CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-07-16 21:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-3453

Mitre link : CVE-2021-3453

CVE.ORG link : CVE-2021-3453

JSON object : View

Products Affected

lenovo

thinkpad_w550s_firmware
thinkpad_yoga_15
yoga_s730-13iml_firmware
ideapad_1-11igl05
thinkpad_x1_carbon_3rd_gen_firmware
ideapad_1-14igl05_firmware
yoga_s940-14iwl_firmware
thinkpad_t550_firmware
thinkpad_t550
ideapad_s940-14iwl
thinkpad_x250_firmware
thinkpad_x1_carbon_3rd_gen
ideapad_s940-14iil
yoga_s940-14iwl
ideapad_slim_1-11ast-05_firmware
ideapad_slim_1-14ast-05
ideapad_s940-14iil_firmware
v330-15ikb_firmware
ideapad_s940-14iwl_firmware
yoga_s940-14iil
v330-15isk_firmware
v130-15igm
v330-15isk
ideapad_slim_1-14ast-05_firmware
thinkpad_w550s
730s-13iml
ideapad_slim_1-11ast-05
thinkpad_yoga_15_firmware
thinkpad_helix_firmware
thinkpad_helix
yoga_s940-14iil_firmware
ideacentre_aio_5-24imb05_firmware
ideapad_1-14igl05
yoga_s730-13iml
thinkpad_x250
ideapad_1-11igl05_firmware
v130-15igm_firmware
v330-15ikb
ideacentre_aio_5-74imb05_firmware
ideacentre_aio_5-24imb05
730s-13iml_firmware
ideacentre_aio_5-74imb05

CWE

NVD-CWE-noinfo CWE-693

Protection Mechanism Failure

4.6 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3453

4.6^/10

2.1^/10

Attach tags to `CVE-2021-3453`