 firmware< o4hkt33a
lenovo ideacentre 3-07imb05 firmware< m2vkt18a
lenovo ideacentre 5-14imb05 firmware< o4hkt33a
lenovo ideacentre 5-14iob6 firmware< m3gkt29a
lenovo ideacentre creator 5-14iob6 firmware< m3gkt29a
lenovo ideacentre g5-14imb05 firmware< o4hkt33a
lenovo ideacentre gaming 5-14iob6 firmware< m3gkt29a
lenovo thinkcentre m60e tiny firmware< m3skt1ea
Show all 60 affected productslenovo thinkcentre m630e firmware< m28kt36a
lenovo thinkcentre m70a firmware<= m2skt21a
lenovo thinkcentre m70s firmware< m2tkt3ca
lenovo thinkcentre m70t firmware< m2tkt3ca
lenovo thinkcentre m710e firmware< m1zkt37a
lenovo thinkcentre m710s firmware< m16kt67a
lenovo thinkcentre m710t firmware< m16kt67a
lenovo thinkcentre m720e firmware< m30kt23a
lenovo thinkcentre m75n firmware< m33kt21a
lenovo thinkcentre m75s gen 2 firmware< m3bkt24a
lenovo thinkcentre m70a gen 2 firmware< m3nkt17a
lenovo thinkcentre m70c firmware< m2vkt18a
lenovo thinkcentre m70q firmware< m2wkt49a
lenovo thinkcentre m75s gen 2 firmware< m3akt35a
lenovo thinkcentre m75t gen 2 firmware< m3bkt24a
lenovo thinkcentre m75t gen 2 firmware< m3akt35a
lenovo thinkcentre m80q firmware< m2wkt49a
lenovo thinkcentre m80s firmware< m2tkt3ca
lenovo thinkcentre m80t firmware< m2tkt3ca
lenovo thinkcentre m810z firmware< m1ckt47a
lenovo thinkcentre m820z firmware< m1nkt57a
lenovo thinkcentre m90a firmware< m2rkt47a
lenovo thinkcentre m90q tiny firmware< m2wkt49a
lenovo thinkcentre m90s firmware< m2tkt3ca
lenovo thinkcentre m90t firmware< m2tkt3ca
lenovo thinkcentre qt m410 firmware< m16kt67a
lenovo thinkcentre qt b415 firmware< m16kt67a
lenovo thinkcentre qt m415 firmware< m16kt67a
lenovo thinkcentre e75 t\/s firmware< m16kt67a
lenovo ideacentre 310s-08igm firmware<= m1tkt31a
lenovo ideacentre 510a-15arr firmware<= o4dkt41a
lenovo ideacentre 510s-07icb firmware< m22kt46a
lenovo ideacentre 510s-07ick firmware< m30kt24a
lenovo ideacentre 510s-07ick firmware< m30kt23a
lenovo v30a-22iml firmware< m37kt26a
lenovo v330 firmware<= m1tkt32a
lenovo v50a-24imb firmware< m36kt27a
lenovo v50s-07imb firmware< m2vkt18a
lenovo v50a-22imb firmware< m36kt27a
lenovo v50t-13imb firmware< o4hkt33a
lenovo v50t-13imb g2 firmware< m3gkt29a
lenovo v520 firmware< m16kt67a
lenovo v520s firmware< m16kt67a
lenovo v530-15arr firmware<= o4dkt41a
lenovo v530-15icr firmware< m2ykt29a
lenovo v530s-07icb firmware< m30kt23a
lenovo v530s-07icr firmware< m30kt23a
lenovo v55t-15api firmware<= o4dkt41a
lenovo thinkstation p340 tiny firmware< m2wkt49a
lenovo thinkstation p340 firmware< s08kt3fa
lenovo thinkstation p520 firmware<= s03kt49a
lenovo thinkstation p520c firmware<= s03kt49a

▣

Scoring & Timeline

6.4

MEDIUM · CVSS v3.1 · psirt@lenovo.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD12 Nov 2021 · 10:15 PM

CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://support.lenovo.com/us/en/product_security/LEN-67440Vendor Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin