Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-3453
HistoryJul 16, 2021 - 9:15 p.m.

CVE-2021-3453

2021-07-1621:15:10
CWE-693
[email protected]
web.nvd.nist.gov
3
lenovo
bios
physical access

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

25.0%

JSON

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Affected configurations

Nvd
Node
lenovothinkpad_helix_firmwareMatchn17etb4w
AND
lenovothinkpad_helixMatch-
Node
lenovothinkpad_t550_firmwareMatchn11et53w
AND
lenovothinkpad_t550Match-
Node
lenovothinkpad_w550s_firmwareMatchn11et53w
AND
lenovothinkpad_w550sMatch-
Node
lenovothinkpad_x1_carbon_3rd_gen_firmwareMatchn14et55w
AND
lenovothinkpad_x1_carbon_3rd_genMatch-
Node
lenovothinkpad_x250_firmwareMatchn10et62w
AND
lenovothinkpad_x250Match-
Node
lenovothinkpad_yoga_15_firmwareMatchn19et65w
AND
lenovothinkpad_yoga_15Match-
Node
lenovo730s-13iml_firmwareMatch-
AND
lenovo730s-13imlMatch-
Node
lenovoideapad_1-11igl05_firmwareMatch-
AND
lenovoideapad_1-11igl05Match-
Node
lenovoideapad_1-14igl05_firmwareMatch-
AND
lenovoideapad_1-14igl05Match-
Node
lenovoideapad_s940-14iil_firmwareMatch-
AND
lenovoideapad_s940-14iilMatch-
Node
lenovoideapad_s940-14iwl_firmwareMatch-
AND
lenovoideapad_s940-14iwlMatch-
Node
lenovoideapad_slim_1-11ast-05_firmwareMatch-
AND
lenovoideapad_slim_1-11ast-05Match-
Node
lenovoideapad_slim_1-14ast-05_firmwareMatch-
AND
lenovoideapad_slim_1-14ast-05Match-
Node
lenovov130-15igm_firmwareMatch-
AND
lenovov130-15igmMatch-
Node
lenovov330-15ikb_firmwareMatch-
AND
lenovov330-15ikbMatch-
Node
lenovov330-15isk_firmwareMatch-
AND
lenovov330-15iskMatch-
Node
lenovoyoga_s730-13iml_firmwareMatch-
AND
lenovoyoga_s730-13imlMatch-
Node
lenovoyoga_s940-14iil_firmwareMatch-
AND
lenovoyoga_s940-14iilMatch-
Node
lenovoyoga_s940-14iwl_firmwareMatch-
AND
lenovoyoga_s940-14iwlMatch-
Node
lenovoideacentre_aio_5-24imb05_firmwareRange<2021-09-30
AND
lenovoideacentre_aio_5-24imb05Match-
Node
lenovoideacentre_aio_5-74imb05_firmwareRange<2021-09-30
AND
lenovoideacentre_aio_5-74imb05Match-
VendorProductVersionCPE
lenovothinkpad_helix_firmwaren17etb4wcpe:2.3:o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*
lenovothinkpad_helix-cpe:2.3:h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*
lenovothinkpad_t550_firmwaren11et53wcpe:2.3:o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*
lenovothinkpad_t550-cpe:2.3:h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*
lenovothinkpad_w550s_firmwaren11et53wcpe:2.3:o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*
lenovothinkpad_w550s-cpe:2.3:h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*
lenovothinkpad_x1_carbon_3rd_gen_firmwaren14et55wcpe:2.3:o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*
lenovothinkpad_x1_carbon_3rd_gen-cpe:2.3:h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*
lenovothinkpad_x250_firmwaren10et62wcpe:2.3:o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*
lenovothinkpad_x250-cpe:2.3:h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 421

Related

cvelist 1
prion 1
cve 1
lenovo 1
cvelist
cvelist
CVE-2021-3453
2021-07-16 20:30:17
prion
prion
Code injection
2021-07-16 21:15:00
cve
cve
CVE-2021-3453
2021-07-16 21:15:10
lenovo
lenovo
Lenovo BIOS Vulnerabilities (July 2021) - Lenovo Support NL
2021-07-13 17:34:05

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

25.0%

JSON
Related for NVD:CVE-2021-3453
cvelist1prion1cve1lenovo1