CVE-2021-3453

CWE-6933 documents3 sources

Severity

4.6MEDIUM

EPSS

0.0%

top 85.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lenovo Ideacentre AIO 5-24imb05 Firmware Lenovo Ideacentre AIO 5-74imb05 Firmware Lenovo Bios +6 more

Timeline

PublishedJul 16

Latest updateMay 24

Description

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages9 packages

▶CVEListV5lenovo/biosvarious

▶NVDlenovo/thinkpad_t550_firmwaren11et53w

▶NVDlenovo/thinkpad_x250_firmwaren10et62w

▶NVDlenovo/thinkpad_helix_firmwaren17etb4w

▶NVDlenovo/thinkpad_w550s_firmwaren11et53w

🔴Vulnerability Details

GHSA

GHSA-rm7h-f39f-xc8f: Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physica↗2022-05-24

▶

CVEList

CVE-2021-3453: Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physica↗2021-07-16

▶