7.8
HIGH
CVE-2021-3462
"Lenovo Power Management Driver Unprivileged Access Vulnerability"
Description

A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.

INFO

Published Date :

April 13, 2021, 9:15 p.m.

Last Modified :

Nov. 21, 2024, 6:21 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-3462 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Lenovo thinkpad_e480
2 Lenovo thinkpad_e580
3 Lenovo thinkpad_l380
4 Lenovo thinkpad_l380_yoga
5 Lenovo thinkpad_l480
6 Lenovo thinkpad_l580
7 Lenovo thinkpad_p51
8 Lenovo thinkpad_p51s
9 Lenovo thinkpad_p52
10 Lenovo thinkpad_p52s
11 Lenovo thinkpad_p71
12 Lenovo thinkpad_p72
13 Lenovo thinkpad_t470
14 Lenovo thinkpad_t470p
15 Lenovo thinkpad_t470s
16 Lenovo thinkpad_t480
17 Lenovo thinkpad_t480s
18 Lenovo thinkpad_t570
19 Lenovo thinkpad_t580
20 Lenovo thinkpad_x270
21 Lenovo thinkpad_x280
22 Lenovo thinkpad_x380_yoga
23 Lenovo thinkpad_yoga_370
24 Lenovo power_management_driver
25 Lenovo thinkpad_e14
26 Lenovo thinkpad_e15
27 Lenovo thinkpad_e490
28 Lenovo thinkpad_e590
29 Lenovo thinkpad_l15_gen_2
30 Lenovo thinkpad_l490
31 Lenovo thinkpad_l590
32 Lenovo thinkpad_p1_gen_2
33 Lenovo thinkpad_p1_gen_3
34 Lenovo thinkpad_p14s_gen_1
35 Lenovo thinkpad_p14s_gen_2
36 Lenovo thinkpad_p15_gen_1
37 Lenovo thinkpad_p15s_gen_1
38 Lenovo thinkpad_p15s_gen_2
39 Lenovo thinkpad_p15v_gen_1
40 Lenovo thinkpad_p17_gen_1
41 Lenovo thinkpad_p43s
42 Lenovo thinkpad_p53
43 Lenovo thinkpad_p53s
44 Lenovo thinkpad_p73
45 Lenovo thinkpad_t14_gen_1
46 Lenovo thinkpad_t14_gen_2
47 Lenovo thinkpad_t15_gen_2
48 Lenovo thinkpad_t15g_gen_1
49 Lenovo thinkpad_t15p_gen_1
50 Lenovo thinkpad_t490
51 Lenovo thinkpad_t490s
52 Lenovo thinkpad_t590
53 Lenovo thinkpad_x1_nano_gen_1
54 Lenovo thinkpad_x13_yoga_gen_1
55 Lenovo thinkpad_x13_yoga_gen_2
56 Lenovo thinkpad_x390
57 Lenovo thinkpad_x390_yoga
58 Lenovo thinkpad_s2_yoga_gen_6
59 Lenovo thinkpad_l13_yoga_gen_2
60 Lenovo thinkpad_l13_gen_2
61 Lenovo thinkpad_a275
62 Lenovo thinkpad_a475
63 Lenovo thinkpad_e470
64 Lenovo thinkpad_e570
65 Lenovo thinkpad_e475
66 Lenovo thinkpad_e575
67 Lenovo thinkpad_l470
68 Lenovo thinkpad_l570
69 Lenovo thinkpad_l390_yoga
70 Lenovo thinkpad_p1
71 Lenovo thinkpad_x1_extreme
72 Lenovo thinkpad_13_gen_2
73 Lenovo thinkpad_25
74 Lenovo thinkpad_a285
75 Lenovo thinkpad_a485
76 Lenovo thinkpad_e470c
77 Lenovo thinkpad_e495
78 Lenovo thinkpad_e570c
79 Lenovo thinkpad_e595
80 Lenovo thinkpad_l13
81 Lenovo thinkpad_l13_yoga
82 Lenovo thinkpad_l390
83 Lenovo thinkpad_r14
84 Lenovo thinkpad_r480
85 Lenovo thinkpad_s1_gen_4
86 Lenovo thinkpad_s2_gen_2
87 Lenovo thinkpad_s2_gen_5
88 Lenovo thinkpad_s2_yoga_gen_5
89 Lenovo thinkpad_s3_gen_2
90 Lenovo thinkpad_s5_gen_2
91 Lenovo thinkpad_t495
92 Lenovo thinkpad_x1_carbon_gen_5
93 Lenovo thinkpad_x1_carbon_gen_6
94 Lenovo thinkpad_x1_carbon_gen_7
95 Lenovo thinkpad_x1_extreme_2nd
96 Lenovo thinkpad_x1_tablet_gen_2
97 Lenovo thinkpad_x1_tablet_gen_3
98 Lenovo thinkpad_x1_yoga_gen_2
99 Lenovo thinkpad_x1_yoga_gen_3
100 Lenovo thinkpad_x1_yoga_gen_4
101 Lenovo thinkpad_x395
102 Lenovo thinkpad_11e_yoga_gen_6
103 Lenovo thinkpad_11e_gen_5
104 Lenovo thinkpad_e14_gen2
105 Lenovo thinkpad_e15_gen2
106 Lenovo thinkpad_l13_gen_1
107 Lenovo thinkpad_l13_yoga_gen_1
108 Lenovo thinkpad_l14_gen_1
109 Lenovo thinkpad_l14_gen_2
110 Lenovo thinkpad_l15_gen_1
111 Lenovo thinkpad_r14_gen_2
112 Lenovo thinkpad_s2_gen_6
113 Lenovo thinkpad_t14s_gen_1
114 Lenovo thinkpad_t14s_gen_2i
115 Lenovo thinkpad_t15_gen_1
116 Lenovo thinkpad_x1_carbon_gen_8
117 Lenovo thinkpad_x1_carbon_gen_9
118 Lenovo thinkpad_x1_extreme_gen_3
119 Lenovo thinkpad_x1_titanium_gen_1
120 Lenovo thinkpad_x1_yoga_gen_5
121 Lenovo thinkpad_x1_yoga_gen_6
122 Lenovo thinkpad_x12
123 Lenovo thinkpad_x13_gen_1
124 Lenovo thinkpad_x13_gen_2i
125 Lenovo thinkpad_yoga_11e_gen_5
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-3462.

