What is CVE-2021-3614?

CVE-2021-3614 is a vulnerability that allows an attacker with physical access to Lenovo Notebook systems to elevate privileges during a BIOS update.

How severe is CVE-2021-3614?

CVE-2021-3614 has a severity value of 6.8, which is considered medium.

Which Lenovo Notebook systems are affected by CVE-2021-3614?

Lenovo Ideapad 1-11ada05 Firmware (version fqcn19ww) and Lenovo Ideapad 1-14ada05 Firmware (version fqcn19ww) are affected by CVE-2021-3614.

How can an attacker exploit CVE-2021-3614?

An attacker with physical access can exploit CVE-2021-3614 during a BIOS update performed by Lenovo Vantage.

Where can I find more information about CVE-2021-3614?

You can find more information about CVE-2021-3614 on the Lenovo Product Security website.

Vulnerability/
CVE-2021-3614

medium

6.8

CWE

636

16/7/2021

3/8/2024

CVE-2021-3614

First published: Fri Jul 16 2021(Updated: )

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Credit: psirt@lenovo.com

Affected Software	Affected Version	How to fix
Lenovo Ideapad 1-11ada05 Firmware	=fqcn19ww
Lenovo Ideapad 1-11ada05
Lenovo Ideapad 1-14ada05 Firmware	=fqcn19ww
Lenovo Ideapad 1-14ada05
Lenovo V130-15ikb Firmware
Lenovo V130-15ikb
Lenovo 100e 2nd Gen Firmware
Lenovo 100e 2nd Gen
Lenovo 300e 2nd Gen Firmware
Lenovo 300e 2nd Gen
Lenovo Ideapad 730-13iml Firmware
Lenovo Ideapad 730-13iml
Lenovo Ideapad Flex 5-14alc05 Firmware
Lenovo Ideapad Flex 5-14alc05
Lenovo Ideapad Flex 5-15alc05 Firmware
Lenovo Ideapad Flex 5-15alc05
Lenovo Ideapad 1-11igl05 Firmware
Lenovo Ideapad 1-11igl05
Lenovo Ideapad 1-14igl05 Firmware
Lenovo Ideapad 1-14igl05
Lenovo Ideapad S940-14iil Firmware
Lenovo Ideapad S940-14iil
Lenovo Ideapad S940-14iwl Firmware
Lenovo Ideapad S940-14iwl
Lenovo Ideapad Slim 1-11ast-05 Firmware
Lenovo Ideapad Slim 1-11ast-05
Lenovo Ideapad Slim 1-14ast-05 Firmware
Lenovo Ideapad Slim 1-14ast-05
Lenovo V130-15igm Firmware
Lenovo V130-15igm
Lenovo V330-15ikb Firmware
Lenovo V330-15ikb
Lenovo V330-15isk Firmware
Lenovo V330-15isk
Lenovo Ideapad Yoga C940-15irh Firmware
Lenovo Ideapad Yoga C940-15irh
Lenovo Ideapad Yoga S730-13iml Firmware
Lenovo Ideapad Yoga S730-13iml
Lenovo Ideapad Yoga S940-14iil Firmware
Lenovo Ideapad Yoga S940-14iil
Lenovo Ideapad Yoga S940-14iwl Firmware
Lenovo Ideapad Yoga S940-14iwl

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.

Never miss a vulnerability like this again

Reference Links

https://support.lenovo.com/us/en/product_security/LEN-65529

Frequently Asked Questions

What is CVE-2021-3614?
CVE-2021-3614 is a vulnerability that allows an attacker with physical access to Lenovo Notebook systems to elevate privileges during a BIOS update.
How severe is CVE-2021-3614?
CVE-2021-3614 has a severity value of 6.8, which is considered medium.
Which Lenovo Notebook systems are affected by CVE-2021-3614?
Lenovo Ideapad 1-11ada05 Firmware (version fqcn19ww) and Lenovo Ideapad 1-14ada05 Firmware (version fqcn19ww) are affected by CVE-2021-3614.
How can an attacker exploit CVE-2021-3614?
An attacker with physical access can exploit CVE-2021-3614 during a BIOS update performed by Lenovo Vantage.
Where can I find more information about CVE-2021-3614?
You can find more information about CVE-2021-3614 on the Lenovo Product Security website.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/remedy
agent/last-modified-date
agent/author
agent/severity
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/lenovo
canonical/lenovo ideapad 1-11ada05 firmware
version/lenovo ideapad 1-11ada05 firmware/fqcn19ww
canonical/lenovo ideapad 1-11ada05
canonical/lenovo ideapad 1-14ada05 firmware
version/lenovo ideapad 1-14ada05 firmware/fqcn19ww
canonical/lenovo ideapad 1-14ada05
canonical/lenovo v130-15ikb firmware
canonical/lenovo v130-15ikb
canonical/lenovo 100e 2nd gen firmware
canonical/lenovo 100e 2nd gen
canonical/lenovo 300e 2nd gen firmware
canonical/lenovo 300e 2nd gen
canonical/lenovo ideapad 730-13iml firmware
canonical/lenovo ideapad 730-13iml
canonical/lenovo ideapad flex 5-14alc05 firmware
canonical/lenovo ideapad flex 5-14alc05
canonical/lenovo ideapad flex 5-15alc05 firmware
canonical/lenovo ideapad flex 5-15alc05
canonical/lenovo ideapad 1-11igl05 firmware
canonical/lenovo ideapad 1-11igl05
canonical/lenovo ideapad 1-14igl05 firmware
canonical/lenovo ideapad 1-14igl05
canonical/lenovo ideapad s940-14iil firmware
canonical/lenovo ideapad s940-14iil
canonical/lenovo ideapad s940-14iwl firmware
canonical/lenovo ideapad s940-14iwl
canonical/lenovo ideapad slim 1-11ast-05 firmware
canonical/lenovo ideapad slim 1-11ast-05
canonical/lenovo ideapad slim 1-14ast-05 firmware
canonical/lenovo ideapad slim 1-14ast-05
canonical/lenovo v130-15igm firmware
canonical/lenovo v130-15igm
canonical/lenovo v330-15ikb firmware
canonical/lenovo v330-15ikb
canonical/lenovo v330-15isk firmware
canonical/lenovo v330-15isk
canonical/lenovo ideapad yoga c940-15irh firmware
canonical/lenovo ideapad yoga c940-15irh
canonical/lenovo ideapad yoga s730-13iml firmware
canonical/lenovo ideapad yoga s730-13iml
canonical/lenovo ideapad yoga s940-14iil firmware
canonical/lenovo ideapad yoga s940-14iil
canonical/lenovo ideapad yoga s940-14iwl firmware
canonical/lenovo ideapad yoga s940-14iwl