Vulnerability Details : CVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
Products affected by CVE-2021-3453
- cpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3453
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3453
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
0.9
|
3.6
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
Lenovo Group Ltd. |
CWE ids for CVE-2021-3453
-
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.Assigned by: psirt@lenovo.com (Secondary)
References for CVE-2021-3453
-
https://support.lenovo.com/us/en/product_security/LEN-65529
Lenovo BIOS Vulnerabilities (July 2021) - Lenovo Support NLVendor Advisory
Jump to