URL Resource
https://support.lenovo.com/us/en/product_security/LEN-59174 Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-59174 Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-3462 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-3462 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://support.lenovo.com/us/en/product_security/LEN-59174
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Reanalysis by [email protected]

    Oct. 27, 2022

    Action Type Old Value New Value
    Removed CWE NIST CWE-269
    Added CWE NIST NVD-CWE-noinfo
  • Initial Analysis by [email protected]

    Apr. 23, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://support.lenovo.com/us/en/product_security/LEN-59174 No Types Assigned https://support.lenovo.com/us/en/product_security/LEN-59174 Vendor Advisory
    Added CWE NIST CWE-269
    Added CPE Configuration AND OR *cpe:2.3:a:lenovo:power_management_driver:*:*:*:*:*:windows_10:*:* versions up to (excluding) 1.67.17.54 OR cpe:2.3:h:lenovo:thinkpad_11e_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_11e_yoga_gen_6:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_13_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_25:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a275:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a285:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a475:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_a485:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e14:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e14_gen2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e15:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e15_gen2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e470c:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e475:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e490:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e495:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e570:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e570c:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e575:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e580:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e590:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_e595:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l13_yoga_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l14_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l14_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l15_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l15_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l380:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l380_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l390:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l390_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l490:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l570:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l580:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_l590:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p14s_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p14s_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p15_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p15s_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p15s_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p15v_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p17_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p1_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p1_gen_3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p43s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p51:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p51s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p52:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p52s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p53:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p53s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p71:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p72:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_p73:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_r14:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_r14_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_r480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s1_gen_4:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_gen_6:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s2_yoga_gen_6:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s3_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_s5_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t14_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t14_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t14s_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t14s_gen_2i:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t15_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t15_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t15g_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t15p_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470p:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t470s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t480:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t480s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t490:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t490s:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t495:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t570:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t580:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_t590:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x12:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x13_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x13_gen_2i:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x13_yoga_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_6:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_7:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_8:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_carbon_gen_9:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_extreme:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_extreme_2nd:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_extreme_gen_3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_nano_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_tablet_gen_3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_titanium_gen_1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_3:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_4:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x1_yoga_gen_6:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x270:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x280:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x380_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x390:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x390_yoga:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_x395:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_11e_gen_5:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_yoga_370:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-3462 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-3462 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability