CVE-2021-3519
First published: Fri Nov 12 2021(Updated: )
A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.
Credit: psirt@lenovo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lenovo Ideacentre C5-14MB05 | <o4hkt33a | |
| Lenovo Ideacentre C5-14MB05 Firmware | ||
| Lenovo ideacentre 3-07imb05 firmware | <m2vkt18a | |
| Lenovo ideacentre 3-07imb05 | ||
| Lenovo ideacentre 5-14imb05 firmware | <o4hkt33a | |
| Lenovo ideacentre 5-14imb05 | ||
| Lenovo Ideacentre Gaming 5-14iob6 | <m3gkt29a | |
| Lenovo Ideacentre Creator 5-14iob6 | ||
| Lenovo Ideacentre Creator 5-14iob6 Firmware | <m3gkt29a | |
| Lenovo Ideacentre Creator 5-14iob6 | ||
| Lenovo ideacentre g5-14imb05 firmware | <o4hkt33a | |
| Lenovo ideacentre g5-14imb05 | ||
| Lenovo Ideacentre Gaming 5-14iob6 | <m3gkt29a | |
| Lenovo Ideacentre Gaming 5-14iob6 Firmware | ||
| Lenovo ThinkCentre M60e Tiny | <m3skt1ea | |
| Lenovo ThinkCentre M60e Tiny | ||
| Lenovo ThinkCentre M630e | <m28kt36a | |
| Lenovo ThinkCentre M630e | ||
| Lenovo ThinkCentre M70a | <=m2skt21a | |
| Lenovo ThinkCentre M70a Gen 3 | ||
| Lenovo ThinkCentre M70s Firmware | <m2tkt3ca | |
| Lenovo ThinkCentre M70s | ||
| Lenovo ThinkCentre M70t | <m2tkt3ca | |
| Lenovo ThinkCentre M70t | ||
| Lenovo thinkcentre m710e firmware | <m1zkt37a | |
| Lenovo Ideacentre M710e | ||
| Lenovo thinkcentre m710s firmware | <m16kt67a | |
| Lenovo thinkcentre m710s | ||
| Lenovo Ideacentre M710t Firmware | <m16kt67a | |
| Lenovo thinkcentre m710t | ||
| Lenovo ThinkCentre M720e | <m30kt23a | |
| Lenovo ThinkCentre M720e | ||
| Lenovo Thinkcentre M75n | <m33kt21a | |
| Lenovo Thinkcentre M75n | ||
| Lenovo Ideacentre M75s Gen 2 Firmware | <m3bkt24a | |
| Lenovo Ideacentre M75s Gen 2 Firmware | ||
| Lenovo Thinkcentre M70a Gen 2 | <m3nkt17a | |
| Lenovo Thinkcentre M70a Gen 2 | ||
| Lenovo Thinkcentre M70c Firmware | <m2vkt18a | |
| Lenovo ThinkCentre M70c | ||
| Lenovo Thinkcentre M70q Firmware | <m2wkt49a | |
| Lenovo Thinkcentre M70q Firmware | ||
| Lenovo Ideacentre M75s Gen 2 Firmware | <m3akt35a | |
| Lenovo Ideacentre M75t Gen 2 | <m3bkt24a | |
| Lenovo Thinkcentre M75t Gen 2 Firmware | ||
| Lenovo Ideacentre M75t Gen 2 | <m3akt35a | |
| Lenovo Ideacentre M80q | <m2wkt49a | |
| Lenovo Ideacentre M80q | ||
| Lenovo Ideacentre M80s Firmware | <m2tkt3ca | |
| Lenovo ThinkCentre M80s Gen 3 | ||
| Lenovo ThinkCentre M80t Firmware | <m2tkt3ca | |
| Lenovo ThinkCentre M80t Gen 3 | ||
| Lenovo ThinkCentre M810z All-in-One Firmware | <m1ckt47a | |
| Lenovo ThinkCentre M810z All-in-One | ||
| Lenovo Thinkcentre M820z All-in-one | <m1nkt57a | |
| Lenovo Thinkcentre M820z All-in-one | ||
| Lenovo Thinkcentre M90a Gen 2 Firmware | <m2rkt47a | |
| Lenovo ThinkCentre M90a Tiny | ||
| Lenovo Ideacentre M90q Tiny Firmware | <m2wkt49a | |
| Lenovo ThinkCentre M90a Tiny | ||
| Lenovo ThinkCentre M90s Firmware | <m2tkt3ca | |
| Lenovo ThinkCentre M90s Gen 3 | ||
| Lenovo Thinkcentre M90t Firmware | <m2tkt3ca | |
| Lenovo ThinkCentre M90t Gen 3 | ||
| Lenovo ThinkCentre QT M410 | <m16kt67a | |
| Lenovo ThinkCentre QT M410 Firmware | ||
