9.8
CVE-2021-3849
- EPSS 0.7%
- Veröffentlicht 22.04.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:38
- Quelle psirt@lenovo.com
- CVE-Watchlists
- Unerledigt
LoginAn authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ Nextscale N1200 Enclosure Firmware Version < fhet50b-2.90
Lenovo ≫ Thinkagile Hx Enclosure Certified Node Firmware Version < tesm28b-1.21
Lenovo ≫ Thinkagile Vx Enclosure Firmware Version < tesm28b-1.21
Lenovo ≫ Thinksystem D2 Enclosure Firmware Version < tesm28b-1.21
Ibm ≫ Nextscale Fan Power Controller Firmware Version < 44a-3.70
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@lenovo.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.