{"containers":{"cna":{"affected":[{"product":"Notebook BIOS","vendor":"Lenovo","versions":[{"status":"affected","version":"various"}]}],"credits":[{"lang":"en","value":"Lenovo thanks Martin Smolár from ESET for reporting this issue."}],"descriptions":[{"lang":"en","value":"A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-489","description":"CWE-489 Leftover Debug Code","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-22T20:30:40.000Z","orgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","shortName":"lenovo"},"references":[{"tags":["x_refsource_MISC"],"url":"https://support.lenovo.com/us/en/product_security/LEN-73440"}],"solutions":[{"lang":"en","value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."}],"source":{"advisory":"LEN-73440","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@lenovo.com","ID":"CVE-2021-3972","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Notebook BIOS","version":{"version_data":[{"version_affected":"=","version_value":"various"}]}}]},"vendor_name":"Lenovo"}]}},"credit":[{"lang":"eng","value":"Lenovo thanks Martin Smolár from ESET for reporting this issue."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-489 Leftover Debug Code"}]}]},"references":{"reference_data":[{"name":"https://support.lenovo.com/us/en/product_security/LEN-73440","refsource":"MISC","url":"https://support.lenovo.com/us/en/product_security/LEN-73440"}]},"solution":[{"lang":"en","value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-73440."}],"source":{"advisory":"LEN-73440","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:09:09.723Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://support.lenovo.com/us/en/product_security/LEN-73440"}]}]},"cveMetadata":{"assignerOrgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","assignerShortName":"lenovo","cveId":"CVE-2021-3972","datePublished":"2022-04-22T20:30:40.000Z","dateReserved":"2021-11-17T00:00:00.000Z","dateUpdated":"2024-08-03T17:09:09.723Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}