CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:*:*:*:*:*:*:*

History

30 Jul 2021, 12:41

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.6
CWE		NVD-CWE-noinfo
References	~~(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 -~~	(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory
CPE		cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:::::::* cpe:2.3:h:lenovo:v330-15ikb:-:::::::* cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:::::::* cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:::::::* cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:::::::* cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:::::::* cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:::::::* cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:::::::* cpe:2.3:h:lenovo:thinkpad_t550:-:::::::* cpe:2.3:h:lenovo:v130-15igm:-:::::::* cpe:2.3:h:lenovo:thinkpad_w550s:-:::::::* cpe:2.3:h:lenovo:yoga_s730-13iml:-:::::::* cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:::::::: cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:::::::* cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:::::::* cpe:2.3:h:lenovo:yoga_s940-14iil:-:::::::* cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:::::::* cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:::::::: cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:::::::* cpe:2.3:o:lenovo:v130-15igm_firmware:-:::::::* cpe:2.3:h:lenovo:730s-13iml:-:::::::* cpe:2.3:h:lenovo:ideapad_s940-14iil:-:::::::* cpe:2.3:h:lenovo:yoga_s940-14iwl:-:::::::* cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:::::::* cpe:2.3:h:lenovo:thinkpad_helix:-:::::::* cpe:2.3:o:lenovo:730s-13iml_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-11igl05:-:::::::* cpe:2.3:h:lenovo:v330-15isk:-:::::::* cpe:2.3:h:lenovo:ideapad_1-14igl05:-:::::::* cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:::::::* cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:::::::* cpe:2.3:h:lenovo:thinkpad_x250:-:::::::* cpe:2.3:o:lenovo:v330-15isk_firmware:-:::::::* cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:::::::* cpe:2.3:o:lenovo:v330-15ikb_firmware:-:::::::* cpe:2.3:h:lenovo:thinkpad_yoga_15:-:::::::*

16 Jul 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-16 21:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-3453

Mitre link : CVE-2021-3453

CVE.ORG link : CVE-2021-3453

JSON object : View

Products Affected

lenovo

ideapad_slim_1-14ast-05
thinkpad_t550_firmware
ideacentre_aio_5-24imb05
thinkpad_x250
thinkpad_yoga_15
v130-15igm
730s-13iml
thinkpad_w550s
ideapad_slim_1-14ast-05_firmware
yoga_s940-14iil_firmware
ideapad_1-11igl05_firmware
thinkpad_x1_carbon_3rd_gen_firmware
v130-15igm_firmware
ideacentre_aio_5-74imb05
ideapad_s940-14iil_firmware
ideapad_1-14igl05
v330-15ikb_firmware
v330-15isk_firmware
yoga_s730-13iml
ideapad_1-11igl05
v330-15isk
ideapad_slim_1-11ast-05_firmware
730s-13iml_firmware
yoga_s940-14iil
thinkpad_yoga_15_firmware
thinkpad_w550s_firmware
v330-15ikb
ideacentre_aio_5-74imb05_firmware
ideapad_s940-14iwl_firmware
ideacentre_aio_5-24imb05_firmware
yoga_s940-14iwl_firmware
thinkpad_x250_firmware
ideapad_s940-14iwl
thinkpad_t550
ideapad_slim_1-11ast-05
thinkpad_helix
yoga_s940-14iwl
thinkpad_x1_carbon_3rd_gen
thinkpad_helix_firmware
yoga_s730-13iml_firmware
ideapad_s940-14iil
ideapad_1-14igl05_firmware

CWE

NVD-CWE-noinfo CWE-693

Protection Mechanism Failure

4.6 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3453

4.6^/10

2.1^/10

Attach tags to `CVE-2021-3453`