CVE-2021-3956

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-05-2022 06:15

Last modified: - 06-06-2022 08:28

Total changes: - 2

Description

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind�?, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind�? and/or “anonymous bind�? are not affected.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

5.3

Base score

3.9

1.4

Exploitability score

Impact score

Verification logic

AND

vendor=lenovo AND product=xclarity_controller AND versionEndExcluding=7.22_cdi382o

vendor=lenovo AND product=thinkstation_p920 AND version=-

vendor=lenovo AND product=thinksystem_sr630 AND version=-

vendor=lenovo AND product=thinksystem_sr530 AND version=-

vendor=lenovo AND product=thinksystem_sr550 AND version=-

vendor=lenovo AND product=thinksystem_sr570 AND version=-

vendor=lenovo AND product=thinksystem_sr590 AND version=-

vendor=lenovo AND product=thinksystem_sr650 AND version=-

vendor=lenovo AND product=thinksystem_st550 AND version=-

vendor=lenovo AND product=thinkagile_hx1320 AND version=-

vendor=lenovo AND product=thinkagile_hx1321 AND version=-

vendor=lenovo AND product=thinkagile_hx1520-r AND version=-

vendor=lenovo AND product=thinkagile_hx1521-r AND version=-

vendor=lenovo AND product=thinkagile_hx2320-e AND version=-

vendor=lenovo AND product=thinkagile_hx2321 AND version=-

vendor=lenovo AND product=thinkagile_hx3320 AND version=-

vendor=lenovo AND product=thinkagile_hx3321 AND version=-

vendor=lenovo AND product=thinkagile_hx3375 AND version=-

vendor=lenovo AND product=thinkagile_hx3520-g AND version=-

vendor=lenovo AND product=thinkagile_hx3521-g AND version=-

vendor=lenovo AND product=thinkagile_hx5520 AND version=-

vendor=lenovo AND product=thinkagile_hx5520-c AND version=-

vendor=lenovo AND product=thinkagile_hx5521 AND version=-

vendor=lenovo AND product=thinkagile_hx5521-c AND version=-

vendor=lenovo AND product=thinkagile_hx7520 AND version=-

vendor=lenovo AND product=thinkagile_hx7521 AND version=-

vendor=lenovo AND product=thinkagile_vx2320 AND version=-

vendor=lenovo AND product=thinkagile_vx3320 AND version=-

vendor=lenovo AND product=thinkagile_vx3520-g AND version=-

vendor=lenovo AND product=thinkagile_vx5520 AND version=-

vendor=lenovo AND product=thinkagile_vx7520 AND version=-

vendor=lenovo AND product=thinkagile_hx3376 AND version=-

vendor=lenovo AND product=thinkagile_vx7320_n AND version=-

vendor=lenovo AND product=thinkagile_vx7520_n AND version=-

vendor=lenovo AND product=thinksystem_sr645 AND version=-

vendor=lenovo AND product=thinksystem_sr665 AND version=-

AND

vendor=lenovo AND product=xclarity_controller AND versionEndExcluding=2.32_psi342n

vendor=lenovo AND product=thinksystem_sr950 AND version=-

vendor=lenovo AND product=thinkagile_hx7820 AND version=-

vendor=lenovo AND product=thinkagile_hx7821 AND version=-

AND

vendor=lenovo AND product=xclarity_controller AND versionEndExcluding=3.41_tei382m

vendor=lenovo AND product=thinksystem_se350 AND version=-

vendor=lenovo AND product=thinkagile_mx1021 AND version=-

AND

vendor=lenovo AND product=xclarity_controller AND versionEndExcluding=4.83_tei3c0n

vendor=lenovo AND product=thinksystem_sd650 AND version=-

vendor=lenovo AND product=thinksystem_sn550 AND version=-

vendor=lenovo AND product=thinksystem_sn850 AND version=-

vendor=lenovo AND product=thinksystem_sr850 AND version=-

vendor=lenovo AND product=thinksystem_sr860 AND version=-

AND

vendor=lenovo AND product=xclarity_controller AND versionEndExcluding=1.51_tgbt24l

vendor=lenovo AND product=thinksystem_sr860 AND version=2.0

vendor=lenovo AND product=thinksystem_sr850 AND version=2.0

Reference

N/A-Vendor Advisory

Keywords

CVE-2021-3956

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-3956

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures