Not Failing Securely ('Failing Open')

CVE-2021-3614

Medium

6.4/10

Summary

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo Vantage.

Attack Complexity: LOW
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-636 - Not Failing Securely ('Failing Open')

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

References

Advisory Timeline

Published Jul 16, 2021

Not Failing Securely ('Failing Open')

CVE-2021-3614

Summary

CWE-636 - Not Failing Securely ('Failing Open')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS