A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:HLenovo Ideacentre 3 07imb05
HWLenovowszystkie wersjeLenovo Ideacentre 3 07imb05 Firmware
OSLenovo< m2vkt18aLenovo Ideacentre 310s 08igm
HWLenovowszystkie wersjeLenovo Ideacentre 310s 08igm Firmware
OSLenovo≤ m1tkt31aLenovo Ideacentre 510a 15arr
HWLenovowszystkie wersjeLenovo Ideacentre 510a 15arr Firmware
OSLenovo≤ o4dkt41aLenovo Ideacentre 510s 07icb
HWLenovowszystkie wersjeLenovo Ideacentre 510s 07icb Firmware
OSLenovo< m22kt46aLenovo Ideacentre 510s 07ick
HWLenovowszystkie wersjeLenovo Ideacentre 510s 07ick Firmware
OSLenovo< m30kt24a< m30kt23aLenovo Ideacentre 5 14imb05
HWLenovowszystkie wersjeLenovo Ideacentre 5 14imb05 Firmware
OSLenovo< o4hkt33aLenovo Ideacentre 5 14iob6
HWLenovowszystkie wersjeLenovo Ideacentre 5 14iob6 Firmware
OSLenovo< m3gkt29aLenovo Ideacentre C5 14mb05
HWLenovowszystkie wersjeLenovo Ideacentre C5 14mb05 Firmware
OSLenovo< o4hkt33aLenovo Ideacentre Creator 5 14iob6
HWLenovowszystkie wersjeLenovo Ideacentre Creator 5 14iob6 Firmware
OSLenovo< m3gkt29aLenovo Ideacentre G5 14imb05
HWLenovowszystkie wersjeLenovo Ideacentre G5 14imb05 Firmware
OSLenovo< o4hkt33aLenovo Ideacentre Gaming 5 14iob6
HWLenovowszystkie wersjeLenovo Ideacentre Gaming 5 14iob6 Firmware
OSLenovo< m3gkt29aLenovo Thinkcentre E75 T\/s
HWLenovowszystkie wersjeLenovo Thinkcentre E75 T\/s Firmware
OSLenovo< m16kt67aLenovo Thinkcentre M60e Tiny
HWLenovowszystkie wersjeLenovo Thinkcentre M60e Tiny Firmware
OSLenovo< m3skt1eaLenovo Thinkcentre M630e
HWLenovowszystkie wersjeLenovo Thinkcentre M630e Firmware
OSLenovo< m28kt36aLenovo Thinkcentre M70a
HWLenovowszystkie wersjeLenovo Thinkcentre M70a Firmware
OSLenovo≤ m2skt21a
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
Related vulnerabilities
CVE-2016-4171CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbi...
CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
CVE-2023-36910CRITICAL9.8ten sam produkt
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36911CRITICAL9.8ten sam produkt
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-29411CRITICAL9.8ten sam produkt
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to admi...