CRITICAL🇵🇱 Wersja polska

CVE-2021-3849

CVSS 9.8v3.1pub. 2022-04-22upd. 2024-11-21

An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • IBM Nextscale Fan Power Controller

    HW
    Ibm
    wszystkie wersje
  • IBM Nextscale Fan Power Controller Firmware

    OS
    Ibm
    < 44a-3.70
  • Lenovo Nextscale N1200 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Nextscale N1200 Enclosure Firmware

    OS
    Lenovo
    < fhet50b-2.90
  • Lenovo Thinkagile Hx Enclosure Certified Node

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Hx Enclosure Certified Node Firmware

    OS
    Lenovo
    < tesm28b-1.21
  • Lenovo Thinkagile Vx Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinkagile Vx Enclosure Firmware

    OS
    Lenovo
    < tesm28b-1.21
  • Lenovo Thinksystem D2 Enclosure

    HW
    Lenovo
    wszystkie wersje
  • Lenovo Thinksystem D2 Enclosure Firmware

    OS
    Lenovo
    < tesm28b-1.21
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-3897CRITICAL9.8ten sam produkt

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controlle...

CVE-2024-2659HIGH7.2ten sam produkt

A command injection vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user w...

CVE-2023-2992HIGH7.5ten sam produkt

An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web serve...

CVE-2022-34884HIGH7.2ten sam produkt

A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated use...

CVE-2023-2993MEDIUM5.4ten sam produkt

A valid, authenticated user with limited privileges may be able to use specifically crafted web management ser...