{"containers":{"cna":{"affected":[{"product":"BIOS","vendor":"Lenovo","versions":[{"status":"affected","version":"various"}]}],"credits":[{"lang":"en","value":"Lenovo thanks Binarly efiXplorer team for reporting these issues."}],"descriptions":[{"lang":"en","value":"Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"PHYSICAL","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-693","description":"CWE-693 Protection Mechanism Failure","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-07-16T20:30:17.000Z","orgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","shortName":"lenovo"},"references":[{"tags":["x_refsource_MISC"],"url":"https://support.lenovo.com/us/en/product_security/LEN-65529"}],"solutions":[{"lang":"en","value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."}],"source":{"advisory":"LEN-65529","discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@lenovo.com","ID":"CVE-2021-3453","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BIOS","version":{"version_data":[{"version_affected":"=","version_value":"various"}]}}]},"vendor_name":"Lenovo"}]}},"credit":[{"lang":"eng","value":"Lenovo thanks Binarly efiXplorer team for reporting these issues."}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"PHYSICAL","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-693 Protection Mechanism Failure"}]}]},"references":{"reference_data":[{"name":"https://support.lenovo.com/us/en/product_security/LEN-65529","refsource":"MISC","url":"https://support.lenovo.com/us/en/product_security/LEN-65529"}]},"solution":[{"lang":"en","value":"Update system firmware to the version (or newer) indicated for your model in the Product Impact section of LEN-65529."}],"source":{"advisory":"LEN-65529","discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T16:53:17.675Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://support.lenovo.com/us/en/product_security/LEN-65529"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-16T17:55:59.636899Z","id":"CVE-2021-3453","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-16T17:56:22.882Z"}}]},"cveMetadata":{"assignerOrgId":"da227ddf-6e25-4b41-b023-0f976dcaca4b","assignerShortName":"lenovo","cveId":"CVE-2021-3453","datePublished":"2021-07-16T20:30:17.000Z","dateReserved":"2021-03-19T00:00:00.000Z","dateUpdated":"2025-12-16T17:56:22.882Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"}