CVE-2021-3849
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected.
Se ha detectado una vulnerabilidad de omisión de autenticación en la interfaz web del firmware de Lenovo Fan Power Controller2 (FPC2) y Lenovo System Management Module (SMM) que podría permitir a un atacante no autenticado ejecutar comandos en el SMM y el FPC2. SMM2 no está afectado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-10-01 CVE Reserved
- 2022-04-22 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.lenovo.com/us/en/product_security/LEN-72615 | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lenovo Search vendor "Lenovo" | Nextscale N1200 Enclosure Firmware Search vendor "Lenovo" for product "Nextscale N1200 Enclosure Firmware" | < fhet50b-2.90 Search vendor "Lenovo" for product "Nextscale N1200 Enclosure Firmware" and version " < fhet50b-2.90" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Nextscale N1200 Enclosure Search vendor "Lenovo" for product "Nextscale N1200 Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Hx Enclosure Certified Node Firmware Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node Firmware" | < tesm28b-1.21 Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node Firmware" and version " < tesm28b-1.21" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Hx Enclosure Certified Node Search vendor "Lenovo" for product "Thinkagile Hx Enclosure Certified Node" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinkagile Vx Enclosure Firmware Search vendor "Lenovo" for product "Thinkagile Vx Enclosure Firmware" | < tesm28b-1.21 Search vendor "Lenovo" for product "Thinkagile Vx Enclosure Firmware" and version " < tesm28b-1.21" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinkagile Vx Enclosure Search vendor "Lenovo" for product "Thinkagile Vx Enclosure" | - | - |
Safe
|
| Lenovo Search vendor "Lenovo" | Thinksystem D2 Enclosure Firmware Search vendor "Lenovo" for product "Thinksystem D2 Enclosure Firmware" | < tesm28b-1.21 Search vendor "Lenovo" for product "Thinksystem D2 Enclosure Firmware" and version " < tesm28b-1.21" | - |
Affected
| in | Lenovo Search vendor "Lenovo" | Thinksystem D2 Enclosure Search vendor "Lenovo" for product "Thinksystem D2 Enclosure" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Nextscale Fan Power Controller Firmware Search vendor "Ibm" for product "Nextscale Fan Power Controller Firmware" | < 44a-3.70 Search vendor "Ibm" for product "Nextscale Fan Power Controller Firmware" and version " < 44a-3.70" | - |
Affected
| in | Ibm Search vendor "Ibm" | Nextscale Fan Power Controller Search vendor "Ibm" for product "Nextscale Fan Power Controller" | - | - |
Safe
|