CRITICAL🇬🇧 English

CVE-2021-3849

CVSS 9.8v3.1pub. 2022-04-22upd. 2024-11-21

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Nextscale Fan Power Controller

    HW
    Ibm
    wszystkie wersje
  • IBM Nextscale Fan Power Controller Firmware

    OS
    Ibm
    < 44a-3.70
  • Lenovo Nextscale N1200 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Nextscale N1200 Enclosure Firmware

    OS
    Lenovo
    < fhet50b-2.90
  • Lenovo Thinkagile Hx Enclosure Certified Node

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx Enclosure Certified Node Firmware

    OS
    Lenovo
    < tesm28b-1.21
  • Lenovo Thinkagile Vx Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx Enclosure Firmware

    OS
    Lenovo
    < tesm28b-1.21
  • Lenovo Thinksystem D2 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem D2 Enclosure Firmware

    OS
    Lenovo
    < tesm28b-1.21
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2021-3897CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controlle...

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-2992HIGH7.5ten sam produkt

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web serve...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...

CVE-2023-2993MEDIUM5.4ten sam produkt

A valid, authenticated user with limited privileges may be able to use specifically crafted web management ser...