CVE-2021-3453

6.8 MEDIUM

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker...

Published: 2021-07-16 · Last updated: 2026-06-17

Severity and scoring

CVSS: 6.8 MEDIUM
Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693

Affected products

Vendor	Product
lenovo	730s-13iml_firmware, ideacentre_aio_5-24imb05_firmware, ideacentre_aio_5-74imb05_firmware

Description

Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3453
[Vendor advisory]https://support.lenovo.com/us/en/product_security/LEN-65529
[Vendor advisory]https://support.lenovo.com/us/en/product_security/LEN-65529

Related CVEs

Same vendor

CVE-2025-13454 — A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to ... (5.5 MEDIUM)
CVE-2025-13453 — A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on t... (4.6 MEDIUM)
CVE-2022-0354 — A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute ... (7.3 HIGH)
CVE-2021-3633 — A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation (7.3 HIGH)
CVE-2021-3617 — A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted net... (7.2 HIGH)

Same CWE

CVE-2026-53853 — OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers to execute disallowe... (8.3 HIGH)
CVE-2026-53845 — OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-... (4.3 MEDIUM)
CVE-2026-12316 — Mitigation bypass in the DOM: Security component (9.1 CRITICAL)
CVE-2026-12315 — Mitigation bypass in the DOM: Security component (9.1 CRITICAL)
CVE-2026-12302 — Mitigation bypass in the DOM: Security component (6.5 MEDIUM)