Vulnerability Name:

CVE-2021-3453 (CCN-205723)

Assigned:2021-07-13
Published:2021-07-13
Updated:2021-07-30
Summary:Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.
CVSS v3 Severity:4.6 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
4.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-3453

Source: XF
Type: UNKNOWN
lenovo-cve20213453-sec-bypass(205723)

Source: CCN
Type: Lenovo Security Advisory: LEN-65529
Lenovo BIOS Vulnerabilities (July 2021)

Source: MISC
Type: Vendor Advisory
https://support.lenovo.com/us/en/product_security/LEN-65529

Vulnerable Configuration:Configuration 1:
  • cpe:/o:lenovo:thinkpad_helix_firmware:n17etb4w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_helix:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:lenovo:thinkpad_t550_firmware:n11et53w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_t550:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:lenovo:thinkpad_w550s_firmware:n11et53w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_w550s:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:lenovo:thinkpad_x1_carbon_3rd_gen_firmware:n14et55w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_x1_carbon_3rd_gen:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:lenovo:thinkpad_x250_firmware:n10et62w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_x250:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:lenovo:thinkpad_yoga_15_firmware:n19et65w:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:thinkpad_yoga_15:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:lenovo:730s-13iml_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:730s-13iml:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:lenovo:ideapad_1-11igl05_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_1-11igl05:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:lenovo:ideapad_1-14igl05_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_1-14igl05:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:lenovo:ideapad_s940-14iil_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_s940-14iil:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:lenovo:ideapad_s940-14iwl_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_s940-14iwl:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:lenovo:ideapad_slim_1-11ast-05_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_slim_1-11ast-05:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:lenovo:ideapad_slim_1-14ast-05_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:ideapad_slim_1-14ast-05:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:lenovo:v130-15igm_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:v130-15igm:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:lenovo:v330-15ikb_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:v330-15ikb:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:lenovo:v330-15isk_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:v330-15isk:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:lenovo:yoga_s730-13iml_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:yoga_s730-13iml:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:lenovo:yoga_s940-14iil_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:yoga_s940-14iil:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:lenovo:yoga_s940-14iwl_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:lenovo:yoga_s940-14iwl:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:lenovo:ideacentre_aio_5-24imb05_firmware:*:*:*:*:*:*:*:* (Version < 2021-09-30)
  • AND
  • cpe:/h:lenovo:ideacentre_aio_5-24imb05:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:lenovo:ideacentre_aio_5-74imb05_firmware:*:*:*:*:*:*:*:* (Version < 2021-09-30)
  • AND
  • cpe:/h:lenovo:ideacentre_aio_5-74imb05:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    lenovo thinkpad helix firmware n17etb4w
    lenovo thinkpad helix -
    lenovo thinkpad t550 firmware n11et53w
    lenovo thinkpad t550 -
    lenovo thinkpad w550s firmware n11et53w
    lenovo thinkpad w550s -
    lenovo thinkpad x1 carbon 3rd gen firmware n14et55w
    lenovo thinkpad x1 carbon 3rd gen -
    lenovo thinkpad x250 firmware n10et62w
    lenovo thinkpad x250 -
    lenovo thinkpad yoga 15 firmware n19et65w
    lenovo thinkpad yoga 15 -
    lenovo 730s-13iml firmware -
    lenovo 730s-13iml -
    lenovo ideapad 1-11igl05 firmware -
    lenovo ideapad 1-11igl05 -
    lenovo ideapad 1-14igl05 firmware -
    lenovo ideapad 1-14igl05 -
    lenovo ideapad s940-14iil firmware -
    lenovo ideapad s940-14iil -
    lenovo ideapad s940-14iwl firmware -
    lenovo ideapad s940-14iwl -
    lenovo ideapad slim 1-11ast-05 firmware -
    lenovo ideapad slim 1-11ast-05 -
    lenovo ideapad slim 1-14ast-05 firmware -
    lenovo ideapad slim 1-14ast-05 -
    lenovo v130-15igm firmware -
    lenovo v130-15igm -
    lenovo v330-15ikb firmware -
    lenovo v330-15ikb -
    lenovo v330-15isk firmware -
    lenovo v330-15isk -
    lenovo yoga s730-13iml firmware -
    lenovo yoga s730-13iml -
    lenovo yoga s940-14iil firmware -
    lenovo yoga s940-14iil -
    lenovo yoga s940-14iwl firmware -
    lenovo yoga s940-14iwl -
    lenovo ideacentre aio 5-24imb05 firmware *
    lenovo ideacentre aio 5-24imb05 -
    lenovo ideacentre aio 5-74imb05 firmware *
    lenovo ideacentre aio 5-74imb05 -