CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS v3 6.8 MEDIUM
CVSS v2.0 2.1 LOW

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-65529	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:21

Type	Values Removed	Values Added
References	~~() https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory~~	() https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory
CVSS	v2 : ~~2.1~~ v3 : ~~4.6~~	v2 : 2.1 v3 : 6.8

30 Jul 2021, 12:41

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
References	~~(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 -~~	(MISC) https://support.lenovo.com/us/en/product_security/LEN-65529 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.6
CPE		cpe:2.3:h:lenovo:ideapad_s940-14iwl:-:::::::* cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:::::::* cpe:2.3:h:lenovo:ideacentre_aio_5-74imb05:-:::::::* cpe:2.3:h:lenovo:v330-15isk:-:::::::* cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:::::::* cpe:2.3:o:lenovo:v330-15ikb_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-11ast-05:-:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:::::::* cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:::::::* cpe:2.3:h:lenovo:v330-15ikb:-:::::::* cpe:2.3:h:lenovo:yoga_s730-13iml:-:::::::* cpe:2.3:h:lenovo:ideapad_slim_1-14ast-05:-:::::::* cpe:2.3:h:lenovo:ideapad_s940-14iil:-:::::::* cpe:2.3:h:lenovo:v130-15igm:-:::::::* cpe:2.3:h:lenovo:thinkpad_x250:-:::::::* cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:::::::* cpe:2.3:o:lenovo:730s-13iml_firmware:-:::::::* cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:::::::* cpe:2.3:o:lenovo:v330-15isk_firmware:-:::::::* cpe:2.3:h:lenovo:thinkpad_w550s:-:::::::* cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:::::::: cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:::::::: cpe:2.3:h:lenovo:ideacentre_aio_5-24imb05:-:::::::* cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:::::::* cpe:2.3:h:lenovo:thinkpad_yoga_15:-:::::::* cpe:2.3:h:lenovo:thinkpad_t550:-:::::::* cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:::::::* cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:::::::* cpe:2.3:h:lenovo:ideapad_1-14igl05:-:::::::* cpe:2.3:o:lenovo:v130-15igm_firmware:-:::::::* cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:::::::* cpe:2.3:h:lenovo:ideapad_1-11igl05:-:::::::* cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:::::::* cpe:2.3:h:lenovo:730s-13iml:-:::::::* cpe:2.3:h:lenovo:yoga_s940-14iwl:-:::::::* cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:::::::* cpe:2.3:h:lenovo:yoga_s940-14iil:-:::::::* cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:::::::* cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:::::::* cpe:2.3:h:lenovo:thinkpad_helix:-:::::::*

16 Jul 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-16 21:15

Updated : 2024-11-21 06:21

NVD link : CVE-2021-3453

Mitre link : CVE-2021-3453

CVE.ORG link : CVE-2021-3453

JSON object : View

Products Affected

lenovo

ideapad_slim_1-11ast-05_firmware
v330-15isk
ideapad_1-14igl05_firmware
ideapad_s940-14iwl_firmware
v130-15igm
yoga_s940-14iwl_firmware
yoga_s940-14iil
ideacentre_aio_5-74imb05
yoga_s940-14iwl
thinkpad_t550
thinkpad_x1_carbon_3rd_gen_firmware
thinkpad_t550_firmware
ideacentre_aio_5-74imb05_firmware
ideapad_1-11igl05_firmware
ideapad_1-14igl05
ideapad_s940-14iil
thinkpad_x250
ideapad_s940-14iwl
ideacentre_aio_5-24imb05
thinkpad_x1_carbon_3rd_gen
ideapad_s940-14iil_firmware
yoga_s730-13iml_firmware
thinkpad_x250_firmware
v330-15isk_firmware
ideapad_slim_1-11ast-05
thinkpad_w550s_firmware
ideapad_1-11igl05
ideacentre_aio_5-24imb05_firmware
ideapad_slim_1-14ast-05
yoga_s940-14iil_firmware
v330-15ikb
thinkpad_yoga_15_firmware
thinkpad_yoga_15
ideapad_slim_1-14ast-05_firmware
v330-15ikb_firmware
yoga_s730-13iml
thinkpad_w550s
730s-13iml_firmware
730s-13iml
thinkpad_helix_firmware
v130-15igm_firmware
thinkpad_helix

CWE

CWE-693

Protection Mechanism Failure

NVD-CWE-noinfo

6.8 /10