Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Published

2021-07-16T21:15:10.683

Last Modified

2024-11-21T06:21:34.380

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-693
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	lenovo	thinkpad_helix_firmware	n17etb4w	Yes
Hardware	lenovo	thinkpad_helix	-	No
Operating System	lenovo	thinkpad_t550_firmware	n11et53w	Yes
Hardware	lenovo	thinkpad_t550	-	No
Operating System	lenovo	thinkpad_w550s_firmware	n11et53w	Yes
Hardware	lenovo	thinkpad_w550s	-	No
Operating System	lenovo	thinkpad_x1_carbon_3rd_gen_firmware	n14et55w	Yes
Hardware	lenovo	thinkpad_x1_carbon_3rd_gen	-	No
Operating System	lenovo	thinkpad_x250_firmware	n10et62w	Yes
Hardware	lenovo	thinkpad_x250	-	No
Operating System	lenovo	thinkpad_yoga_15_firmware	n19et65w	Yes
Hardware	lenovo	thinkpad_yoga_15	-	No
Operating System	lenovo	730s-13iml_firmware	-	Yes
Hardware	lenovo	730s-13iml	-	No
Operating System	lenovo	ideapad_1-11igl05_firmware	-	Yes
Hardware	lenovo	ideapad_1-11igl05	-	No
Operating System	lenovo	ideapad_1-14igl05_firmware	-	Yes
Hardware	lenovo	ideapad_1-14igl05	-	No
Operating System	lenovo	ideapad_s940-14iil_firmware	-	Yes
Hardware	lenovo	ideapad_s940-14iil	-	No
Operating System	lenovo	ideapad_s940-14iwl_firmware	-	Yes
Hardware	lenovo	ideapad_s940-14iwl	-	No
Operating System	lenovo	ideapad_slim_1-11ast-05_firmware	-	Yes
Hardware	lenovo	ideapad_slim_1-11ast-05	-	No
Operating System	lenovo	ideapad_slim_1-14ast-05_firmware	-	Yes
Hardware	lenovo	ideapad_slim_1-14ast-05	-	No
Operating System	lenovo	v130-15igm_firmware	-	Yes
Hardware	lenovo	v130-15igm	-	No
Operating System	lenovo	v330-15ikb_firmware	-	Yes
Hardware	lenovo	v330-15ikb	-	No
Operating System	lenovo	v330-15isk_firmware	-	Yes
Hardware	lenovo	v330-15isk	-	No
Operating System	lenovo	yoga_s730-13iml_firmware	-	Yes
Hardware	lenovo	yoga_s730-13iml	-	No
Operating System	lenovo	yoga_s940-14iil_firmware	-	Yes
Hardware	lenovo	yoga_s940-14iil	-	No
Operating System	lenovo	yoga_s940-14iwl_firmware	-	Yes
Hardware	lenovo	yoga_s940-14iwl	-	No
Operating System	lenovo	ideacentre_aio_5-24imb05_firmware	< 2021-09-30	Yes
Hardware	lenovo	ideacentre_aio_5-24imb05	-	No
Operating System	lenovo	ideacentre_aio_5-74imb05_firmware	< 2021-09-30	Yes
Hardware	lenovo	ideacentre_aio_5-74imb05	-	No

References

https://support.lenovo.com/us/en/product_security/LEN-65529 Vendor Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/LEN-65529 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)