// For flags

CVE-2021-3453

 

Severity Score

4.6
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Algunos sistemas de portátiles, ThinkPad y ordenadores de sobremesa de Lenovo presentan módulos BIOS desprotegidos por Intel Boot Guard que podrían permitir a un atacante con acceso físico la habilidad de escribir en el almacenamiento flash SPI

*Credits: Lenovo thanks Binarly efiXplorer team for reporting these issues.
CVSS Scores
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-19 CVE Reserved
  • 2021-07-16 CVE Published
  • 2024-03-31 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-693: Protection Mechanism Failure
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Lenovo
Search vendor "Lenovo"
Thinkpad Helix Firmware
Search vendor "Lenovo" for product "Thinkpad Helix Firmware"
n17etb4w
Search vendor "Lenovo" for product "Thinkpad Helix Firmware" and version "n17etb4w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad Helix
Search vendor "Lenovo" for product "Thinkpad Helix"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkpad T550 Firmware
Search vendor "Lenovo" for product "Thinkpad T550 Firmware"
n11et53w
Search vendor "Lenovo" for product "Thinkpad T550 Firmware" and version "n11et53w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad T550
Search vendor "Lenovo" for product "Thinkpad T550"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkpad W550s Firmware
Search vendor "Lenovo" for product "Thinkpad W550s Firmware"
n11et53w
Search vendor "Lenovo" for product "Thinkpad W550s Firmware" and version "n11et53w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad W550s
Search vendor "Lenovo" for product "Thinkpad W550s"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkpad X1 Carbon 3rd Gen Firmware
Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen Firmware"
n14et55w
Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen Firmware" and version "n14et55w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad X1 Carbon 3rd Gen
Search vendor "Lenovo" for product "Thinkpad X1 Carbon 3rd Gen"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkpad X250 Firmware
Search vendor "Lenovo" for product "Thinkpad X250 Firmware"
n10et62w
Search vendor "Lenovo" for product "Thinkpad X250 Firmware" and version "n10et62w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad X250
Search vendor "Lenovo" for product "Thinkpad X250"
--
Safe
Lenovo
Search vendor "Lenovo"
Thinkpad Yoga 15 Firmware
Search vendor "Lenovo" for product "Thinkpad Yoga 15 Firmware"
n19et65w
Search vendor "Lenovo" for product "Thinkpad Yoga 15 Firmware" and version "n19et65w"
-
Affected
in Lenovo
Search vendor "Lenovo"
Thinkpad Yoga 15
Search vendor "Lenovo" for product "Thinkpad Yoga 15"
--
Safe
Lenovo
Search vendor "Lenovo"
730s-13iml Firmware
Search vendor "Lenovo" for product "730s-13iml Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
730s-13iml
Search vendor "Lenovo" for product "730s-13iml"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad 1-11igl05 Firmware
Search vendor "Lenovo" for product "Ideapad 1-11igl05 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad 1-11igl05
Search vendor "Lenovo" for product "Ideapad 1-11igl05"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad 1-14igl05 Firmware
Search vendor "Lenovo" for product "Ideapad 1-14igl05 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad 1-14igl05
Search vendor "Lenovo" for product "Ideapad 1-14igl05"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad S940-14iil Firmware
Search vendor "Lenovo" for product "Ideapad S940-14iil Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad S940-14iil
Search vendor "Lenovo" for product "Ideapad S940-14iil"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad S940-14iwl Firmware
Search vendor "Lenovo" for product "Ideapad S940-14iwl Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad S940-14iwl
Search vendor "Lenovo" for product "Ideapad S940-14iwl"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad Slim 1-11ast-05 Firmware
Search vendor "Lenovo" for product "Ideapad Slim 1-11ast-05 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad Slim 1-11ast-05
Search vendor "Lenovo" for product "Ideapad Slim 1-11ast-05"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideapad Slim 1-14ast-05 Firmware
Search vendor "Lenovo" for product "Ideapad Slim 1-14ast-05 Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Ideapad Slim 1-14ast-05
Search vendor "Lenovo" for product "Ideapad Slim 1-14ast-05"
--
Safe
Lenovo
Search vendor "Lenovo"
V130-15igm Firmware
Search vendor "Lenovo" for product "V130-15igm Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
V130-15igm
Search vendor "Lenovo" for product "V130-15igm"
--
Safe
Lenovo
Search vendor "Lenovo"
V330-15ikb Firmware
Search vendor "Lenovo" for product "V330-15ikb Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
V330-15ikb
Search vendor "Lenovo" for product "V330-15ikb"
--
Safe
Lenovo
Search vendor "Lenovo"
V330-15isk Firmware
Search vendor "Lenovo" for product "V330-15isk Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
V330-15isk
Search vendor "Lenovo" for product "V330-15isk"
--
Safe
Lenovo
Search vendor "Lenovo"
Yoga S730-13iml Firmware
Search vendor "Lenovo" for product "Yoga S730-13iml Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Yoga S730-13iml
Search vendor "Lenovo" for product "Yoga S730-13iml"
--
Safe
Lenovo
Search vendor "Lenovo"
Yoga S940-14iil Firmware
Search vendor "Lenovo" for product "Yoga S940-14iil Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Yoga S940-14iil
Search vendor "Lenovo" for product "Yoga S940-14iil"
--
Safe
Lenovo
Search vendor "Lenovo"
Yoga S940-14iwl Firmware
Search vendor "Lenovo" for product "Yoga S940-14iwl Firmware"
--
Affected
in Lenovo
Search vendor "Lenovo"
Yoga S940-14iwl
Search vendor "Lenovo" for product "Yoga S940-14iwl"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideacentre Aio 5-24imb05 Firmware
Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05 Firmware"
< 2021-09-30
Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05 Firmware" and version " < 2021-09-30"
-
Affected
in Lenovo
Search vendor "Lenovo"
Ideacentre Aio 5-24imb05
Search vendor "Lenovo" for product "Ideacentre Aio 5-24imb05"
--
Safe
Lenovo
Search vendor "Lenovo"
Ideacentre Aio 5-74imb05 Firmware
Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05 Firmware"
< 2021-09-30
Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05 Firmware" and version " < 2021-09-30"
-
Affected
in Lenovo
Search vendor "Lenovo"
Ideacentre Aio 5-74imb05
Search vendor "Lenovo" for product "Ideacentre Aio 5-74imb05"
--
Safe