1. Home
  2. CVE Database
  3. CVE-2021-3453
MEDIUM · 6.8

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash sto...

Vulnerability Description

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LenovoThinkpad Helix Firmwaren17etb4w
LenovoThinkpad Helix-
LenovoThinkpad T550 Firmwaren11et53w
LenovoThinkpad T550-
LenovoThinkpad W550S Firmwaren11et53w
LenovoThinkpad W550S-
LenovoThinkpad X1 Carbon 3Rd Gen Firmwaren14et55w
LenovoThinkpad X1 Carbon 3Rd Gen-
LenovoThinkpad X250 Firmwaren10et62w
LenovoThinkpad X250-
LenovoThinkpad Yoga 15 Firmwaren19et65w
LenovoThinkpad Yoga 15-
Lenovo730S-13Iml Firmware-
Lenovo730S-13Iml-
LenovoIdeapad 1-11Igl05 Firmware-
LenovoIdeapad 1-11Igl05-
LenovoIdeapad 1-14Igl05 Firmware-
LenovoIdeapad 1-14Igl05-
LenovoIdeapad S940-14Iil Firmware-
LenovoIdeapad S940-14Iil-

Related Weaknesses (CWE)

CWE-693

References

FAQ

What is CVE-2021-3453?

CVE-2021-3453 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash sto...

How severe is CVE-2021-3453?

CVE-2021-3453 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3453?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Thinkpad Helix Firmware, Lenovo Thinkpad Helix, Lenovo Thinkpad T550 Firmware, Lenovo Thinkpad T550, Lenovo Thinkpad W550S Firmware.