CVE-2021-3453

EPSS 0.05%
Published 16.07.2021 21:15:10
Last modified 21.11.2024 06:21:34
Source psirt@lenovo.com
Teams watchlist Login
Open Login

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Lenovo ≫ Thinkpad Helix Firmware Versionn17etb4w

Lenovo ≫ Thinkpad Helix Version-

Lenovo ≫ Thinkpad T550 Firmware Versionn11et53w

Lenovo ≫ Thinkpad T550 Version-

Lenovo ≫ Thinkpad W550s Firmware Versionn11et53w

Lenovo ≫ Thinkpad W550s Version-

Lenovo ≫ Thinkpad X1 Carbon 3rd Gen Firmware Versionn14et55w

Lenovo ≫ Thinkpad X1 Carbon 3rd Gen Version-

Lenovo ≫ Thinkpad X250 Firmware Versionn10et62w

Lenovo ≫ Thinkpad X250 Version-

Lenovo ≫ Thinkpad Yoga 15 Firmware Versionn19et65w

Lenovo ≫ Thinkpad Yoga 15 Version-

Lenovo ≫ 730s-13iml Firmware Version-

Lenovo ≫ 730s-13iml Version-

Lenovo ≫ Ideapad 1-11igl05 Firmware Version-

Lenovo ≫ Ideapad 1-11igl05 Version-

Lenovo ≫ Ideapad 1-14igl05 Firmware Version-

Lenovo ≫ Ideapad 1-14igl05 Version-

Lenovo ≫ Ideapad S940-14iil Firmware Version-

Lenovo ≫ Ideapad S940-14iil Version-

Lenovo ≫ Ideapad S940-14iwl Firmware Version-

Lenovo ≫ Ideapad S940-14iwl Version-

Lenovo ≫ Ideapad Slim 1-11ast-05 Firmware Version-

Lenovo ≫ Ideapad Slim 1-11ast-05 Version-

Lenovo ≫ Ideapad Slim 1-14ast-05 Firmware Version-

Lenovo ≫ Ideapad Slim 1-14ast-05 Version-

Lenovo ≫ V130-15igm Firmware Version-

Lenovo ≫ V130-15igm Version-

Lenovo ≫ V330-15ikb Firmware Version-

Lenovo ≫ V330-15ikb Version-

Lenovo ≫ V330-15isk Firmware Version-

Lenovo ≫ V330-15isk Version-

Lenovo ≫ Yoga S730-13iml Firmware Version-

Lenovo ≫ Yoga S730-13iml Version-

Lenovo ≫ Yoga S940-14iil Firmware Version-

Lenovo ≫ Yoga S940-14iil Version-

Lenovo ≫ Yoga S940-14iwl Firmware Version-

Lenovo ≫ Yoga S940-14iwl Version-

Lenovo ≫ Ideacentre Aio 5-24imb05 Firmware Version < 2021-09-30

Lenovo ≫ Ideacentre Aio 5-24imb05 Version-

Lenovo ≫ Ideacentre Aio 5-74imb05 Firmware Version < 2021-09-30

Lenovo ≫ Ideacentre Aio 5-74imb05 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.116

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N
psirt@lenovo.com	6.8	0.9	5.9	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

https://support.lenovo.com/us/en/product_security/LEN-65529

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3453

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3453

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3453

EUVD