What is CVE-2021-3453?

CVE-2021-3453 is a medium-severity vulnerability in Lenovo 730s-13iml, classified under Protection Mechanism Failure. CVSS score: 6.8/10. Published 2021-07-16.

How severe is CVE-2021-3453?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Lenovo 730s-13iml

CVE-2021-3453

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

EPSS: 0.002 (14.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Lenovo 730s-13iml
Lenovo 730s-13iml_firmware
Lenovo Bios — versions various
Lenovo Ideacentre_aio_5-24imb05
Lenovo Ideacentre_aio_5-24imb05_firmware
Lenovo Ideacentre_aio_5-74imb05
Lenovo Ideacentre_aio_5-74imb05_firmware
Lenovo Ideapad_1-11igl05
Lenovo Ideapad_1-11igl05_firmware
Lenovo Ideapad_1-14igl05

Weakness classification (CWE)

CWE-693 — Protection Mechanism Failure

References

psirt@lenovo.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-3453?: CVE-2021-3453 is a medium-severity vulnerability in Lenovo 730s-13iml, classified under Protection Mechanism Failure. CVSS score: 6.8/10. Published 2021-07-16.
How severe is CVE-2021-3453?: Medium severity. CVSS v3 base score is 6.8 out of 10.