Lucene search

[email protected]CVE-2021-3453

HistoryJul 16, 2021 - 9:15 p.m.

CVE-2021-3453

2021-07-1621:15:10

CWE-693

[email protected]

web.nvd.nist.gov

lenovo

bios

intel boot guard

spi flash

security vulnerability

cve-2021-3453

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Affected configurations

NVD

Node

lenovothinkpad_helix_firmwareMatchn17etb4w

AND

lenovothinkpad_helixMatch-

Node

lenovothinkpad_t550_firmwareMatchn11et53w

AND

lenovothinkpad_t550Match-

Node

lenovothinkpad_w550s_firmwareMatchn11et53w

AND

lenovothinkpad_w550sMatch-

Node

lenovothinkpad_x1_carbon_3rd_gen_firmwareMatchn14et55w

AND

lenovothinkpad_x1_carbon_3rd_genMatch-

Node

lenovothinkpad_x250_firmwareMatchn10et62w

AND

lenovothinkpad_x250Match-

Node

lenovothinkpad_yoga_15_firmwareMatchn19et65w

AND

lenovothinkpad_yoga_15Match-

Node

lenovo730s-13iml_firmwareMatch-

AND

lenovo730s-13imlMatch-

Node

lenovoideapad_1-11igl05_firmwareMatch-

AND

lenovoideapad_1-11igl05Match-

Node

lenovoideapad_1-14igl05_firmwareMatch-

AND

lenovoideapad_1-14igl05Match-

Node

lenovoideapad_s940-14iil_firmwareMatch-

AND

lenovoideapad_s940-14iilMatch-

Node

lenovoideapad_s940-14iwl_firmwareMatch-

AND

lenovoideapad_s940-14iwlMatch-

Node

lenovoideapad_slim_1-11ast-05_firmwareMatch-

AND

lenovoideapad_slim_1-11ast-05Match-

Node

lenovoideapad_slim_1-14ast-05_firmwareMatch-

AND

lenovoideapad_slim_1-14ast-05Match-

Node

lenovov130-15igm_firmwareMatch-

AND

lenovov130-15igmMatch-

Node

lenovov330-15ikb_firmwareMatch-

AND

lenovov330-15ikbMatch-

Node

lenovov330-15isk_firmwareMatch-

AND

lenovov330-15iskMatch-

Node

lenovoyoga_s730-13iml_firmwareMatch-

AND

lenovoyoga_s730-13imlMatch-

Node

lenovoyoga_s940-14iil_firmwareMatch-

AND

lenovoyoga_s940-14iilMatch-

Node

lenovoyoga_s940-14iwl_firmwareMatch-

AND

lenovoyoga_s940-14iwlMatch-

Node

lenovoideacentre_aio_5-24imb05_firmwareRange<2021-09-30

AND

lenovoideacentre_aio_5-24imb05Match-

Node

lenovoideacentre_aio_5-74imb05_firmwareRange<2021-09-30

AND

lenovoideacentre_aio_5-74imb05Match-

CPENameOperatorVersion
lenovo:thinkpad_helix_firmwarelenovo thinkpad helix firmwareeqn17etb4w

CPE	Name	Operator	Version
lenovo:thinkpad_helix_firmware	lenovo thinkpad helix firmware	eq	n17etb4w

CNA Affected

[
  {
    "product": "BIOS",
    "vendor": "Lenovo",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

References

support.lenovo.com/us/en/product_security/LEN-65529

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for CVE-2021-3453

nvd1 prion1 cvelist1 lenovo1