{ "CVE_data_meta": { "ASSIGNER": "psirt@lenovo.com", "ID": "CVE-2021-3972", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Notebook BIOS", "version": { "version_data": [ { "version_affected": "=", "version_value": "various" } ] } } ] }, "vendor_name": "Lenovo" } ] } }, "credit": [ { "lang": "eng", "value": " Lenovo thanks Martin Smol\u00e1r from ESET for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-489 Leftover Debug Code" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://support.lenovo.com/us/en/product_security/LEN-73440", "name": "https://support.lenovo.com/us/en/product_security/LEN-73440" } ] }, "solution": [ { "lang": "eng", "value": "Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440." } ], "source": { "advisory": "LEN-73440", "discovery": "UNKNOWN" } }