CWE
636
Advisory Published
Updated

CVE-2021-3614

First published: Fri Jul 16 2021(Updated: )

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Credit: psirt@lenovo.com

Affected SoftwareAffected VersionHow to fix
Lenovo Ideapad 1-11ada05 Firmware=fqcn19ww
Lenovo Ideapad 1-11ada05
Lenovo Ideapad 1-14ada05 Firmware=fqcn19ww
Lenovo Ideapad 1-14ada05
Lenovo V130-15ikb Firmware
Lenovo V130-15ikb
Lenovo 100e 2nd Gen Firmware
Lenovo 100e 2nd Gen
Lenovo 300e 2nd Gen Firmware
Lenovo 300e 2nd Gen
Lenovo Ideapad 730-13iml Firmware
Lenovo Ideapad 730-13iml
Lenovo Ideapad Flex 5-14alc05 Firmware
Lenovo Ideapad Flex 5-14alc05
Lenovo Ideapad Flex 5-15alc05 Firmware
Lenovo Ideapad Flex 5-15alc05
Lenovo Ideapad 1-11igl05 Firmware
Lenovo Ideapad 1-11igl05
Lenovo Ideapad 1-14igl05 Firmware
Lenovo Ideapad 1-14igl05
Lenovo Ideapad S940-14iil Firmware
Lenovo Ideapad S940-14iil
Lenovo Ideapad S940-14iwl Firmware
Lenovo Ideapad S940-14iwl
Lenovo Ideapad Slim 1-11ast-05 Firmware
Lenovo Ideapad Slim 1-11ast-05
Lenovo Ideapad Slim 1-14ast-05 Firmware
Lenovo Ideapad Slim 1-14ast-05
Lenovo V130-15igm Firmware
Lenovo V130-15igm
Lenovo V330-15ikb Firmware
Lenovo V330-15ikb
Lenovo V330-15isk Firmware
Lenovo V330-15isk
Lenovo Ideapad Yoga C940-15irh Firmware
Lenovo Ideapad Yoga C940-15irh
Lenovo Ideapad Yoga S730-13iml Firmware
Lenovo Ideapad Yoga S730-13iml
Lenovo Ideapad Yoga S940-14iil Firmware
Lenovo Ideapad Yoga S940-14iil
Lenovo Ideapad Yoga S940-14iwl Firmware
Lenovo Ideapad Yoga S940-14iwl

Remedy

Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2021-3614?

    CVE-2021-3614 is a vulnerability that allows an attacker with physical access to Lenovo Notebook systems to elevate privileges during a BIOS update.

  • How severe is CVE-2021-3614?

    CVE-2021-3614 has a severity value of 6.8, which is considered medium.

  • Which Lenovo Notebook systems are affected by CVE-2021-3614?

    Lenovo Ideapad 1-11ada05 Firmware (version fqcn19ww) and Lenovo Ideapad 1-14ada05 Firmware (version fqcn19ww) are affected by CVE-2021-3614.

  • How can an attacker exploit CVE-2021-3614?

    An attacker with physical access can exploit CVE-2021-3614 during a BIOS update performed by Lenovo Vantage.

  • Where can I find more information about CVE-2021-3614?

    You can find more information about CVE-2021-3614 on the Lenovo Product Security website.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203