9.8
CVE-2021-3897
- EPSS 0.36%
- Veröffentlicht 22.04.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:43
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ Nextscale N1200 Enclosure Firmware Version < fhet50b-2.90
Lenovo ≫ Thinkagile Hx Enclosure Certified Node Firmware Version < tesm28b-1.21
Lenovo ≫ Thinkagile Vx Enclosure Firmware Version < tesm28b-1.21
Lenovo ≫ Thinksystem D2 Enclosure Firmware Version < tesm28b-1.21
Ibm ≫ Nextscale Fan Power Controller Firmware Version < 44a-3.70
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.577 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| psirt@lenovo.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.