MEDIUM🇬🇧 English

CVE-2021-3956

CVSS 4.3v3.1pub. 2022-05-18upd. 2024-11-21

A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Lenovo Thinkagile Hx1320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1520 R

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx1521 R

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2320 E

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx2321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3321

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3375

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3376

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3520 G

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx3521 G

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5520

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5520 C

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5521

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx5521 C

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7520

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7521

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7820

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx7821

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Mx1021

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx2320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx3320

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx3520 G

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx5520

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx7320 N

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx7520

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx7520 N

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkstation P920

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem Sd650

    HW
    Lenovo
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2017-17833CRITICAL9.8ten sam produkt

OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may man...

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-4607HIGH7.5ten sam produkt

An authenticated XCC user can change permissions for any user through a crafted API command.

CVE-2023-4606HIGH8.1ten sam produkt

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted A...

CVE-2023-0683HIGH8.3ten sam produkt

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically craf...

CVE-2021-3956 — MEDIUM 4.3 | CVEbaza.pl