CVE-2021-3453

Severity Score

4.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Algunos sistemas de portátiles, ThinkPad y ordenadores de sobremesa de Lenovo presentan módulos BIOS desprotegidos por Intel Boot Guard que podrían permitir a un atacante con acceso físico la habilidad de escribir en el almacenamiento flash SPI

*Credits: Lenovo thanks Binarly efiXplorer team for reporting these issues.

CVSS Scores

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-03-19 CVE Reserved
2021-07-16 CVE Published
2024-03-31 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-693: Protection Mechanism Failure

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.lenovo.com/us/en/product_security/LEN-65529	2021-07-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lenovo Search vendor "Lenovo"	Thinkpad Helix Firmware Search vendor "Lenovo" for product "Thinkpad Helix Firmware"	n17etb4w Search vendor "Lenovo" for product "Thinkpad Helix Firmware" and version "n17etb4w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad Helix Search vendor "Lenovo" for product "Thinkpad Helix"	-	-	Safe
Lenovo Search vendor "Lenovo"	Thinkpad T550 Firmware Search vendor "Lenovo" for product "Thinkpad T550 Firmware"	n11et53w Search vendor "Lenovo" for product "Thinkpad T550 Firmware" and version "n11et53w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad T550 Search vendor "Lenovo" for product "Thinkpad T550"	-	-	Safe
Lenovo Search vendor "Lenovo"	Thinkpad W550s Firmware Search vendor "Lenovo" for product "Thinkpad W550s Firmware"	n11et53w Search vendor "Lenovo" for product "Thinkpad W550s Firmware" and version "n11et53w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad W550s Search vendor "Lenovo" for product "Thinkpad W550s"	-	-	Safe
Lenovo Search vendor "Lenovo"	Thinkpad X1 Carbon 3rd Gen Firmware Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen Firmware"	n14et55w Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen Firmware" and version "n14et55w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad X1 Carbon 3rd Gen Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen"	-	-	Safe
Lenovo Search vendor "Lenovo"	Thinkpad X250 Firmware Search vendor "Lenovo" for product "Thinkpad X250 Firmware"	n10et62w Search vendor "Lenovo" for product "Thinkpad X250 Firmware" and version "n10et62w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad X250 Search vendor "Lenovo" for product "Thinkpad X250"	-	-	Safe
Lenovo Search vendor "Lenovo"	Thinkpad Yoga 15 Firmware Search vendor "Lenovo" for product "Thinkpad Yoga 15 Firmware"	n19et65w Search vendor "Lenovo" for product "Thinkpad Yoga 15 Firmware" and version "n19et65w"	-	Affected	in	Lenovo Search vendor "Lenovo"	Thinkpad Yoga 15 Search vendor "Lenovo" for product "Thinkpad Yoga 15"	-	-	Safe
Lenovo Search vendor "Lenovo"	730s-13iml Firmware Search vendor "Lenovo" for product "730s-13iml Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	730s-13iml Search vendor "Lenovo" for product "730s-13iml"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad 1-11igl05 Firmware Search vendor "Lenovo" for product "Ideapad 1-11igl05 Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad 1-11igl05 Search vendor "Lenovo" for product "Ideapad 1-11igl05"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad 1-14igl05 Firmware Search vendor "Lenovo" for product "Ideapad 1-14igl05 Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad 1-14igl05 Search vendor "Lenovo" for product "Ideapad 1-14igl05"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad S940-14iil Firmware Search vendor "Lenovo" for product "Ideapad S940-14iil Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad S940-14iil Search vendor "Lenovo" for product "Ideapad S940-14iil"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad S940-14iwl Firmware Search vendor "Lenovo" for product "Ideapad S940-14iwl Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad S940-14iwl Search vendor "Lenovo" for product "Ideapad S940-14iwl"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad Slim 1-11ast-05 Firmware Search vendor "Lenovo" for product "Ideapad Slim 1-11ast-05 Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad Slim 1-11ast-05 Search vendor "Lenovo" for product "Ideapad Slim 1-11ast-05"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideapad Slim 1-14ast-05 Firmware Search vendor "Lenovo" for product "Ideapad Slim 1-14ast-05 Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideapad Slim 1-14ast-05 Search vendor "Lenovo" for product "Ideapad Slim 1-14ast-05"	-	-	Safe
Lenovo Search vendor "Lenovo"	V130-15igm Firmware Search vendor "Lenovo" for product "V130-15igm Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	V130-15igm Search vendor "Lenovo" for product "V130-15igm"	-	-	Safe
Lenovo Search vendor "Lenovo"	V330-15ikb Firmware Search vendor "Lenovo" for product "V330-15ikb Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	V330-15ikb Search vendor "Lenovo" for product "V330-15ikb"	-	-	Safe
Lenovo Search vendor "Lenovo"	V330-15isk Firmware Search vendor "Lenovo" for product "V330-15isk Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	V330-15isk Search vendor "Lenovo" for product "V330-15isk"	-	-	Safe
Lenovo Search vendor "Lenovo"	Yoga S730-13iml Firmware Search vendor "Lenovo" for product "Yoga S730-13iml Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Yoga S730-13iml Search vendor "Lenovo" for product "Yoga S730-13iml"	-	-	Safe
Lenovo Search vendor "Lenovo"	Yoga S940-14iil Firmware Search vendor "Lenovo" for product "Yoga S940-14iil Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Yoga S940-14iil Search vendor "Lenovo" for product "Yoga S940-14iil"	-	-	Safe
Lenovo Search vendor "Lenovo"	Yoga S940-14iwl Firmware Search vendor "Lenovo" for product "Yoga S940-14iwl Firmware"	-	-	Affected	in	Lenovo Search vendor "Lenovo"	Yoga S940-14iwl Search vendor "Lenovo" for product "Yoga S940-14iwl"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideacentre Aio 5-24imb05 Firmware Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05 Firmware"	< 2021-09-30 Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05 Firmware" and version " < 2021-09-30"	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideacentre Aio 5-24imb05 Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05"	-	-	Safe
Lenovo Search vendor "Lenovo"	Ideacentre Aio 5-74imb05 Firmware Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05 Firmware"	< 2021-09-30 Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05 Firmware" and version " < 2021-09-30"	-	Affected	in	Lenovo Search vendor "Lenovo"	Ideacentre Aio 5-74imb05 Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05"	-	-	Safe