| Lenovo ThinkCentre QT B415 Firmware | <m16kt67a | |
| Lenovo ThinkCentre QT B415 Firmware | ||
| Lenovo ThinkCentre QT M415 Firmware | <m16kt67a | |
| Lenovo ThinkCentre QT M415 Firmware | ||
| Lenovo thinkcentre e75 t\/s firmware | <m16kt67a | |
| Lenovo thinkcentre e75 t\/s | ||
| Lenovo ideacentre 310s-08igm firmware | <=m1tkt31a | |
| Lenovo ideacentre 310s-08igm | ||
| Microsoft Windows 10 | ||
| Lenovo ideacentre 510a-15arr firmware | <=o4dkt41a | |
| Lenovo ideacentre 510a-15arr | ||
| Lenovo ideacentre 510s-07icb firmware | <m22kt46a | |
| Lenovo ideacentre 510s-07icb | ||
| Lenovo ideacentre 510s-07ick firmware | <m30kt24a | |
| Lenovo ideacentre 510s-07ick | ||
| Lenovo ideacentre 510s-07ick firmware | <m30kt23a | |
| Lenovo V30a-22iml Firmware | <m37kt26a | |
| Lenovo V30a-22iml Firmware | ||
| Lenovo V330 Firmware | <=m1tkt32a | |
| Lenovo V330 Firmware | ||
| Lenovo v50a-24imb | <m36kt27a | |
| Lenovo v50a-24imb | ||
| Lenovo V50s-07imb Firmware | <m2vkt18a | |
| Lenovo V50s-07imb | ||
| Lenovo V50a-22IMB Firmware | <m36kt27a | |
| Lenovo V50a-22IMB Firmware | ||
| Lenovo V50t-13imb G2 Firmware | <o4hkt33a | |
| Lenovo V50t-13imb G2 Firmware | ||
| Lenovo V50t-13imb G2 Firmware | <m3gkt29a | |
| Lenovo V50t-13imb G2 Firmware | ||
| Lenovo V520 | <m16kt67a | |
| Lenovo V520 Firmware | ||
| Lenovo V520s | <m16kt67a | |
| Lenovo V520s | ||
| Lenovo V530-15ARR Firmware | <=o4dkt41a | |
| Lenovo V530-15ARR | ||
| Lenovo V530-15ICR | <m2ykt29a | |
| Lenovo V530-15ICR Firmware | ||
| Lenovo v530s-07icb firmware | <m30kt23a | |
| Lenovo v530s-07icb | ||
| Lenovo V530s-07ICR | <m30kt23a | |
| Lenovo V530s-07ICR Firmware | ||
| Lenovo V55t-15API Firmware | <=o4dkt41a | |
| Lenovo V55t-15API | ||
| Lenovo Thinkstation P340 Tiny Workstation Firmware | <m2wkt49a | |
| Lenovo Thinkstation P340 Tiny Workstation | ||
| Lenovo Thinkstation P340 Firmware | <s08kt3fa | |
| Lenovo Thinkstation P340 Firmware | ||
| Lenovo ThinkStation P520 | <=s03kt49a | |
| Lenovo ThinkStation P520 Workstation | ||
| Lenovo Thinkstation P520c | <=s03kt49a | |
| Lenovo ThinkStation P520c Workstation | ||
| lenovo thinkstation p720 firmware | <s04kt54a\/s04kt54p | |
| Lenovo ThinkStation P720 Workstation | ||
| lenovo thinkstation p920 firmware | <s04kt54a\/s04kt54p | |
| Lenovo thinkstation p920 |
Remedy
Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-67440.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-3519?
CVE-2021-3519 is classified as a moderate severity vulnerability due to its potential to allow unauthorized access to the boot menu.
How do I fix CVE-2021-3519?
To mitigate CVE-2021-3519, disable the "BIOS Password At Boot Device List" setting in the affected Lenovo systems' BIOS.
Which Lenovo models are affected by CVE-2021-3519?
CVE-2021-3519 affects several Lenovo desktop models including Ideacentre C5, 3, 5, G5, Creator, and ThinkCentre models.
What is the impact of CVE-2021-3519?
The impact of CVE-2021-3519 allows unauthorized users to potentially boot the system from an unprotected device.
Are there any available updates for CVE-2021-3519?
