CVE-2021-42852

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-05-2022 06:15

Last modified: - 26-05-2022 06:52

Total changes: - 2

Description

A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an authenticated user to execute operating system commands by sending a crafted packet to the device.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Adjacent

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

8.0

Base score

2.1

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=lenovo AND product=a1_firmware AND versionEndExcluding=5.3.6.a1

vendor=lenovo AND product=a1 AND version=-

AND

vendor=lenovo AND product=t1_firmware AND versionEndExcluding=5.3.6.t1

vendor=lenovo AND product=t1 AND version=-

AND

vendor=lenovo AND product=x1_firmware AND versionEndExcluding=5.3.8.x1

vendor=lenovo AND product=x1 AND version=-

AND

vendor=lenovo AND product=t2_firmware AND versionEndExcluding=5.3.8.t2

vendor=lenovo AND product=t2 AND version=-

AND

vendor=lenovo AND product=t2pro_firmware AND versionEndExcluding=5.3.7.t2-pro

vendor=lenovo AND product=t2pro AND version=-

Reference

N/A-Vendor Advisory

Keywords

CVE-2021-42852

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-42852

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures