CVE-2021-3849

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 22-04-2022 11:15

Last modified: - 09-05-2022 03:33

Total changes: - 3

Description

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=lenovo AND product=nextscale_n1200_enclosure_firmware AND versionEndExcluding=fhet50b-2.90

vendor=lenovo AND product=nextscale_n1200_enclosure AND version=-

AND

vendor=lenovo AND product=thinkagile_hx_enclosure_certified_node_firmware AND versionEndExcluding=tesm28b-1.21

vendor=lenovo AND product=thinkagile_hx_enclosure_certified_node AND version=-

AND

vendor=lenovo AND product=thinkagile_vx_enclosure_firmware AND versionEndExcluding=tesm28b-1.21

vendor=lenovo AND product=thinkagile_vx_enclosure AND version=-

AND

vendor=lenovo AND product=thinksystem_d2_enclosure_firmware AND versionEndExcluding=tesm28b-1.21

vendor=lenovo AND product=thinksystem_d2_enclosure AND version=-

AND

vendor=ibm AND product=nextscale_fan_power_controller_firmware AND versionEndExcluding=44a-3.70

vendor=ibm AND product=nextscale_fan_power_controller AND version=-

Reference

N/A-Vendor Advisory

Keywords

CVE-2021-3849

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-3849

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures