5.3
CVE-2021-3956
- EPSS 0.18%
- Veröffentlicht 18.05.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:23:13
- Quelle psirt@lenovo.com
- Teams Watchlist Login
- Unerledigt Login
A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lenovo ≫ Xclarity Controller Version < 7.22_cdi382o
Lenovo ≫ Thinkagile Hx1320 Version-
Lenovo ≫ Thinkagile Hx1321 Version-
Lenovo ≫ Thinkagile Hx1520-r Version-
Lenovo ≫ Thinkagile Hx1521-r Version-
Lenovo ≫ Thinkagile Hx2320-e Version-
Lenovo ≫ Thinkagile Hx2321 Version-
Lenovo ≫ Thinkagile Hx3320 Version-
Lenovo ≫ Thinkagile Hx3321 Version-
Lenovo ≫ Thinkagile Hx3375 Version-
Lenovo ≫ Thinkagile Hx3376 Version-
Lenovo ≫ Thinkagile Hx3520-g Version-
Lenovo ≫ Thinkagile Hx3521-g Version-
Lenovo ≫ Thinkagile Hx5520 Version-
Lenovo ≫ Thinkagile Hx5520-c Version-
Lenovo ≫ Thinkagile Hx5521 Version-
Lenovo ≫ Thinkagile Hx5521-c Version-
Lenovo ≫ Thinkagile Hx7520 Version-
Lenovo ≫ Thinkagile Hx7521 Version-
Lenovo ≫ Thinkagile Vx2320 Version-
Lenovo ≫ Thinkagile Vx3320 Version-
Lenovo ≫ Thinkagile Vx3520-g Version-
Lenovo ≫ Thinkagile Vx5520 Version-
Lenovo ≫ Thinkagile Vx7320 N Version-
Lenovo ≫ Thinkagile Vx7520 Version-
Lenovo ≫ Thinkagile Vx7520 N Version-
Lenovo ≫ Thinkstation P920 Version-
Lenovo ≫ Thinksystem Sr530 Version-
Lenovo ≫ Thinksystem Sr550 Version-
Lenovo ≫ Thinksystem Sr570 Version-
Lenovo ≫ Thinksystem Sr590 Version-
Lenovo ≫ Thinksystem Sr630 Version-
Lenovo ≫ Thinksystem Sr645 Version-
Lenovo ≫ Thinksystem Sr650 Version-
Lenovo ≫ Thinksystem Sr665 Version-
Lenovo ≫ Thinksystem St550 Version-
Lenovo ≫ Thinkagile Hx1321 Version-
Lenovo ≫ Thinkagile Hx1520-r Version-
Lenovo ≫ Thinkagile Hx1521-r Version-
Lenovo ≫ Thinkagile Hx2320-e Version-
Lenovo ≫ Thinkagile Hx2321 Version-
Lenovo ≫ Thinkagile Hx3320 Version-
Lenovo ≫ Thinkagile Hx3321 Version-
Lenovo ≫ Thinkagile Hx3375 Version-
Lenovo ≫ Thinkagile Hx3376 Version-
Lenovo ≫ Thinkagile Hx3520-g Version-
Lenovo ≫ Thinkagile Hx3521-g Version-
Lenovo ≫ Thinkagile Hx5520 Version-
Lenovo ≫ Thinkagile Hx5520-c Version-
Lenovo ≫ Thinkagile Hx5521 Version-
Lenovo ≫ Thinkagile Hx5521-c Version-
Lenovo ≫ Thinkagile Hx7520 Version-
Lenovo ≫ Thinkagile Hx7521 Version-
Lenovo ≫ Thinkagile Vx2320 Version-
Lenovo ≫ Thinkagile Vx3320 Version-
Lenovo ≫ Thinkagile Vx3520-g Version-
Lenovo ≫ Thinkagile Vx5520 Version-
Lenovo ≫ Thinkagile Vx7320 N Version-
Lenovo ≫ Thinkagile Vx7520 Version-
Lenovo ≫ Thinkagile Vx7520 N Version-
Lenovo ≫ Thinkstation P920 Version-
Lenovo ≫ Thinksystem Sr530 Version-
Lenovo ≫ Thinksystem Sr550 Version-
Lenovo ≫ Thinksystem Sr570 Version-
Lenovo ≫ Thinksystem Sr590 Version-
Lenovo ≫ Thinksystem Sr630 Version-
Lenovo ≫ Thinksystem Sr645 Version-
Lenovo ≫ Thinksystem Sr650 Version-
Lenovo ≫ Thinksystem Sr665 Version-
Lenovo ≫ Thinksystem St550 Version-
Lenovo ≫ Xclarity Controller Version < 2.32_psi342n
Lenovo ≫ Thinkagile Hx7820 Version-
Lenovo ≫ Thinkagile Hx7821 Version-
Lenovo ≫ Thinksystem Sr950 Version-
Lenovo ≫ Thinkagile Hx7821 Version-
Lenovo ≫ Thinksystem Sr950 Version-
Lenovo ≫ Xclarity Controller Version < 3.41_tei382m
Lenovo ≫ Xclarity Controller Version < 4.83_tei3c0n
Lenovo ≫ Thinksystem Sd650 Version-
Lenovo ≫ Thinksystem Sn550 Version-
Lenovo ≫ Thinksystem Sn850 Version-
Lenovo ≫ Thinksystem Sr850 Version-
Lenovo ≫ Thinksystem Sr860 Version-
Lenovo ≫ Thinksystem Sn550 Version-
Lenovo ≫ Thinksystem Sn850 Version-
Lenovo ≫ Thinksystem Sr850 Version-
Lenovo ≫ Thinksystem Sr860 Version-
Lenovo ≫ Xclarity Controller Version < 1.51_tgbt24l
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| psirt@lenovo.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.