Lenovo has released specific firmware updates to address the vulnerability CVE-2021-3519 for affected models.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/lenovo
- canonical/lenovo ideacentre c5-14mb05
- canonical/lenovo ideacentre c5-14mb05 firmware
- canonical/lenovo ideacentre 3-07imb05 firmware
- canonical/lenovo ideacentre 3-07imb05
- canonical/lenovo ideacentre 5-14imb05 firmware
- canonical/lenovo ideacentre 5-14imb05
- canonical/lenovo ideacentre gaming 5-14iob6
- canonical/lenovo ideacentre creator 5-14iob6
- canonical/lenovo ideacentre creator 5-14iob6 firmware
- canonical/lenovo ideacentre g5-14imb05 firmware
- canonical/lenovo ideacentre g5-14imb05
- canonical/lenovo ideacentre gaming 5-14iob6 firmware
- canonical/lenovo thinkcentre m60e tiny
- canonical/lenovo thinkcentre m630e
- canonical/lenovo thinkcentre m70a
- version/lenovo thinkcentre m70a/m2skt21a
- canonical/lenovo thinkcentre m70a gen 3
- canonical/lenovo thinkcentre m70s firmware
- canonical/lenovo thinkcentre m70s
- canonical/lenovo thinkcentre m70t
- canonical/lenovo thinkcentre m710e firmware
- canonical/lenovo ideacentre m710e
- canonical/lenovo thinkcentre m710s firmware
- canonical/lenovo thinkcentre m710s
- canonical/lenovo ideacentre m710t firmware
- canonical/lenovo thinkcentre m710t
- canonical/lenovo thinkcentre m720e
- canonical/lenovo thinkcentre m75n
- canonical/lenovo ideacentre m75s gen 2 firmware
- canonical/lenovo thinkcentre m70a gen 2
- canonical/lenovo thinkcentre m70c firmware
- canonical/lenovo thinkcentre m70c
- canonical/lenovo thinkcentre m70q firmware
- canonical/lenovo ideacentre m75t gen 2
- canonical/lenovo thinkcentre m75t gen 2 firmware
- canonical/lenovo ideacentre m80q
- canonical/lenovo ideacentre m80s firmware
- canonical/lenovo thinkcentre m80s gen 3
- canonical/lenovo thinkcentre m80t firmware
- canonical/lenovo thinkcentre m80t gen 3
- canonical/lenovo thinkcentre m810z all-in-one firmware
- canonical/lenovo thinkcentre m810z all-in-one
- canonical/lenovo thinkcentre m820z all-in-one
- canonical/lenovo thinkcentre m90a gen 2 firmware
- canonical/lenovo thinkcentre m90a tiny
- canonical/lenovo ideacentre m90q tiny firmware
- canonical/lenovo thinkcentre m90s firmware
- canonical/lenovo thinkcentre m90s gen 3
- canonical/lenovo thinkcentre m90t firmware
- canonical/lenovo thinkcentre m90t gen 3
- canonical/lenovo thinkcentre qt m410
- canonical/lenovo thinkcentre qt m410 firmware
- canonical/lenovo thinkcentre qt b415 firmware
- canonical/lenovo thinkcentre qt m415 firmware
- canonical/lenovo thinkcentre e75 t\/s firmware
- canonical/lenovo thinkcentre e75 t\/s
- canonical/lenovo ideacentre 310s-08igm firmware
- version/lenovo ideacentre 310s-08igm firmware/m1tkt31a
- canonical/lenovo ideacentre 310s-08igm
- vendor/microsoft
- canonical/microsoft windows 10
- canonical/lenovo ideacentre 510a-15arr firmware
- version/lenovo ideacentre 510a-15arr firmware/o4dkt41a
- canonical/lenovo ideacentre 510a-15arr
- canonical/lenovo ideacentre 510s-07icb firmware
- canonical/lenovo ideacentre 510s-07icb
- canonical/lenovo ideacentre 510s-07ick firmware
- canonical/lenovo ideacentre 510s-07ick
- canonical/lenovo v30a-22iml firmware
- canonical/lenovo v330 firmware
- version/lenovo v330 firmware/m1tkt32a
- canonical/lenovo v50a-24imb
- canonical/lenovo v50s-07imb firmware
- canonical/lenovo v50s-07imb
- canonical/lenovo v50a-22imb firmware
- canonical/lenovo v50t-13imb g2 firmware
- canonical/lenovo v520
- canonical/lenovo v520 firmware
- canonical/lenovo v520s
- canonical/lenovo v530-15arr firmware
- version/lenovo v530-15arr firmware/o4dkt41a
- canonical/lenovo v530-15arr
- canonical/lenovo v530-15icr
- canonical/lenovo v530-15icr firmware
- canonical/lenovo v530s-07icb firmware
- canonical/lenovo v530s-07icb
- canonical/lenovo v530s-07icr
- canonical/lenovo v530s-07icr firmware
- canonical/lenovo v55t-15api firmware
- version/lenovo v55t-15api firmware/o4dkt41a
- canonical/lenovo v55t-15api
- canonical/lenovo thinkstation p340 tiny workstation firmware
- canonical/lenovo thinkstation p340 tiny workstation
- canonical/lenovo thinkstation p340 firmware
- canonical/lenovo thinkstation p520
- version/lenovo thinkstation p520/s03kt49a
- canonical/lenovo thinkstation p520 workstation
- canonical/lenovo thinkstation p520c
- version/lenovo thinkstation p520c/s03kt49a
- canonical/lenovo thinkstation p520c workstation
- canonical/lenovo thinkstation p720 firmware
- canonical/lenovo thinkstation p720 workstation
- canonical/lenovo thinkstation p920 firmware
- canonical/lenovo thinkstation p920